From sle-updates at lists.suse.com Mon Sep 2 04:12:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 12:12:51 +0200 (CEST) Subject: SUSE-SU-2019:2260-1: important: Security update for nodejs8 Message-ID: <20190902101251.B19A1F798@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2260-1 Rating: important References: #1144919 #1146090 #1146091 #1146093 #1146094 #1146095 #1146097 #1146099 #1146100 Cross-References: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for nodejs8 to version 8.16.1 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Bug fixes: - Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2260=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-2260=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): nodejs8-8.16.1-3.20.1 nodejs8-debuginfo-8.16.1-3.20.1 nodejs8-debugsource-8.16.1-3.20.1 nodejs8-devel-8.16.1-3.20.1 npm8-8.16.1-3.20.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): nodejs8-docs-8.16.1-3.20.1 - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs8-8.16.1-3.20.1 nodejs8-debuginfo-8.16.1-3.20.1 nodejs8-debugsource-8.16.1-3.20.1 nodejs8-devel-8.16.1-3.20.1 npm8-8.16.1-3.20.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs8-docs-8.16.1-3.20.1 References: https://www.suse.com/security/cve/CVE-2019-9511.html https://www.suse.com/security/cve/CVE-2019-9512.html https://www.suse.com/security/cve/CVE-2019-9513.html https://www.suse.com/security/cve/CVE-2019-9514.html https://www.suse.com/security/cve/CVE-2019-9515.html https://www.suse.com/security/cve/CVE-2019-9516.html https://www.suse.com/security/cve/CVE-2019-9517.html https://www.suse.com/security/cve/CVE-2019-9518.html https://bugzilla.suse.com/1144919 https://bugzilla.suse.com/1146090 https://bugzilla.suse.com/1146091 https://bugzilla.suse.com/1146093 https://bugzilla.suse.com/1146094 https://bugzilla.suse.com/1146095 https://bugzilla.suse.com/1146097 https://bugzilla.suse.com/1146099 https://bugzilla.suse.com/1146100 From sle-updates at lists.suse.com Mon Sep 2 04:14:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 12:14:42 +0200 (CEST) Subject: SUSE-SU-2019:2259-1: important: Security update for nodejs10 Message-ID: <20190902101442.3007EF798@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2259-1 Rating: important References: #1146090 #1146091 #1146093 #1146094 #1146095 #1146097 #1146099 #1146100 Cross-References: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Web Scripting 15 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for nodejs10 to version 10.16.3 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2019-2259=1 - SUSE Linux Enterprise Module for Web Scripting 15: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2019-2259=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): nodejs10-10.16.3-1.12.1 nodejs10-debuginfo-10.16.3-1.12.1 nodejs10-debugsource-10.16.3-1.12.1 nodejs10-devel-10.16.3-1.12.1 npm10-10.16.3-1.12.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): nodejs10-docs-10.16.3-1.12.1 - SUSE Linux Enterprise Module for Web Scripting 15 (aarch64 ppc64le s390x x86_64): nodejs10-10.16.3-1.12.1 nodejs10-debuginfo-10.16.3-1.12.1 nodejs10-debugsource-10.16.3-1.12.1 nodejs10-devel-10.16.3-1.12.1 npm10-10.16.3-1.12.1 - SUSE Linux Enterprise Module for Web Scripting 15 (noarch): nodejs10-docs-10.16.3-1.12.1 References: https://www.suse.com/security/cve/CVE-2019-9511.html https://www.suse.com/security/cve/CVE-2019-9512.html https://www.suse.com/security/cve/CVE-2019-9513.html https://www.suse.com/security/cve/CVE-2019-9514.html https://www.suse.com/security/cve/CVE-2019-9515.html https://www.suse.com/security/cve/CVE-2019-9516.html https://www.suse.com/security/cve/CVE-2019-9517.html https://www.suse.com/security/cve/CVE-2019-9518.html https://bugzilla.suse.com/1146090 https://bugzilla.suse.com/1146091 https://bugzilla.suse.com/1146093 https://bugzilla.suse.com/1146094 https://bugzilla.suse.com/1146095 https://bugzilla.suse.com/1146097 https://bugzilla.suse.com/1146099 https://bugzilla.suse.com/1146100 From sle-updates at lists.suse.com Mon Sep 2 04:18:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 12:18:00 +0200 (CEST) Subject: SUSE-SU-2019:2262-1: important: Security update for the Linux Kernel Message-ID: <20190902101800.59DAAF798@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2262-1 Rating: important References: #1130972 #1134399 #1138744 #1139358 #1140652 #1140945 #1141401 #1141402 #1141452 #1141453 #1141454 #1142023 #1142098 #1142254 #1143045 #1143189 #1143191 #1144257 #1144273 #1144288 Cross-References: CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 13 fixes is now available. Description: The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c (bnc#1142254). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). The following non-security bugs were fixed: - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652, bsc#1144288). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652, bsc#1144288). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652, bsc#1144288). - bcache: fix race in btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1130972, bsc#1144257). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1130972, bsc#1144273). - bcache: performance improvement for btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652, bsc#1144288). - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1142098). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945, bsc#1141401, bsc#1141402, bsc#1141452, bsc#1141453, bsc#1141454). - xen-netfront: use napi_complete() correctly to prevent Rx stalling (bsc#1138744). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2262=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2262=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2262=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): kernel-default-3.12.74-60.64.121.1 kernel-default-base-3.12.74-60.64.121.1 kernel-default-base-debuginfo-3.12.74-60.64.121.1 kernel-default-debuginfo-3.12.74-60.64.121.1 kernel-default-debugsource-3.12.74-60.64.121.1 kernel-default-devel-3.12.74-60.64.121.1 kernel-syms-3.12.74-60.64.121.1 kernel-xen-3.12.74-60.64.121.1 kernel-xen-base-3.12.74-60.64.121.1 kernel-xen-base-debuginfo-3.12.74-60.64.121.1 kernel-xen-debuginfo-3.12.74-60.64.121.1 kernel-xen-debugsource-3.12.74-60.64.121.1 kernel-xen-devel-3.12.74-60.64.121.1 kgraft-patch-3_12_74-60_64_121-default-1-2.3.1 kgraft-patch-3_12_74-60_64_121-xen-1-2.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): kernel-devel-3.12.74-60.64.121.1 kernel-macros-3.12.74-60.64.121.1 kernel-source-3.12.74-60.64.121.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): kernel-default-3.12.74-60.64.121.1 kernel-default-base-3.12.74-60.64.121.1 kernel-default-base-debuginfo-3.12.74-60.64.121.1 kernel-default-debuginfo-3.12.74-60.64.121.1 kernel-default-debugsource-3.12.74-60.64.121.1 kernel-default-devel-3.12.74-60.64.121.1 kernel-syms-3.12.74-60.64.121.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): kernel-xen-3.12.74-60.64.121.1 kernel-xen-base-3.12.74-60.64.121.1 kernel-xen-base-debuginfo-3.12.74-60.64.121.1 kernel-xen-debuginfo-3.12.74-60.64.121.1 kernel-xen-debugsource-3.12.74-60.64.121.1 kernel-xen-devel-3.12.74-60.64.121.1 kgraft-patch-3_12_74-60_64_121-default-1-2.3.1 kgraft-patch-3_12_74-60_64_121-xen-1-2.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): kernel-devel-3.12.74-60.64.121.1 kernel-macros-3.12.74-60.64.121.1 kernel-source-3.12.74-60.64.121.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x): kernel-default-man-3.12.74-60.64.121.1 - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): kernel-ec2-3.12.74-60.64.121.1 kernel-ec2-debuginfo-3.12.74-60.64.121.1 kernel-ec2-debugsource-3.12.74-60.64.121.1 kernel-ec2-devel-3.12.74-60.64.121.1 kernel-ec2-extra-3.12.74-60.64.121.1 kernel-ec2-extra-debuginfo-3.12.74-60.64.121.1 References: https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1138744 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142098 https://bugzilla.suse.com/1142254 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1144257 https://bugzilla.suse.com/1144273 https://bugzilla.suse.com/1144288 From sle-updates at lists.suse.com Mon Sep 2 04:24:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 12:24:28 +0200 (CEST) Subject: SUSE-SU-2019:2263-1: important: Security update for the Linux Kernel Message-ID: <20190902102428.AD42DF7B3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2263-1 Rating: important References: #1106061 #1123161 #1125674 #1127034 #1128977 #1130972 #1133860 #1134399 #1135335 #1135365 #1137584 #1139358 #1139826 #1140652 #1140903 #1140945 #1141181 #1141401 #1141402 #1141452 #1141453 #1141454 #1142023 #1142254 #1142857 #1143045 #1143048 #1143189 #1143191 #1143333 #1144257 #1144273 #1144288 #1144920 #1145920 #1145922 Cross-References: CVE-2018-20855 CVE-2018-20856 CVE-2019-10207 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 CVE-2019-15117 CVE-2019-15118 CVE-2019-3819 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP3 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 24 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c (bnc#1142254). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in sound/usb/mixer.c via mishandled recursion (bnc#1145922). - CVE-2019-15117: Fixed out-of-bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short descriptor (bnc#1145920). - CVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") could have caused a system lock up and a denial of service (bnc#1123161). - CVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart (bsc#1142857). - CVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c, where certain error case are mishandled (bnc#1143048). The following non-security bugs were fixed: - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1125674). - dlm: Fix saving of NULL callbacks (bsc#1135365). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652, bsc#1144288). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652, bsc#1144288). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652, bsc#1144288). - bcache: fix race in btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1130972, bsc#1144257). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1130972, bsc#1144273). - bcache: performance improvement for btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652, bsc#1144288). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - clocksource: Defer override invalidation unless clock is unstable (bsc#1139826). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvmclock: fix TSC calibration for nested guests (bsc#1133860, jsc#PM-1211). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945, bsc#1141401, bsc#1141402, bsc#1141452, bsc#1141453, bsc#1141454). - qla2xxx: performance degradation when enabling blk-mq (bsc#1128977). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: flush rbd_dev->watch_dwork after watch is unregistered (bsc#1143333). - rbd: retry watch re-registration periodically (bsc#1143333). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scsi: virtio_scsi: let host do exception handling (bsc#1141181). - x86: mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - x86: tsc: Add X86_FEATURE_TSC_KNOWN_FREQ flag (bsc#1133860, jsc#PM-1211). - xen: let alloc_xenballooned_pages() fail if not enough memory free (XSA-300). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2263=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2263=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2263=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2263=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2263=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-2263=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2263=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2263=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): kernel-devel-4.4.180-94.103.1 kernel-macros-4.4.180-94.103.1 kernel-source-4.4.180-94.103.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): kernel-default-4.4.180-94.103.1 kernel-default-base-4.4.180-94.103.1 kernel-default-base-debuginfo-4.4.180-94.103.1 kernel-default-debuginfo-4.4.180-94.103.1 kernel-default-debugsource-4.4.180-94.103.1 kernel-default-devel-4.4.180-94.103.1 kernel-syms-4.4.180-94.103.1 kgraft-patch-4_4_180-94_103-default-1-4.3.1 kgraft-patch-4_4_180-94_103-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.103.1 kernel-macros-4.4.180-94.103.1 kernel-source-4.4.180-94.103.1 - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.103.1 kernel-default-base-4.4.180-94.103.1 kernel-default-base-debuginfo-4.4.180-94.103.1 kernel-default-debuginfo-4.4.180-94.103.1 kernel-default-debugsource-4.4.180-94.103.1 kernel-default-devel-4.4.180-94.103.1 kernel-syms-4.4.180-94.103.1 kgraft-patch-4_4_180-94_103-default-1-4.3.1 kgraft-patch-4_4_180-94_103-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.103.1 kernel-default-base-4.4.180-94.103.1 kernel-default-base-debuginfo-4.4.180-94.103.1 kernel-default-debuginfo-4.4.180-94.103.1 kernel-default-debugsource-4.4.180-94.103.1 kernel-default-devel-4.4.180-94.103.1 kernel-syms-4.4.180-94.103.1 kgraft-patch-4_4_180-94_103-default-1-4.3.1 kgraft-patch-4_4_180-94_103-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.103.1 kernel-macros-4.4.180-94.103.1 kernel-source-4.4.180-94.103.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.103.1 kernel-default-base-4.4.180-94.103.1 kernel-default-base-debuginfo-4.4.180-94.103.1 kernel-default-debuginfo-4.4.180-94.103.1 kernel-default-debugsource-4.4.180-94.103.1 kernel-default-devel-4.4.180-94.103.1 kernel-syms-4.4.180-94.103.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_103-default-1-4.3.1 kgraft-patch-4_4_180-94_103-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.103.1 kernel-macros-4.4.180-94.103.1 kernel-source-4.4.180-94.103.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.103.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.103.1 kernel-macros-4.4.180-94.103.1 kernel-source-4.4.180-94.103.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.103.1 kernel-default-base-4.4.180-94.103.1 kernel-default-base-debuginfo-4.4.180-94.103.1 kernel-default-debuginfo-4.4.180-94.103.1 kernel-default-debugsource-4.4.180-94.103.1 kernel-default-devel-4.4.180-94.103.1 kernel-syms-4.4.180-94.103.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.103.1 cluster-md-kmp-default-debuginfo-4.4.180-94.103.1 dlm-kmp-default-4.4.180-94.103.1 dlm-kmp-default-debuginfo-4.4.180-94.103.1 gfs2-kmp-default-4.4.180-94.103.1 gfs2-kmp-default-debuginfo-4.4.180-94.103.1 kernel-default-debuginfo-4.4.180-94.103.1 kernel-default-debugsource-4.4.180-94.103.1 ocfs2-kmp-default-4.4.180-94.103.1 ocfs2-kmp-default-debuginfo-4.4.180-94.103.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): kernel-default-4.4.180-94.103.1 kernel-default-base-4.4.180-94.103.1 kernel-default-base-debuginfo-4.4.180-94.103.1 kernel-default-debuginfo-4.4.180-94.103.1 kernel-default-debugsource-4.4.180-94.103.1 kernel-default-devel-4.4.180-94.103.1 kernel-syms-4.4.180-94.103.1 - SUSE Enterprise Storage 5 (noarch): kernel-devel-4.4.180-94.103.1 kernel-macros-4.4.180-94.103.1 kernel-source-4.4.180-94.103.1 - SUSE Enterprise Storage 5 (x86_64): kgraft-patch-4_4_180-94_103-default-1-4.3.1 kgraft-patch-4_4_180-94_103-default-debuginfo-1-4.3.1 - SUSE CaaS Platform 3.0 (x86_64): kernel-default-4.4.180-94.103.1 kernel-default-debuginfo-4.4.180-94.103.1 kernel-default-debugsource-4.4.180-94.103.1 - HPE Helion Openstack 8 (noarch): kernel-devel-4.4.180-94.103.1 kernel-macros-4.4.180-94.103.1 kernel-source-4.4.180-94.103.1 - HPE Helion Openstack 8 (x86_64): kernel-default-4.4.180-94.103.1 kernel-default-base-4.4.180-94.103.1 kernel-default-base-debuginfo-4.4.180-94.103.1 kernel-default-debuginfo-4.4.180-94.103.1 kernel-default-debugsource-4.4.180-94.103.1 kernel-default-devel-4.4.180-94.103.1 kernel-syms-4.4.180-94.103.1 kgraft-patch-4_4_180-94_103-default-1-4.3.1 kgraft-patch-4_4_180-94_103-default-debuginfo-1-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2018-20856.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-3819.html https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1123161 https://bugzilla.suse.com/1125674 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1128977 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1133860 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135365 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1139826 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1141181 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142254 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143048 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143333 https://bugzilla.suse.com/1144257 https://bugzilla.suse.com/1144273 https://bugzilla.suse.com/1144288 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 From sle-updates at lists.suse.com Mon Sep 2 04:30:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 12:30:20 +0200 (CEST) Subject: SUSE-SU-2019:2258-1: Recommended update for NetworkManager Message-ID: <20190902103020.F20BEF7C7@maintenance.suse.de> SUSE Security Update: Recommended update for NetworkManager ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2258-1 Rating: low References: #990204 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for NetworkManager fixes the following issues: Security issue fixed: - Fixed that passwords are not echoed on terminal when asking for them (bsc#990204). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2258=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2258=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2258=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2258=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): NetworkManager-1.0.12-13.12.1 NetworkManager-debuginfo-1.0.12-13.12.1 NetworkManager-debugsource-1.0.12-13.12.1 typelib-1_0-NM-1_0-1.0.12-13.12.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): NetworkManager-lang-1.0.12-13.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): NetworkManager-1.0.12-13.12.1 NetworkManager-debuginfo-1.0.12-13.12.1 NetworkManager-debugsource-1.0.12-13.12.1 NetworkManager-devel-1.0.12-13.12.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): NetworkManager-debuginfo-1.0.12-13.12.1 NetworkManager-debugsource-1.0.12-13.12.1 libnm-glib-vpn1-1.0.12-13.12.1 libnm-glib-vpn1-debuginfo-1.0.12-13.12.1 libnm-glib4-1.0.12-13.12.1 libnm-glib4-debuginfo-1.0.12-13.12.1 libnm-util2-1.0.12-13.12.1 libnm-util2-debuginfo-1.0.12-13.12.1 libnm0-1.0.12-13.12.1 libnm0-debuginfo-1.0.12-13.12.1 typelib-1_0-NMClient-1_0-1.0.12-13.12.1 typelib-1_0-NetworkManager-1_0-1.0.12-13.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): NetworkManager-1.0.12-13.12.1 NetworkManager-debuginfo-1.0.12-13.12.1 NetworkManager-debugsource-1.0.12-13.12.1 libnm-glib-vpn1-1.0.12-13.12.1 libnm-glib-vpn1-debuginfo-1.0.12-13.12.1 libnm-glib4-1.0.12-13.12.1 libnm-glib4-debuginfo-1.0.12-13.12.1 libnm-util2-1.0.12-13.12.1 libnm-util2-debuginfo-1.0.12-13.12.1 libnm0-1.0.12-13.12.1 libnm0-debuginfo-1.0.12-13.12.1 typelib-1_0-NM-1_0-1.0.12-13.12.1 typelib-1_0-NMClient-1_0-1.0.12-13.12.1 typelib-1_0-NetworkManager-1_0-1.0.12-13.12.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): NetworkManager-lang-1.0.12-13.12.1 References: https://bugzilla.suse.com/990204 From sle-updates at lists.suse.com Mon Sep 2 04:31:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 12:31:16 +0200 (CEST) Subject: SUSE-SU-2019:2264-1: important: Security update for perl Message-ID: <20190902103116.12801F7C7@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2264-1 Rating: important References: #1114674 Cross-References: CVE-2018-18311 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl fixes the following issues: Security issue fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2264=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2264=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2264=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2264=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2264=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2264=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2264=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2264=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2264=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2264=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2264=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2264=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2264=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2264=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2264=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2264=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2264=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2264=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): perl-doc-5.18.2-12.20.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): perl-32bit-5.18.2-12.20.1 perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE OpenStack Cloud 8 (x86_64): perl-32bit-5.18.2-12.20.1 perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE OpenStack Cloud 8 (noarch): perl-doc-5.18.2-12.20.1 - SUSE OpenStack Cloud 7 (s390x x86_64): perl-32bit-5.18.2-12.20.1 perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE OpenStack Cloud 7 (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): perl-32bit-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): perl-32bit-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): perl-32bit-5.18.2-12.20.1 perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): perl-32bit-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): perl-32bit-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): perl-32bit-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): perl-32bit-5.18.2-12.20.1 perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): perl-32bit-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): perl-32bit-5.18.2-12.20.1 perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): perl-32bit-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): perl-32bit-5.18.2-12.20.1 perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): perl-doc-5.18.2-12.20.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): perl-32bit-5.18.2-12.20.1 perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Enterprise Storage 5 (x86_64): perl-32bit-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 - SUSE Enterprise Storage 5 (noarch): perl-doc-5.18.2-12.20.1 - SUSE Enterprise Storage 4 (x86_64): perl-32bit-5.18.2-12.20.1 perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - SUSE Enterprise Storage 4 (noarch): perl-doc-5.18.2-12.20.1 - SUSE CaaS Platform 3.0 (x86_64): perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 - HPE Helion Openstack 8 (noarch): perl-doc-5.18.2-12.20.1 - HPE Helion Openstack 8 (x86_64): perl-32bit-5.18.2-12.20.1 perl-5.18.2-12.20.1 perl-base-5.18.2-12.20.1 perl-base-debuginfo-5.18.2-12.20.1 perl-debuginfo-32bit-5.18.2-12.20.1 perl-debuginfo-5.18.2-12.20.1 perl-debugsource-5.18.2-12.20.1 References: https://www.suse.com/security/cve/CVE-2018-18311.html https://bugzilla.suse.com/1114674 From sle-updates at lists.suse.com Mon Sep 2 04:32:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 12:32:04 +0200 (CEST) Subject: SUSE-SU-2019:2257-1: important: Security update for python-Django Message-ID: <20190902103204.641D9F7C7@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2257-1 Rating: important References: #1136468 #1139945 #1142880 #1142882 #1142883 #1142885 Cross-References: CVE-2019-12308 CVE-2019-12781 CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for python-Django to version 1.11.23 fixes the following issues: - CVE-2019-14232: Fixed a denial of service in 'django.utils.text.Truncator' (bsc#1142880). - CVE-2019-14233: Fixed a denial of service in strip_tags() (bsc#1142882). - CVE-2019-14234: Fixed an SQL injection in key and index lookups for 'JSONField'/'HStoreField' (bsc#1142883). - CVE-2019-14235: Fixed a potential memory exhaustion in 'django.utils.encoding.uri_to_iri()' (bsc#1142885). - CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945). - CVE-2019-12308: Fixed a cross site scripting vulnerability in the AdminURLFieldWidget (bsc#1136468). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2257=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2257=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2257=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-Django-1.11.23-3.12.1 - SUSE OpenStack Cloud 8 (noarch): python-Django-1.11.23-3.12.1 - HPE Helion Openstack 8 (noarch): python-Django-1.11.23-3.12.1 References: https://www.suse.com/security/cve/CVE-2019-12308.html https://www.suse.com/security/cve/CVE-2019-12781.html https://www.suse.com/security/cve/CVE-2019-14232.html https://www.suse.com/security/cve/CVE-2019-14233.html https://www.suse.com/security/cve/CVE-2019-14234.html https://www.suse.com/security/cve/CVE-2019-14235.html https://bugzilla.suse.com/1136468 https://bugzilla.suse.com/1139945 https://bugzilla.suse.com/1142880 https://bugzilla.suse.com/1142882 https://bugzilla.suse.com/1142883 https://bugzilla.suse.com/1142885 From sle-updates at lists.suse.com Mon Sep 2 04:33:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 12:33:26 +0200 (CEST) Subject: SUSE-SU-2019:2261-1: important: Security update for python-SQLAlchemy Message-ID: <20190902103326.32C16F7C7@maintenance.suse.de> SUSE Security Update: Security update for python-SQLAlchemy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2261-1 Rating: important References: #1124593 Cross-References: CVE-2019-7164 CVE-2019-7548 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-SQLAlchemy fixes the following issues: Security issues fixed: - CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593). - CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2261=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2261=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2261=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-SQLAlchemy-1.1.12-3.5.1 python-SQLAlchemy-debuginfo-1.1.12-3.5.1 python-SQLAlchemy-debugsource-1.1.12-3.5.1 - SUSE OpenStack Cloud 8 (x86_64): python-SQLAlchemy-1.1.12-3.5.1 python-SQLAlchemy-debuginfo-1.1.12-3.5.1 python-SQLAlchemy-debugsource-1.1.12-3.5.1 - HPE Helion Openstack 8 (x86_64): python-SQLAlchemy-1.1.12-3.5.1 python-SQLAlchemy-debuginfo-1.1.12-3.5.1 python-SQLAlchemy-debugsource-1.1.12-3.5.1 References: https://www.suse.com/security/cve/CVE-2019-7164.html https://www.suse.com/security/cve/CVE-2019-7548.html https://bugzilla.suse.com/1124593 From sle-updates at lists.suse.com Mon Sep 2 04:34:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 12:34:12 +0200 (CEST) Subject: SUSE-SU-2019:2265-1: moderate: Security update for libsolv, libzypp, zypper Message-ID: <20190902103413.0015FF7B3@maintenance.suse.de> SUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2265-1 Rating: moderate References: #1049825 #1109893 #1110542 #1111319 #1112911 #1113296 #1116995 #1120629 #1120630 #1120631 #1127155 #1131823 #1134226 #1137977 #1140039 #1145521 Cross-References: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves three vulnerabilities and has 13 fixes is now available. Description: This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 and fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). Fixes for libzypp: - Fixes a bug where locking the kernel was not possible (bsc#1113296) - Fixes a file descriptor leak (bsc#1116995) - Will now run file conflict check on dry-run (best with download-only) (bsc#1140039) Fixes for zypper: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) - Fixes bash completion option detection (bsc#1049825) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2265=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2265=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2265=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2265=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2265=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2265=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2265=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2265=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2265=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2265=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2265=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2265=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2265=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2265=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE OpenStack Cloud Crowbar 8 (noarch): zypper-log-1.13.54-18.40.2 - SUSE OpenStack Cloud 8 (x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE OpenStack Cloud 8 (noarch): zypper-log-1.13.54-18.40.2 - SUSE OpenStack Cloud 7 (s390x x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE OpenStack Cloud 7 (noarch): zypper-log-1.13.54-18.40.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): zypper-log-1.13.54-18.40.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): zypper-log-1.13.54-18.40.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): zypper-log-1.13.54-18.40.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): zypper-log-1.13.54-18.40.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): zypper-log-1.13.54-18.40.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): zypper-log-1.13.54-18.40.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): zypper-log-1.13.54-18.40.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): zypper-log-1.13.54-18.40.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE Enterprise Storage 5 (noarch): zypper-log-1.13.54-18.40.2 - SUSE Enterprise Storage 4 (noarch): zypper-log-1.13.54-18.40.2 - SUSE Enterprise Storage 4 (x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - SUSE CaaS Platform 3.0 (x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 - HPE Helion Openstack 8 (noarch): zypper-log-1.13.54-18.40.2 - HPE Helion Openstack 8 (x86_64): libsolv-debugsource-0.6.36-2.27.19.8 libsolv-tools-0.6.36-2.27.19.8 libsolv-tools-debuginfo-0.6.36-2.27.19.8 libzypp-16.20.2-27.60.4 libzypp-debuginfo-16.20.2-27.60.4 libzypp-debugsource-16.20.2-27.60.4 perl-solv-0.6.36-2.27.19.8 perl-solv-debuginfo-0.6.36-2.27.19.8 python-solv-0.6.36-2.27.19.8 python-solv-debuginfo-0.6.36-2.27.19.8 zypper-1.13.54-18.40.2 zypper-debuginfo-1.13.54-18.40.2 zypper-debugsource-1.13.54-18.40.2 References: https://www.suse.com/security/cve/CVE-2018-20532.html https://www.suse.com/security/cve/CVE-2018-20533.html https://www.suse.com/security/cve/CVE-2018-20534.html https://bugzilla.suse.com/1049825 https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/1110542 https://bugzilla.suse.com/1111319 https://bugzilla.suse.com/1112911 https://bugzilla.suse.com/1113296 https://bugzilla.suse.com/1116995 https://bugzilla.suse.com/1120629 https://bugzilla.suse.com/1120630 https://bugzilla.suse.com/1120631 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1131823 https://bugzilla.suse.com/1134226 https://bugzilla.suse.com/1137977 https://bugzilla.suse.com/1140039 https://bugzilla.suse.com/1145521 From sle-updates at lists.suse.com Mon Sep 2 10:15:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 18:15:47 +0200 (CEST) Subject: SUSE-SU-2019:2267-1: moderate: Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persi ster, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar Message-ID: <20190902161547.0BDB9F798@maintenance.suse.de> SUSE Security Update: Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack -monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2267-1 Rating: moderate References: #1027315 #1129729 #1133719 #1134232 #1140512 #1141676 #1144026 #1144027 Cross-References: CVE-2015-3448 CVE-2017-17051 CVE-2019-11236 CVE-2019-11324 CVE-2019-13611 CVE-2019-7164 CVE-2019-7548 CVE-2019-9735 CVE-2019-9740 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar fixes the following issues: - Update to version 9.0+git.1566374020.301191f: * Use raw image format when using SES backend on Nova (SOC-9285) - Update to version 9.0+git.1563375514.31fa9a7: * Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857) - Update to version 9.0+git.1563192450.30e8f16: * Ensure Cloud8/SLE-12-SP3 repps still served (SOC-9840) - Update to version 9.0+git.1566251498.be02ca4: * adds ipv6 format to http/https urls (SOC-10063) - Update to version 9.0+git.1565678764.c3a9b9f: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1562898832.1731f25: * FIX broken symlink for policy.yaml.j2. (SOC-0000) - Update to version 9.0+git.1559333871.40508f7: * Allow system to bind to non local ipv6 addresses (SOC-9330) - Update to version 9.0+git.1566336494.93967dd: * Using python netaddr for ipv6 address comparison (SOC-9940) - Update to version 9.0+git.1564409964.b7e4fc3: * Don't use 'latest' with 'zypper' (SOC-9997) - Update to version 9.0+git.1562182567.aef23e0: * Format curl commands for ipv6 (SOC-9369) - Update to version 9.0+git.1565680593.df7a432: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1566213657.69862ab: * Add missing service plugin for l2gw (SOC-5837) - Update to version 9.0+git.1563904379.31ff1e9: * Add the NSX-T L2-Gateway Service definition (SOC-5837) - Switch to new Gerrit Server - Update to version 9.0+git.1566375806.f0b2333: * Configure glance image_direct_url/multiple_locations (SOC-9285) - Update to version 9.0+git.1565720518.c7fdca2: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1564491141.602fdf9: * Default glance_default_store to rbd if SES enabled (SOC-8749) - Update to version 9.0+git.1565721273.f44b8d7: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565891518.2a545a1: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565655129.ab3a58c: * Removed None condition from rule (SOC-10003) - Update to version 9.0+git.1564609155.033a963: * Updated heat_policy.json permission to be 664 (SOC-9872) - Update to version 9.0+git.1562848565.91e75b2: * Include memcached in the minimal ardana-ci model (SOC-9800) - Update to version 9.0+git.1566255088.3443670: * Add server state column (SOC-9957) - Update to version 9.0+git.1565218199.868c5d1: * Add ipv6 support (SOC-9677) (#357) - Update to version 9.0+git.1563912815.7090c20: * Only show ses config upload option when ses is not configured (SOC-8555) (#356) - Update to version 9.0+git.1565721987.ddc59c8: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565891593.cad6d1a: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1563911975.a7ed208: * Ensure Member role is created during upgrade (SOC-9923) - Update to version 9.0+git.1565761582.2dc823a: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565762005.016032a: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1566332665.ad894c0: * adds ipv6 format to http/https urls (SOC-10063) - Update to version 9.0+git.1565691188.2309798: * Use systemd for monasca-thresh (SOC-10145) - Update to version 9.0+git.1565115025.148d092: * Enable ipv6 on rabbitmq-server (SOC-9745) - Update to version 9.0+git.1566251310.3a1e8f9: * adds ipv6 format to http/https urls (SOC-10063) - Update to version 9.0+git.1563989391.dfe3688: * Let SDN services configure VPN and Firewall service providers (SOC-9935) - Update to version 9.0+git.1561563389.90bfb06: * Add dependent services to neutron services (SOC-8746) - Update to version 9.0+git.1566332515.e232568: * adds ipv6 format to http/https urls (SOC-10063) - Update to version 9.0+git.1565946239.023aefe: * Set diskcachemode and disk discard when using RBD (SOC-10182) - Update to version 9.0+git.1565715522.3fe67c6: * fix Ironic endpoint override (SOC-10130) - Update to version 9.0+git.1565366126.4993583: * Make default/rpc_response_timeout configurable (SOC-9285) - Update to version 9.0+git.1562762205.ce51d30: * Resolves nova-novncproxy random status failures (SOC-9574) - Update to version 9.0+git.1566206502.6c87b41: * Use default values for amphora connection retries/timeout (SOC-9285) - Update to version 9.0+git.1566251377.b1caeaa: * adds ipv6 format to http/https urls (SOC-10063) - Add ipaddr bower dependency (SOC-9679) - Update to version 9.0+git.1565764394.545b573: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565380193.f006466: * Introduce conditional forward:NORMAL rule on POST-UP for OVS bridges (SOC-9939) - Update to version 9.0+git.1565265803.6a720d0: * Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857) - Update to version 9.0+git.1565150548.c475cb8: * Configured logrotate user for ovs as 'root' (SOC-8139) - Update to version 9.0+git.1563894224.943cbc2: * Make the example repo url entry totally fictitious (SOC-6800) - Update to version 9.0+git.1563383124.1d585e4: * Add an global_filter entry to lvm.conf (bsc#1140512) - Update to version 9.0+git.1562782235.67538c9: * Configure ovs user for logrotate (SOC-8139) - Update to version 9.0+git.1562371586.24a698a: * Allow for use of --check in iptables command (SOC-9349) - Update to version 9.0+git.1562170979.edc53b6: * Don't set datapath-ids on ovs-bridges anymore (SOC-9239) - Update to version 9.0+git.1564706915.edd44c4: * Add ipv6 support (SOC-9677) - Update to version 9.0+git.1563468620.5035cf8: * Add support for ses integration (SOC-8555) - Update to version 9.0+git.1563461311.16ea2df: * Change url of upper-constraints file (SOC-9863) - Update to version 9.0+git.1565962617.523149b: * Add ses-status playbook (SOC-9902) - Update to version 9.0+git.1565704258.123de3f: * Update Swift endpoint during deploy (SOC-9303) - Update to version 9.0+git.1565891872.73fc3c7: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565644472.644d5f6: * Cloud 8 to 9 upgrade enhancements (SOC-10146) - Update to version 9.0+git.1566471752.a3c5c9c: * Delete existing run filter before deploying it (SOC-10287) - Update to version 9.0+git.1565366961.33ad009: * Run loadbalancer tests in parallel (SOC-9285) - Update to version 9.0+git.1563203769.49124de: * Blacklist failing shelve tests (SOC-9775) - Update to version 9.0+git.1562783575.7e02c70: * Blacklist failing shelve tests (SOC-9775) - Update to version 6.0+git.1566321308.1de18b9a4: * ohai: Hardcode ruby version for package installation (SOC-10010) - Update to version 6.0+git.1566303970.2c7d83971: * upgrade: restart nova services after upgrade - Update to version 6.0+git.1565859218.525130340: * upgrade: remove nova-consoleauth service entries on upgrade (SOC-10164) - Update to version 6.0+git.1565256572.49359f57b: * ovs-pre-up: remove controller for admin bridge (SOC-10073) - Update to version 6.0+git.1564996068.e7ccb0bae: * batch: Fix get_proposal_json (SOC-9954) - Update to version 6.0+git.1564738819.232375c6f: * batch: Format crowbar batch error output (SOC-9954) * repochecks errors for ses5-pool on SOC9 * dns: fix migration for designate - Update to version 6.0+git.1564480387.a4b8c2ff7: * batch: Format crowbar batch error output (SOC-9954) - Update to version 6.0+git.1564406710.9273d5a17: * travis: Whitelist CVE-2015-3448 (SOC-9911) * travis: Use env variable for commit range (SOC-9911) - Update to version 6.0+git.1564131651.98f426eae: * monasca: add cleanup before upgrade (SOC-9482) * bind9: Fix spelling error in template - Update to version 6.0+git.1563950117.f6123bd8f: * Cleanup clone_stateless_services leftovers (SOC-9842) - Update to version 6.0+git.1562772809.4a470bec0: * upgrade: update file names for 8 -> 9 (SOC-9029) - Update to version 6.0+git.1562733958.204289d65: * ipv6: Add a wrap_ip helper to NetworkHelper (SOC-6098) - Update to version 6.0+git.1566406179.7549de2: * corosync: Hardcode ruby version for package installation (SOC-10010) - Update to version 6.0+git.1566404979.41279a88e: * Designate: Update DB pools configuration (SOC-9767) * horizon: Install designate plugin when configured (SOC-9695) - Update to version 6.0+git.1566211690.54dcd56ba: * ceilometer: Remove old ceilometer-api vhosts (SOC-9483) - Update to version 6.0+git.1565968769.ae650697c: * Octavia: Barclamp (SOC-6100) - Update to version 6.0+git.1565739445.3fc6ef5e8: * designate: Configure resource settings (SOC-9633) - Update to version 6.0+git.1565713423.0dd3fbb3e: * tempest: Set port_admin_state_change to false when using linuxbridge (SOC-10029) - Update to version 6.0+git.1565081581.1e2cf5bd0: * nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719) - Update to version 6.0+git.1564586397.a7203dba7: * Add tempest filters based on services (SOC-9298) * upgrade: Fix HA detection for keystone db_sync (SOC-9981) - Update to version 6.0+git.1564498339.07f14a985: * Fix magnum tempest tests (SOC-9298) * Fix nova tempest tests (SOC-9298) - Update to version 6.0+git.1564435128.cef47cc21: * neutron: raise validation error if domain names dont end with a dot(.) - Update to version 6.0+git.1564412715.c969e1e11: * Fix barbican SSL support (SOC-9298) - Update to version 6.0+git.1564039130.9ad11f213: * designate: Use server node for VIP look ups (SOC-9631) - add cirros-0.4.0-x86_64-disk.img (SOC-9298) * the disk img is required to run the barbican tempest test - Update to version 6.0+git.1563891318.d41ce2e75: * Cleanup clone_stateless_services leftovers (SOC-9842) - Update to version 6.0+git.1563439849.5c507bcdb: * Fix tempest config for cinder using ceph as backenid (SOC-9298) - Update to version 6.0+git.1562841293.9768602a2: * swift: Sync HA nodes (SOC-9683) - Update to version 6.0+git.1562684470.f5d361077: * designate: Fix spelling error inside comments (SOC-6361) - Update to version 6.0+git.1562599436.b4c63fc56: * case-insensitive when lookup by name (SOC-9339) - Update to version 6.0+git.1562319309.98a52a0a3: * monasca: move Grafana DB creation - Update to version 1.3.0+git.1563181545.65360af5: * upgrade: Update repocheck keys * Update texts for 8-9 upgrade (SOC-9689) - Update to version 1.3.0+git.1562579063.5690a1bc: * Pin gulp-angular-templatecache version - Bumped package version to 1.3 to differentiate it from 8-9 version - Udate to version 2.11.1.dev4 * Add Cassandra db support * Bump the pom version to 1.3.0 * Remove cassandra.patch (merged upstream) - Fix license - Bump version to 2.11.1~a0~dev4 to match updated java-monasca-common - Update to version ceilometer-11.0.2.dev14: * Fixing broken links - Update to version ceilometer-11.0.2.dev14: * Fixing broken links - Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in attachment\_reserve - Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions list - Update to version cinder-13.0.6.dev16: * Revert "Declare multiattach support for HPE MSA" - Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul config - Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue - Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in attachment\_reserve - Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions list - Update to version cinder-13.0.6.dev16: * Revert "Declare multiattach support for HPE MSA" - Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul config - Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue * nimble: Fix missing ssl support (bsc#1027315) - Update to version designate-7.0.1.dev21: * Improve log message for better understanding - Update to version designate-7.0.1.dev21: * Improve log message for better understanding - Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair validation - Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if service record is not updated twice * Allow update of previously-replaced resources * Do not perform the tenant stack limit check for admin user - Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo policy scripts - Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties for OS::Heat::None resource - Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and limit bandit version * Retry on DB deadlock in event\_create() - Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair validation - Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if service record is not updated twice * Allow update of previously-replaced resources * Do not perform the tenant stack limit check for admin user - Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo policy scripts - Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties for OS::Heat::None resource - Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and limit bandit version * Retry on DB deadlock in event\_create() - Do not exclude python bytecode files (see https://review.opendev.org/#/c/666611 for details) - Update to version neutron-lbaas-dashboard-5.0.1.dev7: * Update tox.ini for new upper constraints strategy * OpenDev Migration Patch - Update to latest spec from rpm-packaging * Don't exclude python bytecode files in dashboards - Update to version ironic-11.1.4.dev9: * Filter security group list on the ID's we expect * Ansible module: fix deployment for private and/or shared images - Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with serial specified as root device hint * CI: stop using pyghmi from git master - Update to version ironic-11.1.4.dev9: * Filter security group list on the ID's we expect * Ansible module: fix deployment for private and/or shared images - Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with serial specified as root device hint * CI: stop using pyghmi from git master - Update to version ironic-python-agent-3.3.3.dev4: * CI: stop using pyghmi from git master - Update to version ironic-python-agent-3.3.3.dev3: * Correct formatting of a warning when lshw cannot be run - Update to version ironic-python-agent-3.3.3.dev1: * Stop logging lshw output, collect it with other logs instead 3.3.2 - Update to version keystone-14.1.1.dev8: * Revert "Blacklist bandit 1.6.0" - Update to version keystone-14.1.1.dev8: * Revert "Blacklist bandit 1.6.0" - Update to version magnum-7.1.1.dev28: * Revert "support http/https proxy for discovery url" * Use rocky heat-container-agent for stable/rocky - Update to version magnum-7.1.1.dev28: * Revert "support http/https proxy for discovery url" * Use rocky heat-container-agent for stable/rocky - Update to version manila-7.3.1.dev3: * Remove the redunant table from windows' editor - Update to version manila-7.3.1.dev3: * Remove the redunant table from windows' editor - update to version 1.14.2~dev1 - [GateFix] Ignore false positive bandit B105 test failure - update to version 1.12.1~dev9 - Update all columns in metrics on an update to refresh TTL - update to version 1.12.1~dev7 - Widen exception catch for point parse failure - update to version 1.12.1~dev6 - some points unable to parse - OpenDev Migration Patch - Rebased patches: + 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch dropped (merged upstream) - Update to version monasca-persister-1.12.1.dev9: * Update all columns in metrics on an update to refresh TTL * OpenDev Migration Patch - Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch - Update to version monasca-persister-1.12.1.dev4 * Java persister config: defaults and robustness * Add Cassandra db support - Remove java-persister-defaults.patch (merged upstream) - Remove cassandra.patch (merged upstream) - Add missing URLs for patches - Updated to kit tarball built from 1.12.1.dev4 - Updated README.updating for current version - Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating packets * Stop OVS agent before starting it again * Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug - Update to version neutron-13.0.5.dev15: * Check for agent restarted after checking for DVR port - Update to version neutron-13.0.5.dev14: * Retry trunk status updates failing with StaleDataError - Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during reconfigure of phys bridges - Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq instead of --bind-interfaces * Yield control to other greenthreads while processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\_ports() - Update to version neutron-13.0.5.dev6: * Ignore first local port update notification - Update to version neutron-13.0.5.dev5: * Add custom ethertype processing 13.0.4 - Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating packets * Stop OVS agent before starting it again * Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug - Update to version neutron-13.0.5.dev15: * Check for agent restarted after checking for DVR port - Update to version neutron-13.0.5.dev14: * Retry trunk status updates failing with StaleDataError - Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during reconfigure of phys bridges - Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq instead of --bind-interfaces * Yield control to other greenthreads while processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\_ports() - Update to version neutron-13.0.5.dev6: * Ignore first local port update notification - Update to version neutron-13.0.5.dev5: * Add custom ethertype processing 13.0.4 * When converting sg rules to iptables, do not emit dport if not supported (CVE-2019-9735, bsc#1129729) - Update to version group-based-policy-5.0.1.dev459: * Tempest Scenario test for Connection Tracking - Update to version group-based-policy-5.0.1.dev457: * Adding icmp\_code and icmp\_type for SG rule * A VM could be associated with multiple ports * Optimize the extend\_router\_dict() call - Update to version group-based-policy-5.0.1.dev451: * [AIM] Enhance gbp-validate to detect routed subnet overlap - Update to version group-based-policy-5.0.1.dev450: * [AIM] Prevent overlapping CIDRs in routed VRF * Disallow external subnets as router interfaces - Update to version group-based-policy-5.0.1.dev448: * Fix issues on sync\_state display on neutron based on AIM status - Update to version group-based-policy-5.0.1.dev446: * Send the port updates for the SNAT use case if needed * Make DHCP provisioning blocks conditional - Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new upper constraints strategy * Remove the release notes job from stable/rocky - add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch - Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new upper constraints strategy * Remove the release notes job from stable/rocky * Fix doubling allocations on rebuild (CVE-2017-17051, bsc#CVE-2017-17051) - Update to version octavia-3.1.2.dev8: * Add octavia-v2-dsvm jobs to the gate queue - Update to version octavia-3.1.2.dev7: * Fix for utils LB DM transformation function - Update to version octavia-3.1.2.dev5: * Update amphora-agent to report UDP listener health - Update to version octavia-3.1.2.dev3: * Update tox.ini for new upper constraints strategy - Add patches fixing tempest cleanup removing all networks https://bugs.launchpad.net/tempest/+bug/1812660 * 0001-Remove-deprecated-services-from-cleanup.patch * 0002-Fix-tempest-cleanup.patch * 0003-Add-NetworkSubnetPools-to-tempest-cleanup.patch - Update to version 9.0+git.1566405927.c5c03d4: * Adds ipv6 support to baremetal ServersValidator (SOC-9940) - Update to version 9.0+git.1565384645.8fcf5db: * Ensure forward_normal_on_post_up is set for every OVS bridge (SOC-9939) - Update to version 9.0+git.1564587526.5db9d5d: * Flag forward:NORMAL on MANAGEMENT network group (SOC-9939) - Update to version 9.0+git.1563384666.4c1a3e5: * Bracketed ipv6 addresses for endpoint urls (SOC-9357) - added 0001-Fix-volume-revert-to-snapshot-tests.patch - update to version 2.5.3 - Do not try to use /v1/v1 when endpoint_override is used - OpenDev Migration Patch - added 0001-Skip-the-services-with-no-endpoints-when-parsing-ser.patch - added 0001-Use-unicode-literals-in-test_metrics.patch - update to version 3.16.2 (bsc#1144027, bsc#1144026) - update to version 0.17.3 - OpenDev Migration Patch - Replace openstack.org git:// URLs with https:// - Fixes for Unicode characters in python 2 requests - Fix functional tests on stable/rocky - Correct updating baremetal nodes by name or ID - Support bare metal service error messages - import zuul job settings from project-config - Correct update operations for baremetal - Add simple create/show/delete functional tests for all baremetal resources - Add a simple baremetal functional job - Pass microversion info through from Profile - update to 2.8.4 (SOC-9280) * Adding fix for nic\_capacity calculation - Add patch CVE-2019-13611.patch (SOC-9989) (bsc#1141676) * python-python-engineio: An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server - Switch to new Gerrit Server - Switch to opendev as external projects are not longer synced to github. As a result, there is also no automatic change log. - Updated to 13.0.1~dev146 (d307746a5) * NSX|V3 adminUtils: detect and clean orphaned section rules * OpenDev Migration Patch * Delete SG rules when deleting their remote group * NSX|V3: Limit number of subnet static routes per backend * NSX|V: Restrict creating conflicting address_pair in the same network * NSX|V3: Add verification of num defined address pairs * constrain rocky dependencies * Update rocky .gitreview branch * Handle multiple default SG creation in all plugins * update tox for stable branch * NSX|V3: remove redundent code in get_port/s * NSX|V3: Change status code of SG failure * NSX|V: enable allow_address_pairs upon request * Revert "NSX|V3: Simplify LBaaS implementation" * NSX|V3: Fix LBaaS loadbalancer creation * NSX|V: Init FWaaS callbacks only if enabled * NSX|V3: Simplify LBaaS implementation * Complete the init of the Neutron main process * NSX|V3: Respect default keyword for physical_net * NSX|V admin utils: Find and fix spoofguard policies mismatches * TVD: Add start_rpc_listeners to the plugin * Upgrade appdirs lower constraints * NSX|V+V3: relax FWaaS validation * Revert "NSX|V3: Init FWaaS before spawn" * NSX|V3: prevent user from changing the NSX internal SG * Fix provider security group exception call * NSX|V3+V: Handle fwaas policy removal * NSX|V3: Create port bindings for dhcp ports * NSX|V3: Fix LB error handling * Fix security group broken code & tests * [NSX-V] Ensure binding exists before assigning lswitch_id * NSX|V: Fix update section header * NSX|V3: Validate FWaaS cidrs * Devstack: Delete old project before deciding how to get the new code * NSX|V3: Init FWaaS before spawn * Devstack: Fix failed of ml2 directory creation * Devstack: Fix failed of ml2 directory creation * Fix cffi lower constraints * NSX|V3: Do not allow external subnets overlapping with uplink cidr * Devstack: Fix ml2 config file creation for FWaaS-V2 * NSX|V3 Support expected codes for LB HM * NSX|V3: Fix ipam to check subnets carefully * NSX|V3 Fix provider nsx-net create * NSX-T: Delete subnet in case of dhcp error * Fix Octavia devstack instructions * NSX|V3: Fix LB statistics getter * NSX|V3: Add L2GW connection validation * Devstack: Create ml2 config file for FWaaS-V2 * NSX|V3: Configure tier0 transit networks * Use upper-constraints from stable/rocky * fix lower constraints * TVD: Add missing VPN driver api * NSX|V3: FWaaS translate 0.0.0.0 to Any ip * NSX|V use context reader for router driver * NSX|V Fix AdminUtils get apis to use the right context * TVD LBaaS: fix operational status api * Use tenant context to get router GW network * NSX-v3: Fix listener for pool not fetched anymore * NSX-v3: Prevent comparison with None * NSXv: use admin context for metadata port config * NSX-v3: Fix LB HTTP/HTTPS monitor impl * NSX|V Fix orphaned networks and bindings * NSX|V3 Fix dhcp binding rollback * NSX|V3: Fix FW(v2) status when deleting an illegal port * Ensure NSX VS is always associated with NSX LBS * NSX|V3: validate LBaaS NSX stats fields * TVD verify loadbalancer project match the LB object project * TVD: Do not crash in case the project is not found * NSX|V3: Fix member fip error message * NSX|V3: Restrict update of LB port with fixed IP * NSX|V3 Add NO-NAT rules only for routers with enabled SNAT * NSXv: Metadata should complete init * TVD: Add LBaaS get_operating_status support * NSX|V Fill VIF data for upgraded ports * Devstack plugin: fetch Neutron only when needed * NSX|V: Improve SG rule service creation * NSX|V fix LBaaS operation status function params * NSX|V3: Add LB status calls validations * NSX|V3 remove lbaas import to allow the plugin to work without lbaas * NSX|V Allow updating port security and mac learning together * NSX|V3: Change external provider network error message * NSX|V+V3: Prevent adding different projects routers to fwaas-V1 * NSX|V: Fix BGP plugin get operations * NSX|V: Validate DVS Id when creating flat/vlan network * NSX|V: Fix devstack cleanup for python 3 * NSX|V3: Check specific exception when deleting dhcp port * NSX|V3 Validate rate-limit value in admin utilitiy * NSX|V3 adminUtils: Use nsx plugin to get ports * NSX|V3: Fail on unsupported QoS rules * NSX|V3: VPN connection status update * NSX-V3| Fix port MAC learning flag handling * NSX|V3 update port revision on update_port response * NSX|V: Avoid updating the default section at init * NSX|V3: LBaaS operating status support * NSX|V3: Fix external LB member create * Devstack: Use the right python version in cleanup * NSX|V: Fix host groups for DRS HA for AZ * NSX|V Fix policy security group update * NSX|V+V3 QoS rbac support * NSX|V3 update port binding for callbacks notifications * NSX|V3: Support new icmp codes and types * NSX|V3: Make sure LB member is connected to the LB router * NSX|V3: Prevent adding an external net as a router interface * NSX|V: Shorten the L2 bridge edge name * NSX|V3: Fix port binding update on new ports - update to version 13.0.1~dev146 - Switch to opendev as external projects are not longer synced to github. As a result, there is also no automatic change log. - update to version 13.0.1~dev24 (ebaacab) * updates for stable branch * NSX|V3+P: Change max allowed host routes * Adding the option to configure disabled mac profile * OpenDev Migration Patch * NSX|T: Backend parameter for max subnet static routes * NSX|T: Add NSX limit of IP address association to port * Fix nsgroup update to access the logging field safely * Retry http requests on timeouts * Added retries if API call fails due to MP cluster reconfig * Fix check_manager_status to support older NSX versions * Improve Cluster validation checks * Add apis to get tier0 uplink cidrs and not just ips * Support response status codes for LB HM * Add manager status validation to validate connection * Handle get_default_headers errors * Update the max NS groups criteria tags number dynamically * Fix multi-cluster connectivity * Amend allowed ICMP types and codes in strict mode * Fix cluster connectivity * Fix the revision needed for security rules version * New api for getting VPN session status * New api for getting the LB virtual servers status * NSX|V3: Support new icmp codes and types list- - update to version 13.0.1~dev24 - Fix the Requires: format in spec file (bsc#1134232) - 3.4.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2267=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2267=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): crowbar-core-6.0+git.1566321308.1de18b9a4-3.6.1 crowbar-core-branding-upstream-6.0+git.1566321308.1de18b9a4-3.6.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): crowbar-ha-6.0+git.1566406179.7549de2-3.6.1 crowbar-openstack-6.0+git.1566404979.41279a88e-3.6.1 crowbar-ui-1.3.0+git.1563181545.65360af5-3.3.1 openstack-ceilometer-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-central-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-compute-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-notification-11.0.2~dev14-3.6.3 openstack-ceilometer-polling-11.0.2~dev14-3.6.3 openstack-cinder-13.0.7~dev3-3.6.3 openstack-cinder-api-13.0.7~dev3-3.6.3 openstack-cinder-backup-13.0.7~dev3-3.6.3 openstack-cinder-scheduler-13.0.7~dev3-3.6.3 openstack-cinder-volume-13.0.7~dev3-3.6.3 openstack-designate-7.0.1~dev21-3.6.3 openstack-designate-agent-7.0.1~dev21-3.6.3 openstack-designate-api-7.0.1~dev21-3.6.3 openstack-designate-central-7.0.1~dev21-3.6.3 openstack-designate-producer-7.0.1~dev21-3.6.3 openstack-designate-sink-7.0.1~dev21-3.6.3 openstack-designate-worker-7.0.1~dev21-3.6.3 openstack-heat-11.0.3~dev19-3.6.3 openstack-heat-api-11.0.3~dev19-3.6.3 openstack-heat-api-cfn-11.0.3~dev19-3.6.3 openstack-heat-engine-11.0.3~dev19-3.6.3 openstack-heat-plugin-heat_docker-11.0.3~dev19-3.6.3 openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3 openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3 openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3 openstack-ironic-11.1.4~dev9-3.6.3 openstack-ironic-api-11.1.4~dev9-3.6.3 openstack-ironic-conductor-11.1.4~dev9-3.6.3 openstack-ironic-python-agent-3.3.3~dev4-3.6.3 openstack-keystone-14.1.1~dev8-3.6.4 openstack-magnum-7.1.1~dev28-3.6.3 openstack-magnum-api-7.1.1~dev28-3.6.3 openstack-magnum-conductor-7.1.1~dev28-3.6.3 openstack-manila-7.3.1~dev3-4.6.3 openstack-manila-api-7.3.1~dev3-4.6.3 openstack-manila-data-7.3.1~dev3-4.6.3 openstack-manila-scheduler-7.3.1~dev3-4.6.3 openstack-manila-share-7.3.1~dev3-4.6.3 openstack-monasca-notification-1.14.2~dev1-6.6.4 openstack-monasca-persister-1.12.1~dev9-4.3.3 openstack-monasca-persister-java-1.12.1~dev9-4.3.2 openstack-neutron-13.0.5~dev22-3.6.3 openstack-neutron-dhcp-agent-13.0.5~dev22-3.6.3 openstack-neutron-gbp-5.0.1~dev459-3.6.3 openstack-neutron-ha-tool-13.0.5~dev22-3.6.3 openstack-neutron-l3-agent-13.0.5~dev22-3.6.3 openstack-neutron-lbaas-13.0.1~dev14-3.6.2 openstack-neutron-lbaas-agent-13.0.1~dev14-3.6.2 openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.6.3 openstack-neutron-macvtap-agent-13.0.5~dev22-3.6.3 openstack-neutron-metadata-agent-13.0.5~dev22-3.6.3 openstack-neutron-metering-agent-13.0.5~dev22-3.6.3 openstack-neutron-openvswitch-agent-13.0.5~dev22-3.6.3 openstack-neutron-server-13.0.5~dev22-3.6.3 openstack-nova-18.2.2~dev9-3.6.2 openstack-nova-api-18.2.2~dev9-3.6.2 openstack-nova-cells-18.2.2~dev9-3.6.2 openstack-nova-compute-18.2.2~dev9-3.6.2 openstack-nova-conductor-18.2.2~dev9-3.6.2 openstack-nova-console-18.2.2~dev9-3.6.2 openstack-nova-novncproxy-18.2.2~dev9-3.6.2 openstack-nova-placement-api-18.2.2~dev9-3.6.2 openstack-nova-scheduler-18.2.2~dev9-3.6.2 openstack-nova-serialproxy-18.2.2~dev9-3.6.2 openstack-nova-vncproxy-18.2.2~dev9-3.6.2 openstack-octavia-3.1.2~dev8-3.6.3 openstack-octavia-amphora-agent-3.1.2~dev8-3.6.3 openstack-octavia-api-3.1.2~dev8-3.6.3 openstack-octavia-health-manager-3.1.2~dev8-3.6.3 openstack-octavia-housekeeping-3.1.2~dev8-3.6.3 openstack-octavia-worker-3.1.2~dev8-3.6.3 openstack-tempest-19.0.0-7.3.3 openstack-tempest-test-19.0.0-7.3.3 python-ceilometer-11.0.2~dev14-3.6.3 python-cinder-13.0.7~dev3-3.6.3 python-cinder-tempest-plugin-0.1.0-3.3.1 python-designate-7.0.1~dev21-3.6.3 python-heat-11.0.3~dev19-3.6.3 python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3 python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3 python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3 python-ironic-11.1.4~dev9-3.6.3 python-ironicclient-2.5.3-4.6.2 python-ironicclient-doc-2.5.3-4.6.2 python-keystone-14.1.1~dev8-3.6.4 python-keystonemiddleware-5.2.0-3.3.2 python-magnum-7.1.1~dev28-3.6.3 python-manila-7.3.1~dev3-4.6.3 python-monasca-notification-1.14.2~dev1-6.6.4 python-monasca-persister-1.12.1~dev9-4.3.3 python-monasca-tempest-plugin-0.3.0-3.3.1 python-neutron-13.0.5~dev22-3.6.3 python-neutron-gbp-5.0.1~dev459-3.6.3 python-neutron-lbaas-13.0.1~dev14-3.6.2 python-nova-18.2.2~dev9-3.6.2 python-octavia-3.1.2~dev8-3.6.3 python-openstackclient-3.16.2-3.3.2 python-openstacksdk-0.17.3-3.3.2 python-proliantutils-2.8.4-3.3.1 python-tempest-19.0.0-7.3.3 python-vmware-nsx-13.0.1~dev146-4.3.1 python-vmware-nsxlib-13.0.1~dev24-3.3.1 yast2-crowbar-3.4.2-3.3.1 - SUSE OpenStack Cloud 9 (noarch): ardana-ansible-9.0+git.1566374020.301191f-3.6.1 ardana-barbican-9.0+git.1566251498.be02ca4-3.6.1 ardana-cinder-9.0+git.1565678764.c3a9b9f-3.6.1 ardana-cluster-9.0+git.1559333871.40508f7-3.6.1 ardana-cobbler-9.0+git.1566336494.93967dd-3.6.1 ardana-db-9.0+git.1564409964.b7e4fc3-3.6.1 ardana-designate-9.0+git.1565680593.df7a432-3.6.1 ardana-extensions-nsx-9.0+git.1566213657.69862ab-3.3.2 ardana-glance-9.0+git.1566375806.f0b2333-3.6.1 ardana-heat-9.0+git.1565721273.f44b8d7-3.6.1 ardana-horizon-9.0+git.1565891518.2a545a1-3.6.1 ardana-input-model-9.0+git.1562848565.91e75b2-3.6.1 ardana-installer-ui-9.0+git.1566255088.3443670-3.6.1 ardana-installer-ui-debugsource-9.0+git.1566255088.3443670-3.6.1 ardana-ironic-9.0+git.1565721987.ddc59c8-3.6.1 ardana-keystone-9.0+git.1565891593.cad6d1a-3.6.1 ardana-logging-9.0+git.1565761582.2dc823a-3.6.1 ardana-magnum-9.0+git.1565762005.016032a-3.6.1 ardana-monasca-9.0+git.1566332665.ad894c0-3.6.1 ardana-mq-9.0+git.1565115025.148d092-3.6.1 ardana-neutron-9.0+git.1566251310.3a1e8f9-3.6.1 ardana-nova-9.0+git.1566332515.e232568-3.6.1 ardana-octavia-9.0+git.1566206502.6c87b41-3.6.1 ardana-opsconsole-9.0+git.1566251377.b1caeaa-3.6.1 ardana-opsconsole-ui-9.0+git.1555530925.206f1a8-4.6.1 ardana-osconfig-9.0+git.1565764394.545b573-3.6.1 ardana-service-9.0+git.1564706915.edd44c4-3.6.1 ardana-ses-9.0+git.1565962617.523149b-3.6.1 ardana-swift-9.0+git.1565891872.73fc3c7-3.6.1 ardana-swiftlm-drive-provision-9.0+git.1541434883.e0ebe69-3.3.1 ardana-swiftlm-log-tailer-9.0+git.1541434883.e0ebe69-3.3.1 ardana-swiftlm-uptime-mon-9.0+git.1541434883.e0ebe69-3.3.1 ardana-tempest-9.0+git.1566471752.a3c5c9c-3.6.1 openstack-ceilometer-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-central-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-compute-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-notification-11.0.2~dev14-3.6.3 openstack-ceilometer-polling-11.0.2~dev14-3.6.3 openstack-cinder-13.0.7~dev3-3.6.3 openstack-cinder-api-13.0.7~dev3-3.6.3 openstack-cinder-backup-13.0.7~dev3-3.6.3 openstack-cinder-scheduler-13.0.7~dev3-3.6.3 openstack-cinder-volume-13.0.7~dev3-3.6.3 openstack-designate-7.0.1~dev21-3.6.3 openstack-designate-agent-7.0.1~dev21-3.6.3 openstack-designate-api-7.0.1~dev21-3.6.3 openstack-designate-central-7.0.1~dev21-3.6.3 openstack-designate-producer-7.0.1~dev21-3.6.3 openstack-designate-sink-7.0.1~dev21-3.6.3 openstack-designate-worker-7.0.1~dev21-3.6.3 openstack-heat-11.0.3~dev19-3.6.3 openstack-heat-api-11.0.3~dev19-3.6.3 openstack-heat-api-cfn-11.0.3~dev19-3.6.3 openstack-heat-engine-11.0.3~dev19-3.6.3 openstack-heat-plugin-heat_docker-11.0.3~dev19-3.6.3 openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3 openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3 openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3 openstack-ironic-11.1.4~dev9-3.6.3 openstack-ironic-api-11.1.4~dev9-3.6.3 openstack-ironic-conductor-11.1.4~dev9-3.6.3 openstack-ironic-python-agent-3.3.3~dev4-3.6.3 openstack-keystone-14.1.1~dev8-3.6.4 openstack-magnum-7.1.1~dev28-3.6.3 openstack-magnum-api-7.1.1~dev28-3.6.3 openstack-magnum-conductor-7.1.1~dev28-3.6.3 openstack-manila-7.3.1~dev3-4.6.3 openstack-manila-api-7.3.1~dev3-4.6.3 openstack-manila-data-7.3.1~dev3-4.6.3 openstack-manila-scheduler-7.3.1~dev3-4.6.3 openstack-manila-share-7.3.1~dev3-4.6.3 openstack-monasca-notification-1.14.2~dev1-6.6.4 openstack-monasca-persister-1.12.1~dev9-4.3.3 openstack-monasca-persister-java-1.12.1~dev9-4.3.2 openstack-neutron-13.0.5~dev22-3.6.3 openstack-neutron-dhcp-agent-13.0.5~dev22-3.6.3 openstack-neutron-gbp-5.0.1~dev459-3.6.3 openstack-neutron-ha-tool-13.0.5~dev22-3.6.3 openstack-neutron-l3-agent-13.0.5~dev22-3.6.3 openstack-neutron-lbaas-13.0.1~dev14-3.6.2 openstack-neutron-lbaas-agent-13.0.1~dev14-3.6.2 openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.6.3 openstack-neutron-macvtap-agent-13.0.5~dev22-3.6.3 openstack-neutron-metadata-agent-13.0.5~dev22-3.6.3 openstack-neutron-metering-agent-13.0.5~dev22-3.6.3 openstack-neutron-openvswitch-agent-13.0.5~dev22-3.6.3 openstack-neutron-server-13.0.5~dev22-3.6.3 openstack-nova-18.2.2~dev9-3.6.2 openstack-nova-api-18.2.2~dev9-3.6.2 openstack-nova-cells-18.2.2~dev9-3.6.2 openstack-nova-compute-18.2.2~dev9-3.6.2 openstack-nova-conductor-18.2.2~dev9-3.6.2 openstack-nova-console-18.2.2~dev9-3.6.2 openstack-nova-novncproxy-18.2.2~dev9-3.6.2 openstack-nova-placement-api-18.2.2~dev9-3.6.2 openstack-nova-scheduler-18.2.2~dev9-3.6.2 openstack-nova-serialproxy-18.2.2~dev9-3.6.2 openstack-nova-vncproxy-18.2.2~dev9-3.6.2 openstack-octavia-3.1.2~dev8-3.6.3 openstack-octavia-amphora-agent-3.1.2~dev8-3.6.3 openstack-octavia-api-3.1.2~dev8-3.6.3 openstack-octavia-health-manager-3.1.2~dev8-3.6.3 openstack-octavia-housekeeping-3.1.2~dev8-3.6.3 openstack-octavia-worker-3.1.2~dev8-3.6.3 openstack-tempest-19.0.0-7.3.3 openstack-tempest-test-19.0.0-7.3.3 python-ardana-configurationprocessor-9.0+git.1566405927.c5c03d4-3.7.1 python-ceilometer-11.0.2~dev14-3.6.3 python-cinder-13.0.7~dev3-3.6.3 python-cinder-tempest-plugin-0.1.0-3.3.1 python-designate-7.0.1~dev21-3.6.3 python-heat-11.0.3~dev19-3.6.3 python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3 python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3 python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3 python-ironic-11.1.4~dev9-3.6.3 python-ironicclient-2.5.3-4.6.2 python-ironicclient-doc-2.5.3-4.6.2 python-keystone-14.1.1~dev8-3.6.4 python-keystonemiddleware-5.2.0-3.3.2 python-magnum-7.1.1~dev28-3.6.3 python-manila-7.3.1~dev3-4.6.3 python-monasca-notification-1.14.2~dev1-6.6.4 python-monasca-persister-1.12.1~dev9-4.3.3 python-monasca-tempest-plugin-0.3.0-3.3.1 python-neutron-13.0.5~dev22-3.6.3 python-neutron-gbp-5.0.1~dev459-3.6.3 python-neutron-lbaas-13.0.1~dev14-3.6.2 python-nova-18.2.2~dev9-3.6.2 python-octavia-3.1.2~dev8-3.6.3 python-openstackclient-3.16.2-3.3.2 python-openstacksdk-0.17.3-3.3.2 python-proliantutils-2.8.4-3.3.1 python-python-engineio-2.0.2-4.3.1 python-swiftlm-9.0+git.1541434883.e0ebe69-3.3.1 python-tempest-19.0.0-7.3.3 python-vmware-nsx-13.0.1~dev146-4.3.1 python-vmware-nsxlib-13.0.1~dev24-3.3.1 References: https://www.suse.com/security/cve/CVE-2015-3448.html https://www.suse.com/security/cve/CVE-2017-17051.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-13611.html https://www.suse.com/security/cve/CVE-2019-7164.html https://www.suse.com/security/cve/CVE-2019-7548.html https://www.suse.com/security/cve/CVE-2019-9735.html https://www.suse.com/security/cve/CVE-2019-9740.html https://bugzilla.suse.com/1027315 https://bugzilla.suse.com/1129729 https://bugzilla.suse.com/1133719 https://bugzilla.suse.com/1134232 https://bugzilla.suse.com/1140512 https://bugzilla.suse.com/1141676 https://bugzilla.suse.com/1144026 https://bugzilla.suse.com/1144027 From sle-updates at lists.suse.com Mon Sep 2 10:20:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 18:20:27 +0200 (CEST) Subject: SUSE-SU-2019:2268-1: important: Security update for pacemaker Message-ID: <20190902162027.DA430F798@maintenance.suse.de> SUSE Security Update: Security update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2268-1 Rating: important References: #1032511 #1127716 #1130122 #1131353 #1131356 #1133866 #1135317 #1136712 #1140519 Cross-References: CVE-2018-16877 CVE-2018-16878 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 7 fixes is now available. Description: This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2018-16877: Fixed insufficient local IPC client-server authentication on the client's side. (bsc#1131356) - CVE-2018-16878: Fixed insufficient verification inflicted preference of uncontrolled processes (bsc#1131353) Other issues fixed: - stonith_admin --help: specify the usage of --cleanup (bsc#1135317) - scheduler: wait for probe actions to complete to prevent unnecessary restart/re-promote of dependent resources (bsc#1130122, bsc#1032511) - controller: confirm cancel of failed monitors (bsc#1133866) - controller: improve failed recurring action messages (bsc#1133866) - controller: directly acknowledge unrecordable operation results (bsc#1133866) - controller: be more tolerant of malformed executor events (bsc#1133866) - libcrmcommon: return error when applying XML diffs containing unknown operations (bsc#1127716) - libcrmcommon: avoid possible use-of-NULL when applying XML diffs (bsc#1127716) - libcrmcommon: correctly apply XML diffs with multiple move/create changes (bsc#1127716) - libcrmcommon: return proper code if testing pid is denied (bsc#1131353, bsc#1131356) - libcrmcommon: avoid use-of-NULL when checking whether process is active (bsc#1131353, bsc#1131356) - tools: run main loop for crm_resource clean-up with resource (bsc#1140519) - contoller,scheduler: guard hash table deletes (bsc#1136712) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2268=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2268=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.13.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpacemaker3-1.1.19+20181105.ccd6b5b10-3.13.1 libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.13.1 pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.13.1 References: https://www.suse.com/security/cve/CVE-2018-16877.html https://www.suse.com/security/cve/CVE-2018-16878.html https://bugzilla.suse.com/1032511 https://bugzilla.suse.com/1127716 https://bugzilla.suse.com/1130122 https://bugzilla.suse.com/1131353 https://bugzilla.suse.com/1131356 https://bugzilla.suse.com/1133866 https://bugzilla.suse.com/1135317 https://bugzilla.suse.com/1136712 https://bugzilla.suse.com/1140519 From sle-updates at lists.suse.com Mon Sep 2 13:12:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 2 Sep 2019 21:12:48 +0200 (CEST) Subject: SUSE-SU-2019:2270-1: important: Security update for php72 Message-ID: <20190902191248.476E1F798@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2270-1 Rating: important References: #1145095 #1146360 Cross-References: CVE-2019-11041 CVE-2019-11042 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for php72 fixes the following issues: Security issues fixed: - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2270=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-2270=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.23.1 php72-debugsource-7.2.5-1.23.1 php72-devel-7.2.5-1.23.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.23.1 apache2-mod_php72-debuginfo-7.2.5-1.23.1 php72-7.2.5-1.23.1 php72-bcmath-7.2.5-1.23.1 php72-bcmath-debuginfo-7.2.5-1.23.1 php72-bz2-7.2.5-1.23.1 php72-bz2-debuginfo-7.2.5-1.23.1 php72-calendar-7.2.5-1.23.1 php72-calendar-debuginfo-7.2.5-1.23.1 php72-ctype-7.2.5-1.23.1 php72-ctype-debuginfo-7.2.5-1.23.1 php72-curl-7.2.5-1.23.1 php72-curl-debuginfo-7.2.5-1.23.1 php72-dba-7.2.5-1.23.1 php72-dba-debuginfo-7.2.5-1.23.1 php72-debuginfo-7.2.5-1.23.1 php72-debugsource-7.2.5-1.23.1 php72-dom-7.2.5-1.23.1 php72-dom-debuginfo-7.2.5-1.23.1 php72-enchant-7.2.5-1.23.1 php72-enchant-debuginfo-7.2.5-1.23.1 php72-exif-7.2.5-1.23.1 php72-exif-debuginfo-7.2.5-1.23.1 php72-fastcgi-7.2.5-1.23.1 php72-fastcgi-debuginfo-7.2.5-1.23.1 php72-fileinfo-7.2.5-1.23.1 php72-fileinfo-debuginfo-7.2.5-1.23.1 php72-fpm-7.2.5-1.23.1 php72-fpm-debuginfo-7.2.5-1.23.1 php72-ftp-7.2.5-1.23.1 php72-ftp-debuginfo-7.2.5-1.23.1 php72-gd-7.2.5-1.23.1 php72-gd-debuginfo-7.2.5-1.23.1 php72-gettext-7.2.5-1.23.1 php72-gettext-debuginfo-7.2.5-1.23.1 php72-gmp-7.2.5-1.23.1 php72-gmp-debuginfo-7.2.5-1.23.1 php72-iconv-7.2.5-1.23.1 php72-iconv-debuginfo-7.2.5-1.23.1 php72-imap-7.2.5-1.23.1 php72-imap-debuginfo-7.2.5-1.23.1 php72-intl-7.2.5-1.23.1 php72-intl-debuginfo-7.2.5-1.23.1 php72-json-7.2.5-1.23.1 php72-json-debuginfo-7.2.5-1.23.1 php72-ldap-7.2.5-1.23.1 php72-ldap-debuginfo-7.2.5-1.23.1 php72-mbstring-7.2.5-1.23.1 php72-mbstring-debuginfo-7.2.5-1.23.1 php72-mysql-7.2.5-1.23.1 php72-mysql-debuginfo-7.2.5-1.23.1 php72-odbc-7.2.5-1.23.1 php72-odbc-debuginfo-7.2.5-1.23.1 php72-opcache-7.2.5-1.23.1 php72-opcache-debuginfo-7.2.5-1.23.1 php72-openssl-7.2.5-1.23.1 php72-openssl-debuginfo-7.2.5-1.23.1 php72-pcntl-7.2.5-1.23.1 php72-pcntl-debuginfo-7.2.5-1.23.1 php72-pdo-7.2.5-1.23.1 php72-pdo-debuginfo-7.2.5-1.23.1 php72-pgsql-7.2.5-1.23.1 php72-pgsql-debuginfo-7.2.5-1.23.1 php72-phar-7.2.5-1.23.1 php72-phar-debuginfo-7.2.5-1.23.1 php72-posix-7.2.5-1.23.1 php72-posix-debuginfo-7.2.5-1.23.1 php72-pspell-7.2.5-1.23.1 php72-pspell-debuginfo-7.2.5-1.23.1 php72-readline-7.2.5-1.23.1 php72-readline-debuginfo-7.2.5-1.23.1 php72-shmop-7.2.5-1.23.1 php72-shmop-debuginfo-7.2.5-1.23.1 php72-snmp-7.2.5-1.23.1 php72-snmp-debuginfo-7.2.5-1.23.1 php72-soap-7.2.5-1.23.1 php72-soap-debuginfo-7.2.5-1.23.1 php72-sockets-7.2.5-1.23.1 php72-sockets-debuginfo-7.2.5-1.23.1 php72-sqlite-7.2.5-1.23.1 php72-sqlite-debuginfo-7.2.5-1.23.1 php72-sysvmsg-7.2.5-1.23.1 php72-sysvmsg-debuginfo-7.2.5-1.23.1 php72-sysvsem-7.2.5-1.23.1 php72-sysvsem-debuginfo-7.2.5-1.23.1 php72-sysvshm-7.2.5-1.23.1 php72-sysvshm-debuginfo-7.2.5-1.23.1 php72-tidy-7.2.5-1.23.1 php72-tidy-debuginfo-7.2.5-1.23.1 php72-tokenizer-7.2.5-1.23.1 php72-tokenizer-debuginfo-7.2.5-1.23.1 php72-wddx-7.2.5-1.23.1 php72-wddx-debuginfo-7.2.5-1.23.1 php72-xmlreader-7.2.5-1.23.1 php72-xmlreader-debuginfo-7.2.5-1.23.1 php72-xmlrpc-7.2.5-1.23.1 php72-xmlrpc-debuginfo-7.2.5-1.23.1 php72-xmlwriter-7.2.5-1.23.1 php72-xmlwriter-debuginfo-7.2.5-1.23.1 php72-xsl-7.2.5-1.23.1 php72-xsl-debuginfo-7.2.5-1.23.1 php72-zip-7.2.5-1.23.1 php72-zip-debuginfo-7.2.5-1.23.1 php72-zlib-7.2.5-1.23.1 php72-zlib-debuginfo-7.2.5-1.23.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.23.1 php72-pear-Archive_Tar-7.2.5-1.23.1 References: https://www.suse.com/security/cve/CVE-2019-11041.html https://www.suse.com/security/cve/CVE-2019-11042.html https://bugzilla.suse.com/1145095 https://bugzilla.suse.com/1146360 From sle-updates at lists.suse.com Tue Sep 3 10:11:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Sep 2019 18:11:23 +0200 (CEST) Subject: SUSE-SU-2019:2274-1: moderate: Security update for ansible Message-ID: <20190903161123.586BAF798@maintenance.suse.de> SUSE Security Update: Security update for ansible ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2274-1 Rating: moderate References: #1142690 Cross-References: CVE-2019-10206 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ansible fixes the following issues: Security issue fixed: - CVE-2019-10206: Fixed ansible cli tools that prompt passwords by expanding them from templates as they could contain special characters (bsc#1142690). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2274=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2274=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2274=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): ansible-2.4.6.0-3.6.1 - SUSE OpenStack Cloud 8 (noarch): ansible-2.4.6.0-3.6.1 - HPE Helion Openstack 8 (noarch): ansible-2.4.6.0-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-10206.html https://bugzilla.suse.com/1142690 From sle-updates at lists.suse.com Tue Sep 3 10:12:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Sep 2019 18:12:07 +0200 (CEST) Subject: SUSE-SU-2019:14158-1: important: Security update for php53 Message-ID: <20190903161207.5B7A1F798@maintenance.suse.de> SUSE Security Update: Security update for php53 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14158-1 Rating: important References: #1140118 #1145095 #1146360 Cross-References: CVE-2019-11038 CVE-2019-11041 CVE-2019-11042 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140118). - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-php53-14158=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-php53-14158=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-php53-14158=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-php53-14158=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): apache2-mod_php53-5.3.17-112.71.1 php53-5.3.17-112.71.1 php53-bcmath-5.3.17-112.71.1 php53-bz2-5.3.17-112.71.1 php53-calendar-5.3.17-112.71.1 php53-ctype-5.3.17-112.71.1 php53-curl-5.3.17-112.71.1 php53-dba-5.3.17-112.71.1 php53-dom-5.3.17-112.71.1 php53-exif-5.3.17-112.71.1 php53-fastcgi-5.3.17-112.71.1 php53-fileinfo-5.3.17-112.71.1 php53-ftp-5.3.17-112.71.1 php53-gd-5.3.17-112.71.1 php53-gettext-5.3.17-112.71.1 php53-gmp-5.3.17-112.71.1 php53-iconv-5.3.17-112.71.1 php53-intl-5.3.17-112.71.1 php53-json-5.3.17-112.71.1 php53-ldap-5.3.17-112.71.1 php53-mbstring-5.3.17-112.71.1 php53-mcrypt-5.3.17-112.71.1 php53-mysql-5.3.17-112.71.1 php53-odbc-5.3.17-112.71.1 php53-openssl-5.3.17-112.71.1 php53-pcntl-5.3.17-112.71.1 php53-pdo-5.3.17-112.71.1 php53-pear-5.3.17-112.71.1 php53-pgsql-5.3.17-112.71.1 php53-pspell-5.3.17-112.71.1 php53-shmop-5.3.17-112.71.1 php53-snmp-5.3.17-112.71.1 php53-soap-5.3.17-112.71.1 php53-suhosin-5.3.17-112.71.1 php53-sysvmsg-5.3.17-112.71.1 php53-sysvsem-5.3.17-112.71.1 php53-sysvshm-5.3.17-112.71.1 php53-tokenizer-5.3.17-112.71.1 php53-wddx-5.3.17-112.71.1 php53-xmlreader-5.3.17-112.71.1 php53-xmlrpc-5.3.17-112.71.1 php53-xmlwriter-5.3.17-112.71.1 php53-xsl-5.3.17-112.71.1 php53-zip-5.3.17-112.71.1 php53-zlib-5.3.17-112.71.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): apache2-mod_php53-5.3.17-112.71.1 php53-5.3.17-112.71.1 php53-bcmath-5.3.17-112.71.1 php53-bz2-5.3.17-112.71.1 php53-calendar-5.3.17-112.71.1 php53-ctype-5.3.17-112.71.1 php53-curl-5.3.17-112.71.1 php53-dba-5.3.17-112.71.1 php53-dom-5.3.17-112.71.1 php53-exif-5.3.17-112.71.1 php53-fastcgi-5.3.17-112.71.1 php53-fileinfo-5.3.17-112.71.1 php53-ftp-5.3.17-112.71.1 php53-gd-5.3.17-112.71.1 php53-gettext-5.3.17-112.71.1 php53-gmp-5.3.17-112.71.1 php53-iconv-5.3.17-112.71.1 php53-intl-5.3.17-112.71.1 php53-json-5.3.17-112.71.1 php53-ldap-5.3.17-112.71.1 php53-mbstring-5.3.17-112.71.1 php53-mcrypt-5.3.17-112.71.1 php53-mysql-5.3.17-112.71.1 php53-odbc-5.3.17-112.71.1 php53-openssl-5.3.17-112.71.1 php53-pcntl-5.3.17-112.71.1 php53-pdo-5.3.17-112.71.1 php53-pear-5.3.17-112.71.1 php53-pgsql-5.3.17-112.71.1 php53-pspell-5.3.17-112.71.1 php53-shmop-5.3.17-112.71.1 php53-snmp-5.3.17-112.71.1 php53-soap-5.3.17-112.71.1 php53-suhosin-5.3.17-112.71.1 php53-sysvmsg-5.3.17-112.71.1 php53-sysvsem-5.3.17-112.71.1 php53-sysvshm-5.3.17-112.71.1 php53-tokenizer-5.3.17-112.71.1 php53-wddx-5.3.17-112.71.1 php53-xmlreader-5.3.17-112.71.1 php53-xmlrpc-5.3.17-112.71.1 php53-xmlwriter-5.3.17-112.71.1 php53-xsl-5.3.17-112.71.1 php53-zip-5.3.17-112.71.1 php53-zlib-5.3.17-112.71.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): php53-debuginfo-5.3.17-112.71.1 php53-debugsource-5.3.17-112.71.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): php53-debuginfo-5.3.17-112.71.1 php53-debugsource-5.3.17-112.71.1 References: https://www.suse.com/security/cve/CVE-2019-11038.html https://www.suse.com/security/cve/CVE-2019-11041.html https://www.suse.com/security/cve/CVE-2019-11042.html https://bugzilla.suse.com/1140118 https://bugzilla.suse.com/1145095 https://bugzilla.suse.com/1146360 From sle-updates at lists.suse.com Tue Sep 3 10:13:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Sep 2019 18:13:45 +0200 (CEST) Subject: SUSE-RU-2019:2271-1: moderate: Recommended update for crowbar-core, crowbar-ha, crowbar-openstack Message-ID: <20190903161345.B32DBF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for crowbar-core, crowbar-ha, crowbar-openstack ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2271-1 Rating: moderate References: #1122875 #1131791 #1132654 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crowbar-core, crowbar-ha, crowbar-openstack fixes the following issues: - Fixed crowbar_register failure (bsc#1132654). - Fixed issues with haproxy and galera (bsc#1122875). - Fixed SST database from donor (bsc#1131791). - Add configurable galera options (fate#327745). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2271=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2271=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): crowbar-core-4.0+git.1566549549.32c49c55b-9.49.1 crowbar-core-branding-upstream-4.0+git.1566549549.32c49c55b-9.49.1 - SUSE OpenStack Cloud 7 (noarch): crowbar-ha-4.0+git.1566549514.d3b0517-4.49.1 crowbar-openstack-4.0+git.1564569760.3fd19c6a7-9.54.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): crowbar-core-4.0+git.1566549549.32c49c55b-9.49.1 References: https://bugzilla.suse.com/1122875 https://bugzilla.suse.com/1131791 https://bugzilla.suse.com/1132654 From sle-updates at lists.suse.com Tue Sep 3 10:15:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 3 Sep 2019 18:15:25 +0200 (CEST) Subject: SUSE-SU-2019:2273-1: moderate: Security update for libosinfo Message-ID: <20190903161525.51640F798@maintenance.suse.de> SUSE Security Update: Security update for libosinfo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2273-1 Rating: moderate References: #1054986 #1105607 #1122858 #1140749 Cross-References: CVE-2019-13313 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for libosinfo fixes the following issues: Security issue fixed: - CVE-2019-13313: Fixed a information leak where a local user could gather credentials from the osinfo-install-script (bsc#1140749). Non-security issues fixed: - Fixed OS detection for multiple versions of SLE12, SLE15 and openSUSE Leap (bsc#1105607, bsc#1122858, bsc#1105607, bsc#1054986, bsc#1054986) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2273=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2273=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libosinfo-0.2.12-13.3.1 libosinfo-1_0-0-0.2.12-13.3.1 libosinfo-1_0-0-debuginfo-0.2.12-13.3.1 libosinfo-debuginfo-0.2.12-13.3.1 libosinfo-debugsource-0.2.12-13.3.1 typelib-1_0-Libosinfo-1_0-0.2.12-13.3.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): libosinfo-lang-0.2.12-13.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libosinfo-0.2.12-13.3.1 libosinfo-1_0-0-0.2.12-13.3.1 libosinfo-1_0-0-debuginfo-0.2.12-13.3.1 libosinfo-debuginfo-0.2.12-13.3.1 libosinfo-debugsource-0.2.12-13.3.1 typelib-1_0-Libosinfo-1_0-0.2.12-13.3.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): libosinfo-lang-0.2.12-13.3.1 References: https://www.suse.com/security/cve/CVE-2019-13313.html https://bugzilla.suse.com/1054986 https://bugzilla.suse.com/1105607 https://bugzilla.suse.com/1122858 https://bugzilla.suse.com/1140749 From sle-updates at lists.suse.com Wed Sep 4 05:06:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 13:06:17 +0200 (CEST) Subject: SUSE-SU-2019:14160-1: important: Security update for java-1_7_1-ibm Message-ID: <20190904110617.94944F798@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14160-1 Rating: important References: #1141780 #1141782 #1141783 #1141785 #1141789 #1147021 Cross-References: CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 50. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-java-1_7_1-ibm-14160=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.50-26.44.1 java-1_7_1-ibm-devel-1.7.1_sr4.50-26.44.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-26.44.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.50-26.44.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-26.44.1 References: https://www.suse.com/security/cve/CVE-2019-11771.html https://www.suse.com/security/cve/CVE-2019-11775.html https://www.suse.com/security/cve/CVE-2019-2762.html https://www.suse.com/security/cve/CVE-2019-2766.html https://www.suse.com/security/cve/CVE-2019-2769.html https://www.suse.com/security/cve/CVE-2019-2816.html https://www.suse.com/security/cve/CVE-2019-4473.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1141780 https://bugzilla.suse.com/1141782 https://bugzilla.suse.com/1141783 https://bugzilla.suse.com/1141785 https://bugzilla.suse.com/1141789 https://bugzilla.suse.com/1147021 From sle-updates at lists.suse.com Wed Sep 4 07:11:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 15:11:33 +0200 (CEST) Subject: SUSE-RU-2019:2277-1: moderate: Recommended update for yast2-firstboot Message-ID: <20190904131133.A005EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-firstboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2277-1 Rating: moderate References: #1140199 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-firstboot fixes the following issue: - AutoYaST: automatic installation results in lan and ntp-client module failure (bsc#1140199) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2277=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-firstboot-4.1.8-3.6.1 References: https://bugzilla.suse.com/1140199 From sle-updates at lists.suse.com Wed Sep 4 07:12:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 15:12:13 +0200 (CEST) Subject: SUSE-SU-2019:2278-1: moderate: Security update for qemu Message-ID: <20190904131213.7BFD5F798@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2278-1 Rating: moderate References: #1127077 #1135902 #1139926 #1140402 #1143794 Cross-References: CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes: - Provide qcow2 L2 caching improvements, which allows for better storage performance in certain configurations (bsc#1139926, ECO-130). - Fix setting speed of migration while vm uses hugepages (bsc#1127077). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): qemu-debugsource-2.9.1-6.41.1 qemu-guest-agent-2.9.1-6.41.1 qemu-guest-agent-debuginfo-2.9.1-6.41.1 References: https://www.suse.com/security/cve/CVE-2019-12155.html https://www.suse.com/security/cve/CVE-2019-13164.html https://www.suse.com/security/cve/CVE-2019-14378.html https://bugzilla.suse.com/1127077 https://bugzilla.suse.com/1135902 https://bugzilla.suse.com/1139926 https://bugzilla.suse.com/1140402 https://bugzilla.suse.com/1143794 From sle-updates at lists.suse.com Wed Sep 4 10:11:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 18:11:46 +0200 (CEST) Subject: SUSE-RU-2019:2288-1: moderate: Recommended update for systemd Message-ID: <20190904161146.DFB16F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2288-1 Rating: moderate References: #1104902 #1107617 #1137053 #1142661 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Fixes an issue where the Kernel took very long to unmount a user's runtime directory (bsc#1104902) - udevd: changed the default value of udev.children-max (again) (bsc#1107617) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2288=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2288=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2288=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.71.1 systemd-debuginfo-228-150.71.1 systemd-debugsource-228-150.71.1 systemd-devel-228-150.71.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.71.1 libsystemd0-debuginfo-228-150.71.1 libudev1-228-150.71.1 libudev1-debuginfo-228-150.71.1 systemd-228-150.71.1 systemd-debuginfo-228-150.71.1 systemd-debugsource-228-150.71.1 systemd-sysvinit-228-150.71.1 udev-228-150.71.1 udev-debuginfo-228-150.71.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsystemd0-32bit-228-150.71.1 libsystemd0-debuginfo-32bit-228-150.71.1 libudev1-32bit-228-150.71.1 libudev1-debuginfo-32bit-228-150.71.1 systemd-32bit-228-150.71.1 systemd-debuginfo-32bit-228-150.71.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): systemd-bash-completion-228-150.71.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsystemd0-228-150.71.1 libsystemd0-32bit-228-150.71.1 libsystemd0-debuginfo-228-150.71.1 libsystemd0-debuginfo-32bit-228-150.71.1 libudev1-228-150.71.1 libudev1-32bit-228-150.71.1 libudev1-debuginfo-228-150.71.1 libudev1-debuginfo-32bit-228-150.71.1 systemd-228-150.71.1 systemd-32bit-228-150.71.1 systemd-debuginfo-228-150.71.1 systemd-debuginfo-32bit-228-150.71.1 systemd-debugsource-228-150.71.1 systemd-sysvinit-228-150.71.1 udev-228-150.71.1 udev-debuginfo-228-150.71.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): systemd-bash-completion-228-150.71.1 - SUSE CaaS Platform 3.0 (x86_64): libsystemd0-228-150.71.1 libsystemd0-debuginfo-228-150.71.1 libudev1-228-150.71.1 libudev1-debuginfo-228-150.71.1 systemd-228-150.71.1 systemd-debuginfo-228-150.71.1 systemd-debugsource-228-150.71.1 systemd-sysvinit-228-150.71.1 udev-228-150.71.1 udev-debuginfo-228-150.71.1 References: https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1107617 https://bugzilla.suse.com/1137053 https://bugzilla.suse.com/1142661 From sle-updates at lists.suse.com Wed Sep 4 10:13:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 18:13:01 +0200 (CEST) Subject: SUSE-RU-2019:2281-1: moderate: Recommended update for rubygem-chef Message-ID: <20190904161301.A96BEF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2281-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef fixes the following issues: - adjust rescue-encoding-json-error.patch to pretty print inspect results and force encode the content. (SOC-9954) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2281=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-chef-10.32.2-4.9.1 rubygem-chef-10.32.2-4.9.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Wed Sep 4 10:13:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 18:13:43 +0200 (CEST) Subject: SUSE-RU-2019:2279-1: moderate: Recommended update for SUSEConnect Message-ID: <20190904161343.A0C66F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2279-1 Rating: moderate References: #1136752 #1144020 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fix failing on registered system without arguments (bsc#1144020) - Fix base product service removal during de-registration in public clouds (bsc#1136752) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2279=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.19-3.19.1 References: https://bugzilla.suse.com/1136752 https://bugzilla.suse.com/1144020 From sle-updates at lists.suse.com Wed Sep 4 10:14:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 18:14:33 +0200 (CEST) Subject: SUSE-RU-2019:2284-1: moderate: Recommended update for google-compute-engine Message-ID: <20190904161433.5411CF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2284-1 Rating: moderate References: #1146172 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-compute-engine fixes the following issues: - Fix install location of NSS and PAM shared libraries (bsc#1146172) - Switch RPM group for oslogin package from Hardware to System/Daemons Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2284=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190801-39.1 google-compute-engine-oslogin-debuginfo-20190801-39.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20190801-39.1 References: https://bugzilla.suse.com/1146172 From sle-updates at lists.suse.com Wed Sep 4 10:15:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 18:15:16 +0200 (CEST) Subject: SUSE-RU-2019:2282-1: moderate: Recommended update for openstack-ironic-image Message-ID: <20190904161516.73112F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for openstack-ironic-image ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2282-1 Rating: moderate References: #1137626 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openstack-ironic-image fixes the following issues: - add dosfstools. (bsc#1137626) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2282=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2282=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2282=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-ironic-image-debugsource-8.0.0-0.19.6.1 openstack-ironic-image-x86_64-8.0.0-0.19.6.1 - SUSE OpenStack Cloud 8 (noarch): openstack-ironic-image-debugsource-8.0.0-0.19.6.1 openstack-ironic-image-x86_64-8.0.0-0.19.6.1 - HPE Helion Openstack 8 (noarch): openstack-ironic-image-debugsource-8.0.0-0.19.6.1 openstack-ironic-image-x86_64-8.0.0-0.19.6.1 References: https://bugzilla.suse.com/1137626 From sle-updates at lists.suse.com Wed Sep 4 10:15:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 18:15:59 +0200 (CEST) Subject: SUSE-RU-2019:2287-1: moderate: Recommended update for perf Message-ID: <20190904161559.59F3FF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2287-1 Rating: moderate References: #1124370 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perf provides the following fixes: - Add POWER mem/c2c support. (FATE#326871, bsc#1124370) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2287=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): perf-4.12.14-46.3.1 perf-debuginfo-4.12.14-46.3.1 perf-debugsource-4.12.14-46.3.1 References: https://bugzilla.suse.com/1124370 From sle-updates at lists.suse.com Wed Sep 4 10:16:41 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 18:16:41 +0200 (CEST) Subject: SUSE-RU-2019:2280-1: moderate: Recommended update for sleshammer Message-ID: <20190904161641.0CA31F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for sleshammer ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2280-1 Rating: moderate References: #1109991 Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sleshammer fixes the following issues: - Really drop etc/udev/rules.d/70-persistent-net.rules from the overlay it was still present in the tarball. (SOC-9288) - added ruby2.1-rubygem-crowbar-client providing crowbarctl Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2280=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): sleshammer-aarch64-0.8.0-0.17.1 sleshammer-debugsource-0.8.0-0.17.1 sleshammer-ppc64le-0.8.0-0.17.1 sleshammer-s390x-0.8.0-0.17.1 sleshammer-x86_64-0.8.0-0.17.1 References: https://bugzilla.suse.com/1109991 From sle-updates at lists.suse.com Wed Sep 4 10:17:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 18:17:27 +0200 (CEST) Subject: SUSE-RU-2019:2289-1: moderate: Recommended update for open-iscsi Message-ID: <20190904161727.E3B03F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2289-1 Rating: moderate References: #1113712 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi fixes the following issues: - Fixes an issue where an iSCSI boot failure appeared in MPIO config with single path active (bsc#1113712) Additionally: This update includes a lot of smaller bug fixes. Please refer to this rpm's changelog file to get the full list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2289=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2289=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2289=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): open-iscsi-debuginfo-2.0.876-13.29.1 open-iscsi-debugsource-2.0.876-13.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-13.29.1 iscsiuio-debuginfo-0.7.8.2-13.29.1 libopeniscsiusr0_2_0-2.0.876-13.29.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.29.1 open-iscsi-2.0.876-13.29.1 open-iscsi-debuginfo-2.0.876-13.29.1 open-iscsi-debugsource-2.0.876-13.29.1 open-iscsi-devel-2.0.876-13.29.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-13.29.1 iscsiuio-debuginfo-0.7.8.2-13.29.1 libopeniscsiusr0_2_0-2.0.876-13.29.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-13.29.1 open-iscsi-2.0.876-13.29.1 open-iscsi-debuginfo-2.0.876-13.29.1 open-iscsi-debugsource-2.0.876-13.29.1 open-iscsi-devel-2.0.876-13.29.1 References: https://bugzilla.suse.com/1113712 From sle-updates at lists.suse.com Wed Sep 4 10:18:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 18:18:16 +0200 (CEST) Subject: SUSE-RU-2019:2286-1: moderate: Recommended update for perf Message-ID: <20190904161816.BCB36F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2286-1 Rating: moderate References: #1124370 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perf provides the following fixes: - Add POWER mem/c2c support. (FATE#326869, bsc#1124370) (Initial implementation was as FATE#326866 in SLE15-SP1) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2286=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): perf-4.12.14-9.13.1 perf-debuginfo-4.12.14-9.13.1 perf-debugsource-4.12.14-9.13.1 References: https://bugzilla.suse.com/1124370 From sle-updates at lists.suse.com Wed Sep 4 10:18:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 18:18:59 +0200 (CEST) Subject: SUSE-RU-2019:2283-1: moderate: Recommended update for google-compute-engine Message-ID: <20190904161859.51E4DF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2283-1 Rating: moderate References: #1146172 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-compute-engine fixes the following issues: - Fix install location of NSS and PAM shared libraries (bsc#1146172) - Switch RPM group for oslogin package from Hardware to System/Daemons Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2283=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2283=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2283=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-compute-engine-debugsource-20190801-4.23.1 google-compute-engine-oslogin-20190801-4.23.1 google-compute-engine-oslogin-debuginfo-20190801-4.23.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-compute-engine-init-20190801-4.23.1 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190801-4.23.1 google-compute-engine-oslogin-debuginfo-20190801-4.23.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): google-compute-engine-init-20190801-4.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): google-compute-engine-debugsource-20190801-4.23.1 References: https://bugzilla.suse.com/1146172 From sle-updates at lists.suse.com Wed Sep 4 13:12:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 21:12:34 +0200 (CEST) Subject: SUSE-RU-2019:2294-1: moderate: Recommended update for open-iscsi Message-ID: <20190904191234.80A61F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2294-1 Rating: moderate References: #1113712 #1142029 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for open-iscsi fixes the following issue: - systemd[1]: [/usr/lib/systemd/system/iscsiuio.service:12] Unknown lvalue '' in section 'Service' (bsc#1142029) - Fixes an issue where an iSCSI boot failure appeared in MPIO config with single path active (bsc#1113712) Additionally: This update includes a lot of smaller bug fixes. Please refer to this rpm's changelog file to get the full list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2294=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2294=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.2-12.18.1 iscsiuio-debuginfo-0.7.8.2-12.18.1 libopeniscsiusr0_2_0-2.0.876-12.18.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-12.18.1 open-iscsi-2.0.876-12.18.1 open-iscsi-debuginfo-2.0.876-12.18.1 open-iscsi-debugsource-2.0.876-12.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): iscsiuio-0.7.8.2-12.18.1 iscsiuio-debuginfo-0.7.8.2-12.18.1 libopeniscsiusr0_2_0-2.0.876-12.18.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-12.18.1 open-iscsi-2.0.876-12.18.1 open-iscsi-debuginfo-2.0.876-12.18.1 open-iscsi-debugsource-2.0.876-12.18.1 References: https://bugzilla.suse.com/1113712 https://bugzilla.suse.com/1142029 From sle-updates at lists.suse.com Wed Sep 4 13:15:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 21:15:10 +0200 (CEST) Subject: SUSE-RU-2019:2292-1: moderate: Recommended update for SUSEConnect Message-ID: <20190904191510.B215BF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2292-1 Rating: moderate References: #1128969 #1136752 #1144020 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fix failing on registered system without arguments (bsc#1144020) - Fix base product service removal during de-registration in public clouds (bsc#1136752) - It will no longer try to remove a service during migration if a zypper service plugin already exists (bsc#1128969) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2292=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.19-7.3.1 References: https://bugzilla.suse.com/1128969 https://bugzilla.suse.com/1136752 https://bugzilla.suse.com/1144020 From sle-updates at lists.suse.com Wed Sep 4 13:10:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 21:10:49 +0200 (CEST) Subject: SUSE-RU-2019:2297-1: moderate: Recommended update for clone-master-clean-up Message-ID: <20190904191049.9DCC8F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for clone-master-clean-up ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2297-1 Rating: moderate References: #1092378 #1139667 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for clone-master-clean-up fixes the following issues: - Bugfixes: * Deleted /var/lib/wicked/* files for cloning. If machines with identical settings exist in the same network multiple times, IP addresses may change with each renewal (bsc#1139667) - Additional Changes: * Moved the configuration files out of the /var directory (bsc#1092378) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2297=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (noarch): clone-master-clean-up-1.4-4.5.1 References: https://bugzilla.suse.com/1092378 https://bugzilla.suse.com/1139667 From sle-updates at lists.suse.com Wed Sep 4 13:11:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 21:11:44 +0200 (CEST) Subject: SUSE-RU-2019:2295-1: moderate: Recommended update for SUSEConnect Message-ID: <20190904191144.90620F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2295-1 Rating: moderate References: #1136752 #1144020 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fix failing on registered system without arguments (bsc#1144020) - Fix base product service removal during de-registration in public clouds (bsc#1136752) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2295=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2295=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2295=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2295=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2295=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2295=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2295=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2295=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2295=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2295=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2295=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): SUSEConnect-0.3.19-3.31.1 - SUSE OpenStack Cloud 8 (x86_64): SUSEConnect-0.3.19-3.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): SUSEConnect-0.3.19-3.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.19-3.31.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.19-3.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.19-3.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): SUSEConnect-0.3.19-3.31.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): SUSEConnect-0.3.19-3.31.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): SUSEConnect-0.3.19-3.31.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): SUSEConnect-0.3.19-3.31.1 - SUSE CaaS Platform 3.0 (x86_64): SUSEConnect-0.3.19-3.31.1 - HPE Helion Openstack 8 (x86_64): SUSEConnect-0.3.19-3.31.1 References: https://bugzilla.suse.com/1136752 https://bugzilla.suse.com/1144020 From sle-updates at lists.suse.com Wed Sep 4 13:18:08 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 21:18:08 +0200 (CEST) Subject: SUSE-RU-2019:2296-1: moderate: Recommended update for clone-master-clean-up Message-ID: <20190904191808.0AC6AF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for clone-master-clean-up ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2296-1 Rating: moderate References: #1092378 #1139667 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for clone-master-clean-up fixes the following issues: - Bugfixes: * Deleted /var/lib/wicked/* files for cloning. If machines with identical settings exist in the same network multiple times, IP addresses may change with each renewal (bsc#1139667) - Additional Changes: * Moved the configuration files out of the /var directory (bsc#1092378) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2296=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (noarch): clone-master-clean-up-1.4-4.3.1 References: https://bugzilla.suse.com/1092378 https://bugzilla.suse.com/1139667 From sle-updates at lists.suse.com Wed Sep 4 13:17:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 21:17:26 +0200 (CEST) Subject: SUSE-RU-2019:2298-1: moderate: Recommended update for yast2-s390 Message-ID: <20190904191726.0C95EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-s390 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2298-1 Rating: moderate References: #1134927 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-s390 provides the following fixes: - Setting DIAG mode on active DASDs. (bsc#1134927) - Sort DASDs by channel ID. (bsc#1134927) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2298=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (s390x): yast2-s390-3.2.5-3.3.1 References: https://bugzilla.suse.com/1134927 From sle-updates at lists.suse.com Wed Sep 4 13:13:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 21:13:26 +0200 (CEST) Subject: SUSE-SU-2019:2291-1: important: Security update for java-1_8_0-ibm Message-ID: <20190904191326.B75E7F798@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2291-1 Rating: important References: #1122292 #1122299 #1141780 #1141782 #1141783 #1141785 #1141787 #1141789 #1147021 Cross-References: CVE-2018-11212 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-2449 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2291=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2291=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2291=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-demo-1.8.0_sr5.40-3.24.1 java-1_8_0-ibm-src-1.8.0_sr5.40-3.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr5.40-3.24.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr5.40-3.24.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.40-3.24.1 java-1_8_0-ibm-devel-1.8.0_sr5.40-3.24.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.40-3.24.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-3.24.1 - SUSE Linux Enterprise Module for Legacy Software 15 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.40-3.24.1 java-1_8_0-ibm-devel-1.8.0_sr5.40-3.24.1 - SUSE Linux Enterprise Module for Legacy Software 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.40-3.24.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-3.24.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2019-11771.html https://www.suse.com/security/cve/CVE-2019-11772.html https://www.suse.com/security/cve/CVE-2019-11775.html https://www.suse.com/security/cve/CVE-2019-2449.html https://www.suse.com/security/cve/CVE-2019-2762.html https://www.suse.com/security/cve/CVE-2019-2766.html https://www.suse.com/security/cve/CVE-2019-2769.html https://www.suse.com/security/cve/CVE-2019-2786.html https://www.suse.com/security/cve/CVE-2019-2816.html https://www.suse.com/security/cve/CVE-2019-4473.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1122292 https://bugzilla.suse.com/1122299 https://bugzilla.suse.com/1141780 https://bugzilla.suse.com/1141782 https://bugzilla.suse.com/1141783 https://bugzilla.suse.com/1141785 https://bugzilla.suse.com/1141787 https://bugzilla.suse.com/1141789 https://bugzilla.suse.com/1147021 From sle-updates at lists.suse.com Wed Sep 4 13:16:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 21:16:44 +0200 (CEST) Subject: SUSE-RU-2019:2293-1: moderate: Recommended update for sysconfig Message-ID: <20190904191644.37D8FF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2293-1 Rating: moderate References: #1123699 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysconfig fixes the following issues: - Switched to tmpfile mechanism to create the symlink infrastructure for resolv.conf and yp.conf early during boot (bsc#1123699) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2293=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): sysconfig-0.85.3-3.3.1 sysconfig-debuginfo-0.85.3-3.3.1 sysconfig-debugsource-0.85.3-3.3.1 sysconfig-netconfig-0.85.3-3.3.1 References: https://bugzilla.suse.com/1123699 From sle-updates at lists.suse.com Wed Sep 4 13:16:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 4 Sep 2019 21:16:04 +0200 (CEST) Subject: SUSE-RU-2019:2290-1: moderate: Recommended update for suse-migration-sle15-activation Message-ID: <20190904191604.2E3CCF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-migration-sle15-activation ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2290-1 Rating: moderate References: #1142108 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-migration-sle15-activation provides the following fixes: - Fix BYOS upgrade from 12SP4-SAP to 15. (bsc#1142108) - Partially revert the no bootloader based startup. - Avoid bootloader to run the migration. - Fix grub setup if root is on a raid device. - Use `uniq` when finding root device in grub activation script. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2290=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): suse-migration-sle15-activation-1.2.0-6.8.1 References: https://bugzilla.suse.com/1142108 From sle-updates at lists.suse.com Thu Sep 5 04:12:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 12:12:40 +0200 (CEST) Subject: SUSE-SU-2019:2300-1: moderate: Security update for python-urllib3 Message-ID: <20190905101240.53F2EF798@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2300-1 Rating: moderate References: #1119376 #1129071 #1132663 #1132900 Cross-References: CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2019-9740 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). - CVE-2018-20060: Remove Authorization header when redirecting cross-host (bsc#1119376). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2300=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2300=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2300=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-urllib3-1.22-5.6.1 - SUSE OpenStack Cloud 8 (noarch): python-urllib3-1.22-5.6.1 - HPE Helion Openstack 8 (noarch): python-urllib3-1.22-5.6.1 References: https://www.suse.com/security/cve/CVE-2018-20060.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-9740.html https://bugzilla.suse.com/1119376 https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 From sle-updates at lists.suse.com Thu Sep 5 04:13:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 12:13:52 +0200 (CEST) Subject: SUSE-SU-2019:2299-1: important: Security update for the Linux Kernel Message-ID: <20190905101352.ACF7CF7B3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2299-1 Rating: important References: #1045640 #1076033 #1107256 #1123161 #1130972 #1134399 #1139358 #1140012 #1140652 #1140903 #1140945 #1141401 #1141402 #1141452 #1141453 #1141454 #1141628 #1142023 #1142098 #1142857 #1143045 #1143048 #1143189 #1143191 #1144257 #1144273 #1144288 #1144920 #1145920 #1145922 #1146163 Cross-References: CVE-2017-18551 CVE-2018-20855 CVE-2018-20856 CVE-2019-10207 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 CVE-2019-15117 CVE-2019-15118 CVE-2019-3819 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 19 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") could have caused a system lock up and a denial of service (bnc#1123161). - CVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in sound/usb/mixer.c via mishandled recursion (bnc#1145922). - CVE-2019-15117: Fixed out-of-bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short descriptor (bnc#1145920). - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). - CVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart (bsc#1142857). - CVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c, where certain error case are mishandled (bnc#1143048). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). The following non-security bugs were fixed: - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652, bsc#1144288). - bcache: fix race in btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1130972, bsc#1144257). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1130972, bsc#1144273). - bcache: performance improvement for btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652, bsc#1144288). - btrfs: improve delayed refs iterations (bsc#1076033, bsc#1107256). - i40e: add functions to control default VSI (bsc#1141628). - i40e: set default VSI without a reset (bsc#1141628). - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1142098). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454). - qib/hfi1: Fix MR reference count leak on write with immediate (bsc#1045640). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (XSA-300). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2299=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2299=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2299=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2299=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-2299=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2299=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.120.1 kernel-default-base-4.4.121-92.120.1 kernel-default-base-debuginfo-4.4.121-92.120.1 kernel-default-debuginfo-4.4.121-92.120.1 kernel-default-debugsource-4.4.121-92.120.1 kernel-default-devel-4.4.121-92.120.1 kernel-syms-4.4.121-92.120.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_120-default-1-3.3.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.120.1 kernel-macros-4.4.121-92.120.1 kernel-source-4.4.121-92.120.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.120.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.120.1 kernel-default-base-4.4.121-92.120.1 kernel-default-base-debuginfo-4.4.121-92.120.1 kernel-default-debuginfo-4.4.121-92.120.1 kernel-default-debugsource-4.4.121-92.120.1 kernel-default-devel-4.4.121-92.120.1 kernel-syms-4.4.121-92.120.1 kgraft-patch-4_4_121-92_120-default-1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.120.1 kernel-macros-4.4.121-92.120.1 kernel-source-4.4.121-92.120.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.120.1 kernel-default-base-4.4.121-92.120.1 kernel-default-base-debuginfo-4.4.121-92.120.1 kernel-default-debuginfo-4.4.121-92.120.1 kernel-default-debugsource-4.4.121-92.120.1 kernel-default-devel-4.4.121-92.120.1 kernel-syms-4.4.121-92.120.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_120-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.120.1 kernel-macros-4.4.121-92.120.1 kernel-source-4.4.121-92.120.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.120.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.120.1 kernel-macros-4.4.121-92.120.1 kernel-source-4.4.121-92.120.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.120.1 kernel-default-base-4.4.121-92.120.1 kernel-default-base-debuginfo-4.4.121-92.120.1 kernel-default-debuginfo-4.4.121-92.120.1 kernel-default-debugsource-4.4.121-92.120.1 kernel-default-devel-4.4.121-92.120.1 kernel-syms-4.4.121-92.120.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.120.1 cluster-md-kmp-default-debuginfo-4.4.121-92.120.1 cluster-network-kmp-default-4.4.121-92.120.1 cluster-network-kmp-default-debuginfo-4.4.121-92.120.1 dlm-kmp-default-4.4.121-92.120.1 dlm-kmp-default-debuginfo-4.4.121-92.120.1 gfs2-kmp-default-4.4.121-92.120.1 gfs2-kmp-default-debuginfo-4.4.121-92.120.1 kernel-default-debuginfo-4.4.121-92.120.1 kernel-default-debugsource-4.4.121-92.120.1 ocfs2-kmp-default-4.4.121-92.120.1 ocfs2-kmp-default-debuginfo-4.4.121-92.120.1 - SUSE Enterprise Storage 4 (x86_64): kernel-default-4.4.121-92.120.1 kernel-default-base-4.4.121-92.120.1 kernel-default-base-debuginfo-4.4.121-92.120.1 kernel-default-debuginfo-4.4.121-92.120.1 kernel-default-debugsource-4.4.121-92.120.1 kernel-default-devel-4.4.121-92.120.1 kernel-syms-4.4.121-92.120.1 kgraft-patch-4_4_121-92_120-default-1-3.3.1 - SUSE Enterprise Storage 4 (noarch): kernel-devel-4.4.121-92.120.1 kernel-macros-4.4.121-92.120.1 kernel-source-4.4.121-92.120.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2018-20856.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-3819.html https://bugzilla.suse.com/1045640 https://bugzilla.suse.com/1076033 https://bugzilla.suse.com/1107256 https://bugzilla.suse.com/1123161 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141628 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142098 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143048 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1144257 https://bugzilla.suse.com/1144273 https://bugzilla.suse.com/1144288 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1146163 From sle-updates at lists.suse.com Thu Sep 5 07:14:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 15:14:53 +0200 (CEST) Subject: SUSE-RU-2019:2301-1: moderate: Recommended update for crmsh Message-ID: <20190905131453.6B329F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2301-1 Rating: moderate References: #1069142 #1103833 #1103834 #1111579 #1112593 #1121912 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Ensure that enable/disable actions via the command "crm maintenance" are committed automatically (bsc#1112593) - Prevent hb_report from infinite waiting on named pipe in /var/log/ (bsc#1121912) crmsh was updated to version 3.0.4: * Fix: bootstrap: "-i" option doesn't work (bsc#1103833, bsc#1103834) * high: bootstrap: Use default IP address for ring0 (bsc#1069142) * low: bootstrap: change multi-heartbeats as option-mode * low: bootstrap: Clarify messages * low: bootstrap: give a confirm message when remove node * low: bootstrap: Improve comments / error messages * low: bootstrap: Fall back to logging into $TMPDIR/ha-cluster-bootstrap.log * low: bootstrap: Check for firewalld before SuSEfirewall2 * medium: bootstrap: Add support for chrony * Detect firewall by checking installed packages * low: ui_cluster: complete node name once or the same node name will be completed many times with many "Tab"s * medium: enable add the second heartbeat line for unicast * medium: bootstrap: check init options before running * we can add other option checkings to here later * low: bootstrap: simplify the code for checking adminIP * low: bootstrap: reset dev value when input of dev not valid * low: bootstrap: catch OSError except instead of crash * low: bootstrap: give error hints when use sbd without watchdog * medium: enable add the second heartbeat line for mcast * medium: bootstrap: adminIP should not be exist before config * medium: bootstrap: adminIP should not be the network self * fix: utils.list_cluster_nodes: use "crm_node -l" first * medium: utils: list_cluster_nodes: read nodes list from cib.xml * medium: utils: extend "IP/Network" codes for IPv4/IPv6 both * low: ui_cluster: strip "None" when cmd stdout is None * medium: bootstrap: valid adminIP * medium: bootstrap: use strict regrex and valid function for bindnetaddr/mcastaddr * low: bootstrap: when node joining, it will take a while after init_cluster_local * low: bootstrap: join_csync2 may take a long while so, use status_long and status_done to give the hints * medium: bootstrap: configure with IPv6(unicast) * medium: bootstrap: configure with IPv6(mcast) * medium: bootstrap: disable completion and history when running bootstrap * low: ui_cluster: Add two new lines before add a new node * low: bootstrap: Don't rely on ha-cluster-* shortcuts * fix: bootstrap: remove cib.xml before corosync.add_node * low: bootstrap: color the input error message * medium: bootstrap: add callback function to check valid port range * high: cibconfig: Normalize - to _ in param names (bsc#1111579) * medium: ra: Handle obsoletes attribute (bsc#1111579) * Fix missing argument in RAInfo's constructor. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2019-2301=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): crmsh-3.0.4-13.15.1 crmsh-scripts-3.0.4-13.15.1 References: https://bugzilla.suse.com/1069142 https://bugzilla.suse.com/1103833 https://bugzilla.suse.com/1103834 https://bugzilla.suse.com/1111579 https://bugzilla.suse.com/1112593 https://bugzilla.suse.com/1121912 From sle-updates at lists.suse.com Thu Sep 5 07:17:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 15:17:30 +0200 (CEST) Subject: SUSE-RU-2019:2303-1: moderate: Recommended update for supportutils Message-ID: <20190905131730.5A5D1F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2303-1 Rating: moderate References: #1137336 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils fixes the following issues: - Added sed and gawk as a runtime dependency (bsc#1137336) - Removed Novell references (SLE-5560) - Update getappcore to use SUSE FTP server - Added FTPES and HTTPS upload options. HTTPS will be the default. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2303=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2303=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2303=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2303=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2303=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2303=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2303=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2303=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2303=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2303=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2303=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2303=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2303=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2303=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2303=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2303=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2303=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2303=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): supportutils-3.0.3-95.27.1 - SUSE OpenStack Cloud 8 (noarch): supportutils-3.0.3-95.27.1 - SUSE OpenStack Cloud 7 (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): supportutils-3.0.3-95.27.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): supportutils-3.0.3-95.27.1 - SUSE Enterprise Storage 5 (noarch): supportutils-3.0.3-95.27.1 - SUSE Enterprise Storage 4 (noarch): supportutils-3.0.3-95.27.1 - HPE Helion Openstack 8 (noarch): supportutils-3.0.3-95.27.1 References: https://bugzilla.suse.com/1137336 From sle-updates at lists.suse.com Thu Sep 5 07:20:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 15:20:07 +0200 (CEST) Subject: SUSE-RU-2019:2302-1: moderate: Recommended update for libimobiledevice Message-ID: <20190905132007.207DEF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for libimobiledevice ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2302-1 Rating: moderate References: #1103546 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libimobiledevice fixes the following issues: - Fixes a double free with OpenSSL 1.1 bug (bsc#1103546) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2302=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2302=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2302=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2302=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2302=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2302=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): imobiledevice-tools-1.2.0+git20170122.45fda81-3.3.1 imobiledevice-tools-debuginfo-1.2.0+git20170122.45fda81-3.3.1 libimobiledevice-debugsource-1.2.0+git20170122.45fda81-3.3.1 - SUSE Linux Enterprise Workstation Extension 15 (x86_64): imobiledevice-tools-1.2.0+git20170122.45fda81-3.3.1 imobiledevice-tools-debuginfo-1.2.0+git20170122.45fda81-3.3.1 libimobiledevice-debugsource-1.2.0+git20170122.45fda81-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libimobiledevice-debugsource-1.2.0+git20170122.45fda81-3.3.1 python-imobiledevice-1.2.0+git20170122.45fda81-3.3.1 python-imobiledevice-debuginfo-1.2.0+git20170122.45fda81-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libimobiledevice6-32bit-1.2.0+git20170122.45fda81-3.3.1 libimobiledevice6-32bit-debuginfo-1.2.0+git20170122.45fda81-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libimobiledevice-debugsource-1.2.0+git20170122.45fda81-3.3.1 python-imobiledevice-1.2.0+git20170122.45fda81-3.3.1 python-imobiledevice-debuginfo-1.2.0+git20170122.45fda81-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libimobiledevice-debugsource-1.2.0+git20170122.45fda81-3.3.1 libimobiledevice-devel-1.2.0+git20170122.45fda81-3.3.1 libimobiledevice6-1.2.0+git20170122.45fda81-3.3.1 libimobiledevice6-debuginfo-1.2.0+git20170122.45fda81-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libimobiledevice-debugsource-1.2.0+git20170122.45fda81-3.3.1 libimobiledevice-devel-1.2.0+git20170122.45fda81-3.3.1 libimobiledevice6-1.2.0+git20170122.45fda81-3.3.1 libimobiledevice6-debuginfo-1.2.0+git20170122.45fda81-3.3.1 References: https://bugzilla.suse.com/1103546 From sle-updates at lists.suse.com Thu Sep 5 10:11:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 18:11:32 +0200 (CEST) Subject: SUSE-RU-2019:2304-1: moderate: Recommended update for SUSEConnect Message-ID: <20190905161132.0FFCDF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2304-1 Rating: moderate References: #1136752 #1144020 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fix failing on registered system without arguments (bsc#1144020) - Fix base product service removal during de-registration in public clouds (bsc#1136752) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2304=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2304=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): SUSEConnect-0.3.19-17.26.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.19-17.26.1 References: https://bugzilla.suse.com/1136752 https://bugzilla.suse.com/1144020 From sle-updates at lists.suse.com Thu Sep 5 10:12:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 18:12:22 +0200 (CEST) Subject: SUSE-SU-2019:2308-1: moderate: Security update for python-Werkzeug Message-ID: <20190905161222.6A843F798@maintenance.suse.de> SUSE Security Update: Security update for python-Werkzeug ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2308-1 Rating: moderate References: #1145383 Cross-References: CVE-2019-14806 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2308=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2308=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2308=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch): python2-Werkzeug-0.12.2-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-Werkzeug-doc-0.12.2-3.3.1 python2-Werkzeug-0.12.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python3-Werkzeug-0.12.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-14806.html https://bugzilla.suse.com/1145383 From sle-updates at lists.suse.com Thu Sep 5 10:13:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 18:13:06 +0200 (CEST) Subject: SUSE-RU-2019:2306-1: moderate: Recommended update for parted Message-ID: <20190905161306.6974BF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for parted ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2306-1 Rating: moderate References: #1082318 #1136245 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for parted fixes the following issues: - Included several minor bug fixes - for more details please refer to this rpm's changelog (bsc#1136245) - Installs the license file in the correct directory (bsc#1082318) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2306=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2306=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libparted0-3.2-11.3.1 libparted0-debuginfo-3.2-11.3.1 parted-3.2-11.3.1 parted-debuginfo-3.2-11.3.1 parted-debugsource-3.2-11.3.1 parted-devel-3.2-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libparted0-32bit-3.2-11.3.1 libparted0-32bit-debuginfo-3.2-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): parted-lang-3.2-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libparted0-3.2-11.3.1 libparted0-debuginfo-3.2-11.3.1 parted-3.2-11.3.1 parted-debuginfo-3.2-11.3.1 parted-debugsource-3.2-11.3.1 parted-devel-3.2-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): parted-lang-3.2-11.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libparted0-32bit-3.2-11.3.1 libparted0-32bit-debuginfo-3.2-11.3.1 References: https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1136245 From sle-updates at lists.suse.com Thu Sep 5 10:14:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 18:14:01 +0200 (CEST) Subject: SUSE-SU-2019:2307-1: moderate: Security update for util-linux and shadow Message-ID: <20190905161401.10941F798@maintenance.suse.de> SUSE Security Update: Security update for util-linux and shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2307-1 Rating: moderate References: #1081947 #1082293 #1085196 #1106214 #1121197 #1122417 #1125886 #1127701 #1135534 #1135708 #1141113 #353876 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - De-duplicate fstrim -A properly (bsc#1127701). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - libmount: print a blacklist hint for "unknown filesystem type" (jsc#SUSE-4085, fate#326832) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Fix segfault in useradd during setting password inactivity period. (bsc#1141113) - Hardening for su wrappers (bsc#353876) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2307=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2307=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2307=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): util-linux-systemd-debuginfo-2.33.1-4.5.1 util-linux-systemd-debugsource-2.33.1-4.5.1 uuidd-2.33.1-4.5.1 uuidd-debuginfo-2.33.1-4.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libfdisk-devel-static-2.33.1-4.5.1 libmount-devel-static-2.33.1-4.5.1 libsmartcols-devel-static-2.33.1-4.5.1 python3-libmount-2.33.1-4.5.1 python3-libmount-debuginfo-2.33.1-4.5.1 python3-libmount-debugsource-2.33.1-4.5.1 util-linux-debuginfo-2.33.1-4.5.1 util-linux-debugsource-2.33.1-4.5.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libblkid-devel-32bit-2.33.1-4.5.1 libmount-devel-32bit-2.33.1-4.5.1 libuuid-devel-32bit-2.33.1-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.1-4.5.1 libblkid-devel-static-2.33.1-4.5.1 libblkid1-2.33.1-4.5.1 libblkid1-debuginfo-2.33.1-4.5.1 libfdisk-devel-2.33.1-4.5.1 libfdisk1-2.33.1-4.5.1 libfdisk1-debuginfo-2.33.1-4.5.1 libmount-devel-2.33.1-4.5.1 libmount1-2.33.1-4.5.1 libmount1-debuginfo-2.33.1-4.5.1 libsmartcols-devel-2.33.1-4.5.1 libsmartcols1-2.33.1-4.5.1 libsmartcols1-debuginfo-2.33.1-4.5.1 libuuid-devel-2.33.1-4.5.1 libuuid-devel-static-2.33.1-4.5.1 libuuid1-2.33.1-4.5.1 libuuid1-debuginfo-2.33.1-4.5.1 shadow-4.6-3.5.6 shadow-debuginfo-4.6-3.5.6 shadow-debugsource-4.6-3.5.6 util-linux-2.33.1-4.5.1 util-linux-debuginfo-2.33.1-4.5.1 util-linux-debugsource-2.33.1-4.5.1 util-linux-systemd-2.33.1-4.5.1 util-linux-systemd-debuginfo-2.33.1-4.5.1 util-linux-systemd-debugsource-2.33.1-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): util-linux-lang-2.33.1-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libblkid1-32bit-2.33.1-4.5.1 libblkid1-32bit-debuginfo-2.33.1-4.5.1 libmount1-32bit-2.33.1-4.5.1 libmount1-32bit-debuginfo-2.33.1-4.5.1 libuuid1-32bit-2.33.1-4.5.1 libuuid1-32bit-debuginfo-2.33.1-4.5.1 References: https://bugzilla.suse.com/1081947 https://bugzilla.suse.com/1082293 https://bugzilla.suse.com/1085196 https://bugzilla.suse.com/1106214 https://bugzilla.suse.com/1121197 https://bugzilla.suse.com/1122417 https://bugzilla.suse.com/1125886 https://bugzilla.suse.com/1127701 https://bugzilla.suse.com/1135534 https://bugzilla.suse.com/1135708 https://bugzilla.suse.com/1141113 https://bugzilla.suse.com/353876 From sle-updates at lists.suse.com Thu Sep 5 10:16:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 18:16:20 +0200 (CEST) Subject: SUSE-RU-2019:2305-1: moderate: Recommended update for SUSEConnect Message-ID: <20190905161620.C55A3F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2305-1 Rating: moderate References: #1136752 #1144020 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Fix failing on registered system without arguments (bsc#1144020) - Fix base product service removal during de-registration in public clouds (bsc#1136752) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2305=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2305=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2305=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2305=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2305=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): SUSEConnect-0.3.19-19.10.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): SUSEConnect-0.3.19-19.10.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.19-19.10.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): SUSEConnect-0.3.19-19.10.23.1 - SUSE Enterprise Storage 4 (x86_64): SUSEConnect-0.3.19-19.10.23.1 References: https://bugzilla.suse.com/1136752 https://bugzilla.suse.com/1144020 From sle-updates at lists.suse.com Thu Sep 5 13:10:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 21:10:53 +0200 (CEST) Subject: SUSE-SU-2019:14163-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20190905191053.8BB81F798@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14163-1 Rating: moderate References: #1103696 #1104034 #1130040 #1135881 #1136029 #1136480 #1137715 #1137940 #1138313 #1138358 #1138494 #1138822 #1139453 #1142038 #1143856 #1144155 #1144889 #1148125 #1148177 #1148311 Cross-References: CVE-2019-10136 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that solves one vulnerability and has 19 fixes is now available. Description: This update fixes the following issues: mgr-cfg: - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-daemon: - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-virtualization: - Fix missing python 3 ugettext (bsc#1138494) - Fix package dependencies to prevent file conflict (bsc#1143856) rhnlib: - Add SNI support for clients - Fix initialize ssl connection (bsc#1144155) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) python-gzipstream: - SPEC cleanup - add makefile and pylint configuration - Add Uyuni URL to package - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) spacecmd: - Bugfix: referenced variable before assignment. - Bugfix: 'dict' object has no attribute 'iteritems' (bsc#1135881) - Add unit tests for custominfo, snippet, scap, ssm, cryptokey and distribution - Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311) spacewalk-backend: - Do not overwrite comps and module data with older versions - Fix issue with "dists" keyword in url hostname - Import packages from all collections of a patch not just first one - Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to "registration.register_osad" (bsc#1138822) - Do not duplicate "http://" protocol when using proxies with "deb" repositories (bsc#1138313) - Fix reposync when dealing with RedHat CDN (bsc#1138358) - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) - Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940) - Add journalctl output to spacewalk-debug tarballs - Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715) - Fix spacewalk-repo-sync for Ubuntu repositories in mirror case (bsc#1136029) - Add support for ULN repositories on new Zypper based reposync. - Don't skip Deb package tags on package import (bsc#1130040) - For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125) - prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889) spacewalk-remote-utils: - Add RHEL8 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-201907-14163=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-201907-14163=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-cfg-4.0.9-5.6.3 mgr-cfg-actions-4.0.9-5.6.3 mgr-cfg-client-4.0.9-5.6.3 mgr-cfg-management-4.0.9-5.6.3 mgr-daemon-4.0.7-5.8.2 mgr-daemon-debuginfo-4.0.7-5.8.2 mgr-daemon-debugsource-4.0.7-5.8.2 mgr-osad-4.0.9-5.6.2 mgr-virtualization-host-4.0.8-5.8.3 python2-mgr-cfg-4.0.9-5.6.3 python2-mgr-cfg-actions-4.0.9-5.6.3 python2-mgr-cfg-client-4.0.9-5.6.3 python2-mgr-cfg-management-4.0.9-5.6.3 python2-mgr-osa-common-4.0.9-5.6.2 python2-mgr-osad-4.0.9-5.6.2 python2-mgr-virtualization-common-4.0.8-5.8.3 python2-mgr-virtualization-host-4.0.8-5.8.3 python2-rhnlib-4.0.11-12.16.1 spacecmd-4.0.14-18.51.1 spacewalk-backend-libs-4.0.25-28.42.1 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch): spacewalk-remote-utils-4.0.5-6.12.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-cfg-4.0.9-5.6.3 mgr-cfg-actions-4.0.9-5.6.3 mgr-cfg-client-4.0.9-5.6.3 mgr-cfg-management-4.0.9-5.6.3 mgr-daemon-4.0.7-5.8.2 mgr-daemon-debuginfo-4.0.7-5.8.2 mgr-daemon-debugsource-4.0.7-5.8.2 mgr-osad-4.0.9-5.6.2 mgr-virtualization-host-4.0.8-5.8.3 python2-mgr-cfg-4.0.9-5.6.3 python2-mgr-cfg-actions-4.0.9-5.6.3 python2-mgr-cfg-client-4.0.9-5.6.3 python2-mgr-cfg-management-4.0.9-5.6.3 python2-mgr-osa-common-4.0.9-5.6.2 python2-mgr-osad-4.0.9-5.6.2 python2-mgr-virtualization-common-4.0.8-5.8.3 python2-mgr-virtualization-host-4.0.8-5.8.3 python2-rhnlib-4.0.11-12.16.1 spacecmd-4.0.14-18.51.1 spacewalk-backend-libs-4.0.25-28.42.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch): spacewalk-remote-utils-4.0.5-6.12.2 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1130040 https://bugzilla.suse.com/1135881 https://bugzilla.suse.com/1136029 https://bugzilla.suse.com/1136480 https://bugzilla.suse.com/1137715 https://bugzilla.suse.com/1137940 https://bugzilla.suse.com/1138313 https://bugzilla.suse.com/1138358 https://bugzilla.suse.com/1138494 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1139453 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1143856 https://bugzilla.suse.com/1144155 https://bugzilla.suse.com/1144889 https://bugzilla.suse.com/1148125 https://bugzilla.suse.com/1148177 https://bugzilla.suse.com/1148311 From sle-updates at lists.suse.com Thu Sep 5 13:14:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 21:14:03 +0200 (CEST) Subject: SUSE-SU-2019:2309-1: important: Security update for nginx Message-ID: <20190905191403.AE7A3F798@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2309-1 Rating: important References: #1115015 #1115022 #1115025 #1145579 #1145580 #1145582 Cross-References: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for nginx fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed a denial of service by manipulating the window size and stream prioritization (bsc#1145579). - CVE-2019-9513: Fixed a denial of service caused by resource loops (bsc#1145580). - CVE-2019-9516: Fixed a denial of service caused by header leaks (bsc#1145582). - CVE-2018-16845: Fixed denial of service and memory disclosure via mp4 module (bsc#1115015). - CVE-2018-16843: Fixed excessive memory consumption in HTTP/2 implementation (bsc#1115022). - CVE-2018-16844: Fixed excessive CPU usage via flaw in HTTP/2 implementation (bsc#1115025). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2309=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2309=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): nginx-1.14.2-6.3.1 nginx-debuginfo-1.14.2-6.3.1 nginx-debugsource-1.14.2-6.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): nginx-source-1.14.2-6.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): vim-plugin-nginx-1.14.2-6.3.1 References: https://www.suse.com/security/cve/CVE-2018-16843.html https://www.suse.com/security/cve/CVE-2018-16844.html https://www.suse.com/security/cve/CVE-2018-16845.html https://www.suse.com/security/cve/CVE-2019-9511.html https://www.suse.com/security/cve/CVE-2019-9513.html https://www.suse.com/security/cve/CVE-2019-9516.html https://bugzilla.suse.com/1115015 https://bugzilla.suse.com/1115022 https://bugzilla.suse.com/1115025 https://bugzilla.suse.com/1145579 https://bugzilla.suse.com/1145580 https://bugzilla.suse.com/1145582 From sle-updates at lists.suse.com Thu Sep 5 13:15:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 5 Sep 2019 21:15:53 +0200 (CEST) Subject: SUSE-SU-2019:2312-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20190905191553.1FF92F798@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2312-1 Rating: moderate References: #1130040 #1135881 #1136029 #1136480 #1136667 #1137715 #1137940 #1138313 #1138358 #1138494 #1138822 #1139453 #1142038 #1143856 #1144155 #1144889 #1148125 #1148177 #1148311 Cross-References: CVE-2019-10136 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that solves one vulnerability and has 18 fixes is now available. Description: This update fixes the following issues: golang-github-prometheus-prometheus: - Add support for Uyuni/SUSE Manager service discovery + Added 0003-Add-Uyuni-service-discovery - Readded _service file removed in error. - Update to 2.11.1 + Bug Fix: * Fix potential panic when prometheus is watching multiple zookeeper paths. - Update to 2.11.0 + Bug Fix: * resolve race condition in maxGauge. * Fix ZooKeeper connection leak. * Improved atomicity of .tmp block replacement during compaction for usual case. * Fix "unknown series references" after clean shutdown. * Re-calculate block size when calling block.Delete. * Fix unsafe snapshots with head block. * prometheus_tsdb_compactions_failed_total is now incremented on any compaction failure. + Changes: * Remove max_retries from queue_config (it has been unused since rewriting remote-write to utilize the write-ahead-log) * The meta file BlockStats no longer holds size information. This is now dynamically calculated and kept in memory. It also includes the meta file size which was not included before * Renamed metric from prometheus_tsdb_wal_reader_corruption_errors to prometheus_tsdb_wal_reader_corruption_errors_total + Features: * Add option to use Alertmanager API v2. * Added humanizePercentage function for templates. * Include InitContainers in Kubernetes Service Discovery. * Provide option to compress WAL records using Snappy. + Enhancements: * Create new clean segment when starting the WAL. * Reduce allocations in PromQL aggregations. * Add storage warnings to LabelValues and LabelNames API results. * Add prometheus_http_requests_total metric. * Enable openbsd/arm build. * Remote-write allocation improvements. * Query performance improvement: Efficient iteration and search in HashForLabels and HashWithoutLabels. * Allow injection of arbitrary headers in promtool. * Allow passing external_labels in alert unit tests groups. * Allows globs for rules when unit testing. * Improved postings intersection matching. * Reduced disk usage for WAL for small setups. * Optimize queries using regexp for set lookups. - Rebase patch002-Default-settings.patch - Update to 2.10.0: + Bug Fixes: * TSDB: Don't panic when running out of disk space and recover nicely from the condition * TSDB: Correctly handle empty labels. * TSDB: Don't crash on an unknown tombstone reference. * Storage/remote: Remove queue-manager specific metrics if queue no longer exists. * PromQL: Correctly display {__name__="a"}. * Discovery/kubernetes: Use service rather than ingress as the name for the service workqueue. * Discovery/azure: Don't panic on a VM with a public IP. * Web: Fixed Content-Type for js and css instead of using /etc/mime.types. * API: Encode alert values as string to correctly represent Inf/NaN. + Features: * Template expansion: Make external labels available as $externalLabels in alert and console template expansion. * TSDB: Add prometheus_tsdb_wal_segment_current metric for the WAL segment index that TSDB is currently writing to. tsdb * Scrape: Add scrape_series_added per-scrape metric. #5546 + Enhancements * Discovery/kubernetes: Add labels __meta_kubernetes_endpoint_node_name and __meta_kubernetes_endpoint_hostname. * Discovery/azure: Add label __meta_azure_machine_public_ip. * TSDB: Simplify mergedPostings.Seek, resulting in better performance if there are many posting lists. tsdb * Log filesystem type on startup. * Cmd/promtool: Use POST requests for Query and QueryRange. client_golang * Web: Sort alerts by group name. * Console templates: Add convenience variables $rawParams, $params, $path. - Upadte to 2.9.2 + Bug Fixes: * Make sure subquery range is taken into account for selection * Exhaust every request body before closing it * Cmd/promtool: return errors from rule evaluations * Remote Storage: string interner should not panic in release * Fix memory allocation regression in mergedPostings.Seek tsdb - Update to 2.9.1 + Bug Fixes: * Discovery/kubernetes: fix missing label sanitization * Remote_write: Prevent reshard concurrent with calling stop - Update to 2.9.0 + Feature: * Add honor_timestamps scrape option. + Enhancements: * Update Consul to support catalog.ServiceMultipleTags. * Discovery/kubernetes: add present labels for labels/annotations. * OpenStack SD: Add ProjectID and UserID meta labels. * Add GODEBUG and retention to the runtime page. * Add support for POSTing to /series endpoint. * Support PUT methods for Lifecycle and Admin APIs. * Scrape: Add global jitter for HA server. * Check for cancellation on every step of a range evaluation. * String interning for labels & values in the remote_write path. * Don't lose the scrape cache on a failed scrape. * Reload cert files from disk automatically. common * Use fixed length millisecond timestamp format for logs. common * Performance improvements for postings. Bug Fixes: * Remote Write: fix checkpoint reading. * Check if label value is valid when unmarshaling external labels from YAML. * Promparse: sort all labels when parsing. * Reload rules: copy state on both name and labels. * Exponentation operator to drop metric name in result of operation. * Config: resolve more file paths. * Promtool: resolve relative paths in alert test files. * Set TLSHandshakeTimeout in HTTP transport. common * Use fsync to be more resilient to machine crashes. * Keep series that are still in WAL in checkpoints. - Update to 2.8.1 + Bug Fixes * Display the job labels in /targets which was removed accidentally - Update to 2.8.0 + Change: * This release uses Write-Ahead Logging (WAL) for the remote_write API. This currently causes a slight increase in memory usage, which will be addressed in future releases. * Default time retention is used only when no size based retention is specified. These are flags where time retention is specified by the flag --storage.tsdb.retention and size retention by --storage.tsdb.retention.size. * prometheus_tsdb_storage_blocks_bytes_total is now prometheus_tsdb_storage_blocks_bytes. + Feature: * (EXPERIMENTAL) Time overlapping blocks are now allowed; vertical compaction and vertical query merge. It is an optional feature which is controlled by the --storage.tsdb.allow-overlapping-blocks flag, disabled by default. + Enhancements: * Use the WAL for remote_write API. * Query performance improvements. * UI enhancements with upgrade to Bootstrap 4. * Reduce time that Alertmanagers are in flux when reloaded. * Limit number of metrics displayed on UI to 10000. * (1) Remember All/Unhealthy choice on target-overview when reloading page. (2) Resize text-input area on Graph page on mouseclick. * In histogram_quantile merge buckets with equivalent le values. * Show list of offending labels in the error message in many-to-many scenarios. * Show Storage Retention criteria in effect on /status page. + Bug Fixes: + Fix sorting of rule groups. + Fix support for password_file and bearer_token_file in Kubernetes SD. + Scrape: catch errors when creating HTTP clients + Adds new metrics: prometheus_target_scrape_pools_total prometheus_target_scrape_pools_failed_total prometheus_target_scrape_pool_reloads_total prometheus_target_scrape_pool_reloads_failed_total + Fix panic when aggregator param is not a literal. kiwi-desc-saltboot: - Update to version 0.1.1564399963.cf19a13 - Fix incompatibility with Microsoft DNS (bsc#1136667) - Updated copyrights and bug reporting link - Update to version 0.1.1558613789.64ba093 - Update to version 0.1.1556553492.2bfae0b mgr-cfg: - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-daemon: - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-virtualization: - Fix missing python 3 ugettext (bsc#1138494) - Fix package dependencies to prevent file conflict (bsc#1143856) rhnlib: - Add SNI support for clients - Fix initialize ssl connection (bsc#1144155) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Bugfix: referenced variable before assignment. - Bugfix: 'dict' object has no attribute 'iteritems' (bsc#1135881) - Add unit tests for custominfo, snippet, scap, ssm, cryptokey and distribution - Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311) spacewalk-backend: - Do not overwrite comps and module data with older versions - Fix issue with "dists" keyword in url hostname - Import packages from all collections of a patch not just first one - Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to "registration.register_osad" (bsc#1138822) - Do not duplicate "http://" protocol when using proxies with "deb" repositories (bsc#1138313) - Fix reposync when dealing with RedHat CDN (bsc#1138358) - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) - Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940) - Add journalctl output to spacewalk-debug tarballs - Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715) - Fix spacewalk-repo-sync for Ubuntu repositories in mirror case (bsc#1136029) - Add support for ULN repositories on new Zypper based reposync. - Don't skip Deb package tags on package import (bsc#1130040) - For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125) - prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889) spacewalk-remote-utils: - Add RHEL8 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-2312=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.11.1-1.6.2 - SUSE Manager Tools 12 (noarch): kiwi-desc-saltboot-0.1.1564399963.cf19a13-1.12.1 mgr-cfg-4.0.9-1.6.4 mgr-cfg-actions-4.0.9-1.6.4 mgr-cfg-client-4.0.9-1.6.4 mgr-cfg-management-4.0.9-1.6.4 mgr-daemon-4.0.7-1.8.2 mgr-osad-4.0.9-1.6.2 mgr-virtualization-host-4.0.8-1.8.3 python2-mgr-cfg-4.0.9-1.6.4 python2-mgr-cfg-actions-4.0.9-1.6.4 python2-mgr-cfg-client-4.0.9-1.6.4 python2-mgr-cfg-management-4.0.9-1.6.4 python2-mgr-osa-common-4.0.9-1.6.2 python2-mgr-osad-4.0.9-1.6.2 python2-mgr-virtualization-common-4.0.8-1.8.3 python2-mgr-virtualization-host-4.0.8-1.8.3 python2-rhnlib-4.0.11-21.16.1 spacecmd-4.0.14-38.49.1 spacewalk-backend-libs-4.0.25-55.41.1 spacewalk-remote-utils-4.0.5-24.12.2 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://bugzilla.suse.com/1130040 https://bugzilla.suse.com/1135881 https://bugzilla.suse.com/1136029 https://bugzilla.suse.com/1136480 https://bugzilla.suse.com/1136667 https://bugzilla.suse.com/1137715 https://bugzilla.suse.com/1137940 https://bugzilla.suse.com/1138313 https://bugzilla.suse.com/1138358 https://bugzilla.suse.com/1138494 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1139453 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1143856 https://bugzilla.suse.com/1144155 https://bugzilla.suse.com/1144889 https://bugzilla.suse.com/1148125 https://bugzilla.suse.com/1148177 https://bugzilla.suse.com/1148311 From sle-updates at lists.suse.com Fri Sep 6 07:11:25 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:11:25 +0200 (CEST) Subject: SUSE-RU-2019:2323-1: moderate: Recommended update for pesign Message-ID: <20190906131125.D214CF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2323-1 Rating: moderate References: #1144441 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign contains the following fixes: - Fix the build failure with NSS 3.44. (bsc#1144441) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2323=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2323=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 x86_64): pesign-0.112-4.6.1 pesign-debuginfo-0.112-4.6.1 pesign-debugsource-0.112-4.6.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 x86_64): pesign-0.112-4.6.1 pesign-debuginfo-0.112-4.6.1 pesign-debugsource-0.112-4.6.1 References: https://bugzilla.suse.com/1144441 From sle-updates at lists.suse.com Fri Sep 6 07:12:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:12:07 +0200 (CEST) Subject: SUSE-SU-2019:2317-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20190906131207.BB5D3F798@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2317-1 Rating: moderate References: #1130040 #1135881 #1136029 #1136480 #1137715 #1137940 #1138313 #1138358 #1138494 #1138822 #1139453 #1142038 #1143856 #1144155 #1144889 #1148125 #1148177 #1148311 Cross-References: CVE-2019-10136 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves one vulnerability and has 17 fixes is now available. Description: This update fixes the following issues: golang-github-prometheus-prometheus: - Add support for Uyuni/SUSE Manager service discovery + Added 0003-Add-Uyuni-service-discovery - Readded _service file removed in error. - Update to 2.11.1 + Bug Fix: * Fix potential panic when prometheus is watching multiple zookeeper paths. - Update to 2.11.0 + Bug Fix: * resolve race condition in maxGauge. * Fix ZooKeeper connection leak. * Improved atomicity of .tmp block replacement during compaction for usual case. * Fix "unknown series references" after clean shutdown. * Re-calculate block size when calling block.Delete. * Fix unsafe snapshots with head block. * prometheus_tsdb_compactions_failed_total is now incremented on any compaction failure. + Changes: * Remove max_retries from queue_config (it has been unused since rewriting remote-write to utilize the write-ahead-log) * The meta file BlockStats no longer holds size information. This is now dynamically calculated and kept in memory. It also includes the meta file size which was not included before * Renamed metric from prometheus_tsdb_wal_reader_corruption_errors to prometheus_tsdb_wal_reader_corruption_errors_total + Features: * Add option to use Alertmanager API v2. * Added humanizePercentage function for templates. * Include InitContainers in Kubernetes Service Discovery. * Provide option to compress WAL records using Snappy. + Enhancements: * Create new clean segment when starting the WAL. * Reduce allocations in PromQL aggregations. * Add storage warnings to LabelValues and LabelNames API results. * Add prometheus_http_requests_total metric. * Enable openbsd/arm build. * Remote-write allocation improvements. * Query performance improvement: Efficient iteration and search in HashForLabels and HashWithoutLabels. * Allow injection of arbitrary headers in promtool. * Allow passing external_labels in alert unit tests groups. * Allows globs for rules when unit testing. * Improved postings intersection matching. * Reduced disk usage for WAL for small setups. * Optimize queries using regexp for set lookups. - Rebase patch002-Default-settings.patch - Update to 2.10.0: + Bug Fixes: * TSDB: Don't panic when running out of disk space and recover nicely from the condition * TSDB: Correctly handle empty labels. * TSDB: Don't crash on an unknown tombstone reference. * Storage/remote: Remove queue-manager specific metrics if queue no longer exists. * PromQL: Correctly display {__name__="a"}. * Discovery/kubernetes: Use service rather than ingress as the name for the service workqueue. * Discovery/azure: Don't panic on a VM with a public IP. * Web: Fixed Content-Type for js and css instead of using /etc/mime.types. * API: Encode alert values as string to correctly represent Inf/NaN. + Features: * Template expansion: Make external labels available as $externalLabels in alert and console template expansion. * TSDB: Add prometheus_tsdb_wal_segment_current metric for the WAL segment index that TSDB is currently writing to. tsdb * Scrape: Add scrape_series_added per-scrape metric. #5546 + Enhancements * Discovery/kubernetes: Add labels __meta_kubernetes_endpoint_node_name and __meta_kubernetes_endpoint_hostname. * Discovery/azure: Add label __meta_azure_machine_public_ip. * TSDB: Simplify mergedPostings.Seek, resulting in better performance if there are many posting lists. tsdb * Log filesystem type on startup. * Cmd/promtool: Use POST requests for Query and QueryRange. client_golang * Web: Sort alerts by group name. * Console templates: Add convenience variables $rawParams, $params, $path. - Upadte to 2.9.2 + Bug Fixes: * Make sure subquery range is taken into account for selection * Exhaust every request body before closing it * Cmd/promtool: return errors from rule evaluations * Remote Storage: string interner should not panic in release * Fix memory allocation regression in mergedPostings.Seek tsdb - Update to 2.9.1 + Bug Fixes: * Discovery/kubernetes: fix missing label sanitization * Remote_write: Prevent reshard concurrent with calling stop - Update to 2.9.0 + Feature: * Add honor_timestamps scrape option. + Enhancements: * Update Consul to support catalog.ServiceMultipleTags. * Discovery/kubernetes: add present labels for labels/annotations. * OpenStack SD: Add ProjectID and UserID meta labels. * Add GODEBUG and retention to the runtime page. * Add support for POSTing to /series endpoint. * Support PUT methods for Lifecycle and Admin APIs. * Scrape: Add global jitter for HA server. * Check for cancellation on every step of a range evaluation. * String interning for labels & values in the remote_write path. * Don't lose the scrape cache on a failed scrape. * Reload cert files from disk automatically. common * Use fixed length millisecond timestamp format for logs. common * Performance improvements for postings. Bug Fixes: * Remote Write: fix checkpoint reading. * Check if label value is valid when unmarshaling external labels from YAML. * Promparse: sort all labels when parsing. * Reload rules: copy state on both name and labels. * Exponentation operator to drop metric name in result of operation. * Config: resolve more file paths. * Promtool: resolve relative paths in alert test files. * Set TLSHandshakeTimeout in HTTP transport. common * Use fsync to be more resilient to machine crashes. * Keep series that are still in WAL in checkpoints. - Update to 2.8.1 + Bug Fixes * Display the job labels in /targets which was removed accidentally - Update to 2.8.0 + Change: * This release uses Write-Ahead Logging (WAL) for the remote_write API. This currently causes a slight increase in memory usage, which will be addressed in future releases. * Default time retention is used only when no size based retention is specified. These are flags where time retention is specified by the flag --storage.tsdb.retention and size retention by --storage.tsdb.retention.size. * prometheus_tsdb_storage_blocks_bytes_total is now prometheus_tsdb_storage_blocks_bytes. + Feature: * (EXPERIMENTAL) Time overlapping blocks are now allowed; vertical compaction and vertical query merge. It is an optional feature which is controlled by the --storage.tsdb.allow-overlapping-blocks flag, disabled by default. + Enhancements: * Use the WAL for remote_write API. * Query performance improvements. * UI enhancements with upgrade to Bootstrap 4. * Reduce time that Alertmanagers are in flux when reloaded. * Limit number of metrics displayed on UI to 10000. * (1) Remember All/Unhealthy choice on target-overview when reloading page. (2) Resize text-input area on Graph page on mouseclick. * In histogram_quantile merge buckets with equivalent le values. * Show list of offending labels in the error message in many-to-many scenarios. * Show Storage Retention criteria in effect on /status page. + Bug Fixes: + Fix sorting of rule groups. + Fix support for password_file and bearer_token_file in Kubernetes SD. + Scrape: catch errors when creating HTTP clients + Adds new metrics: prometheus_target_scrape_pools_total prometheus_target_scrape_pools_failed_total prometheus_target_scrape_pool_reloads_total prometheus_target_scrape_pool_reloads_failed_total + Fix panic when aggregator param is not a literal. mgr-cfg: - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-daemon: - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-virtualization: - Fix missing python 3 ugettext (bsc#1138494) - Fix package dependencies to prevent file conflict (bsc#1143856) rhnlib: - Add SNI support for clients - Fix initialize ssl connection (bsc#1144155) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Bugfix: referenced variable before assignment. - Bugfix: 'dict' object has no attribute 'iteritems' (bsc#1135881) - Add unit tests for custominfo, snippet, scap, ssm, cryptokey and distribution - Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311) spacewalk-backend: - Do not overwrite comps and module data with older versions - Fix issue with "dists" keyword in url hostname - Import packages from all collections of a patch not just first one - Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to "registration.register_osad" (bsc#1138822) - Do not duplicate "http://" protocol when using proxies with "deb" repositories (bsc#1138313) - Fix reposync when dealing with RedHat CDN (bsc#1138358) - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) - Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940) - Add journalctl output to spacewalk-debug tarballs - Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715) - Fix spacewalk-repo-sync for Ubuntu repositories in mirror case (bsc#1136029) - Add support for ULN repositories on new Zypper based reposync. - Don't skip Deb package tags on package import (bsc#1130040) - For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125) - prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889) spacewalk-remote-utils: - Add RHEL8 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2019-2317=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2317=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2317=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.16.2-3.3.1 golang-github-prometheus-prometheus-2.11.1-3.6.2 - SUSE Manager Tools 15 (noarch): mgr-cfg-4.0.9-1.6.5 mgr-cfg-actions-4.0.9-1.6.5 mgr-cfg-client-4.0.9-1.6.5 mgr-cfg-management-4.0.9-1.6.5 mgr-daemon-4.0.7-1.8.1 mgr-osad-4.0.9-1.6.2 mgr-virtualization-host-4.0.8-1.8.4 python3-mgr-cfg-4.0.9-1.6.5 python3-mgr-cfg-actions-4.0.9-1.6.5 python3-mgr-cfg-client-4.0.9-1.6.5 python3-mgr-cfg-management-4.0.9-1.6.5 python3-mgr-osa-common-4.0.9-1.6.2 python3-mgr-osad-4.0.9-1.6.2 python3-mgr-virtualization-common-4.0.8-1.8.4 python3-mgr-virtualization-host-4.0.8-1.8.4 python3-rhnlib-4.0.11-3.10.1 python3-spacewalk-backend-libs-4.0.25-3.23.1 spacecmd-4.0.14-3.26.1 spacewalk-remote-utils-4.0.5-3.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python2-rhnlib-4.0.11-3.10.1 spacecmd-4.0.14-3.26.1 spacewalk-backend-4.0.25-3.23.1 spacewalk-backend-app-4.0.25-3.23.1 spacewalk-backend-applet-4.0.25-3.23.1 spacewalk-backend-cdn-4.0.25-3.23.1 spacewalk-backend-config-files-4.0.25-3.23.1 spacewalk-backend-config-files-common-4.0.25-3.23.1 spacewalk-backend-config-files-tool-4.0.25-3.23.1 spacewalk-backend-iss-4.0.25-3.23.1 spacewalk-backend-iss-export-4.0.25-3.23.1 spacewalk-backend-libs-4.0.25-3.23.1 spacewalk-backend-package-push-server-4.0.25-3.23.1 spacewalk-backend-server-4.0.25-3.23.1 spacewalk-backend-sql-4.0.25-3.23.1 spacewalk-backend-sql-oracle-4.0.25-3.23.1 spacewalk-backend-sql-postgresql-4.0.25-3.23.1 spacewalk-backend-tools-4.0.25-3.23.1 spacewalk-backend-xml-export-libs-4.0.25-3.23.1 spacewalk-backend-xmlrpc-4.0.25-3.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.16.2-3.3.1 golang-github-prometheus-prometheus-2.11.1-3.6.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python2-rhnlib-4.0.11-3.10.1 spacecmd-4.0.14-3.26.1 spacewalk-backend-4.0.25-3.23.1 spacewalk-backend-app-4.0.25-3.23.1 spacewalk-backend-applet-4.0.25-3.23.1 spacewalk-backend-cdn-4.0.25-3.23.1 spacewalk-backend-config-files-4.0.25-3.23.1 spacewalk-backend-config-files-common-4.0.25-3.23.1 spacewalk-backend-config-files-tool-4.0.25-3.23.1 spacewalk-backend-iss-4.0.25-3.23.1 spacewalk-backend-iss-export-4.0.25-3.23.1 spacewalk-backend-libs-4.0.25-3.23.1 spacewalk-backend-package-push-server-4.0.25-3.23.1 spacewalk-backend-server-4.0.25-3.23.1 spacewalk-backend-sql-4.0.25-3.23.1 spacewalk-backend-sql-oracle-4.0.25-3.23.1 spacewalk-backend-sql-postgresql-4.0.25-3.23.1 spacewalk-backend-tools-4.0.25-3.23.1 spacewalk-backend-xml-export-libs-4.0.25-3.23.1 spacewalk-backend-xmlrpc-4.0.25-3.23.1 References: https://www.suse.com/security/cve/CVE-2019-10136.html https://bugzilla.suse.com/1130040 https://bugzilla.suse.com/1135881 https://bugzilla.suse.com/1136029 https://bugzilla.suse.com/1136480 https://bugzilla.suse.com/1137715 https://bugzilla.suse.com/1137940 https://bugzilla.suse.com/1138313 https://bugzilla.suse.com/1138358 https://bugzilla.suse.com/1138494 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1139453 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1143856 https://bugzilla.suse.com/1144155 https://bugzilla.suse.com/1144889 https://bugzilla.suse.com/1148125 https://bugzilla.suse.com/1148177 https://bugzilla.suse.com/1148311 From sle-updates at lists.suse.com Fri Sep 6 07:15:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:15:15 +0200 (CEST) Subject: SUSE-RU-2019:2318-1: moderate: Recommended update for Salt Message-ID: <20190906131515.B1B5EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2318-1 Rating: moderate References: #1128554 #1131114 #1132076 #1133647 #1135360 #1135507 #1139761 #1140193 #1148714 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Multiple fixes on cmdmod, chroot, freezer and zypperpkg needed for Yomi cmdmod: fix runas and group in run_chroot chroot: add missing sys directory chroot: change variable name to root chroot: fix bug in safe_kwargs iteration freezer: do not fail in cache dir is present freezer: clean freeze YAML profile on restore zypperpkg: fix pkg.list_pkgs cache - Avoid traceback on http.query when there are errors with the requested URL (bsc#1128554) - Salt python client get_full_returns seems return data from incorrect jid (bsc#1131114) - Virt.volume_infos: don't raise an error if there is no VM - Prevent ansiblegate unit tests to fail on Ubuntu - Allow passing kwargs to pkg.list_downloaded for Zypper (bsc#1140193) - Do not make "ansiblegate" module to crash on Python3 minions (bsc#1139761) - Provide the missing features required for Yomi (Yet one more installer) - Fix zypper pkg.list_pkgs test expectation and dpkg mocking - Set 'salt' group for files and directories created by salt-standalone-formulas-configuration package - Fix virt.volume_infos raising an exception when there is only virtual machine on the minion. - Fix virt.purge() on all non-KVM hypervisors. For instance on Xen, virt.purge would simply throw an exception about unsupported flag - Building a libvirt pool starts it. When defining a new pool, we need to - Fix handling of Virtual Machines with white space in their name. - Avoid batch.py exception when minion does not respond (bsc#1135507) - Preserve already defined DESTRUCTIVE_TESTS and EXPENSIVE_TESTS env variables - Do not break repo files with multiple line values on yumpkg (bsc#1135360) - Fix return status when installing or updating RPM packages with "ppc64le" arch (bsc#1133647) - Add new "salt-standalone-formulas-configuration" package - Switch firewalld state to use change_interface (bsc#1132076) - Restore default behaviour of pkg list return (bsc#1148714) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2318=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-2318=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2318=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): salt-api-2019.2.0-6.8.1 salt-cloud-2019.2.0-6.8.1 salt-master-2019.2.0-6.8.1 salt-proxy-2019.2.0-6.8.1 salt-ssh-2019.2.0-6.8.1 salt-syndic-2019.2.0-6.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): salt-fish-completion-2019.2.0-6.8.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.0-6.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python3-salt-2019.2.0-6.8.1 salt-2019.2.0-6.8.1 salt-doc-2019.2.0-6.8.1 salt-minion-2019.2.0-6.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): salt-bash-completion-2019.2.0-6.8.1 salt-zsh-completion-2019.2.0-6.8.1 References: https://bugzilla.suse.com/1128554 https://bugzilla.suse.com/1131114 https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1133647 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135507 https://bugzilla.suse.com/1139761 https://bugzilla.suse.com/1140193 https://bugzilla.suse.com/1148714 From sle-updates at lists.suse.com Fri Sep 6 07:17:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:17:04 +0200 (CEST) Subject: SUSE-RU-2019:2326-1: moderate: Recommended update for ha-cluster-bootstrap Message-ID: <20190906131704.4468DF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for ha-cluster-bootstrap ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2326-1 Rating: moderate References: #1138353 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ha-cluster-bootstrap fixes the following issues: - use help2man to generate init/join/remove man page (bsc#1138353) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2326=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-2326=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): ha-cluster-bootstrap-0.5-5.3.1 - SUSE Linux Enterprise High Availability 15 (noarch): ha-cluster-bootstrap-0.5-5.3.1 References: https://bugzilla.suse.com/1138353 From sle-updates at lists.suse.com Fri Sep 6 07:17:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:17:44 +0200 (CEST) Subject: SUSE-RU-2019:2313-1: moderate: Recommended update for SUSE Manager Server and Proxy 4.0 Message-ID: <20190906131744.18948F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server and Proxy 4.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2313-1 Rating: moderate References: #1104949 #1109639 #1111371 #1116869 #1118175 #1122559 #1134677 #1135360 #1136857 #1137144 #1137229 #1137244 #1137308 #1137881 #1137882 #1137952 #1137965 #1138127 #1138130 #1138268 #1138275 #1138586 #1138655 #1138822 #1139453 #1139493 #1140644 #1141598 #1141663 #1142038 #1143204 #1144155 #1144889 #1145584 #1149343 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has 35 recommended fixes can now be installed. Description: Maintenance update for SUSE Manager 4.0: Server and Proxy Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-2313=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2019-2313=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): spacewalk-branding-4.0.13-3.3.6 susemanager-4.0.16-3.3.8 susemanager-tools-4.0.16-3.3.8 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): branch-network-formula-0.1.1561374979.11123db-3.3.3 cpu-mitigations-formula-0.1-4.3.2 mgr-osa-dispatcher-4.0.9-3.3.7 py26-compat-salt-2016.11.10-10.5.1 python3-mgr-osa-common-4.0.9-3.3.7 python3-mgr-osa-dispatcher-4.0.9-3.3.7 python3-rhnlib-4.0.11-3.7.1 python3-spacewalk-backend-libs-4.0.25-3.10.2 python3-spacewalk-certs-tools-4.0.11-3.3.6 python3-spacewalk-client-tools-4.0.9-3.3.4 python3-susemanager-retail-1.0.1564399963.cf19a13-3.3.3 saltboot-formula-0.1.1564399963.cf19a13-3.3.3 spacecmd-4.0.14-3.3.1 spacewalk-backend-4.0.25-3.10.2 spacewalk-backend-app-4.0.25-3.10.2 spacewalk-backend-applet-4.0.25-3.10.2 spacewalk-backend-config-files-4.0.25-3.10.2 spacewalk-backend-config-files-common-4.0.25-3.10.2 spacewalk-backend-config-files-tool-4.0.25-3.10.2 spacewalk-backend-iss-4.0.25-3.10.2 spacewalk-backend-iss-export-4.0.25-3.10.2 spacewalk-backend-package-push-server-4.0.25-3.10.2 spacewalk-backend-server-4.0.25-3.10.2 spacewalk-backend-sql-4.0.25-3.10.2 spacewalk-backend-sql-postgresql-4.0.25-3.10.2 spacewalk-backend-tools-4.0.25-3.10.2 spacewalk-backend-xml-export-libs-4.0.25-3.10.2 spacewalk-backend-xmlrpc-4.0.25-3.10.2 spacewalk-base-4.0.15-3.6.7 spacewalk-base-minimal-4.0.15-3.6.7 spacewalk-base-minimal-config-4.0.15-3.6.7 spacewalk-certs-tools-4.0.11-3.3.6 spacewalk-client-tools-4.0.9-3.3.4 spacewalk-html-4.0.15-3.6.7 spacewalk-java-4.0.23-3.5.2 spacewalk-java-config-4.0.23-3.5.2 spacewalk-java-lib-4.0.23-3.5.2 spacewalk-java-postgresql-4.0.23-3.5.2 spacewalk-setup-4.0.10-3.3.1 spacewalk-taskomatic-4.0.23-3.5.2 spacewalk-utils-4.0.11-3.3.6 susemanager-doc-indexes-4.0-10.6.1 susemanager-docs_en-4.0-10.6.1 susemanager-docs_en-pdf-4.0-10.6.1 susemanager-retail-tools-1.0.1564399963.cf19a13-3.3.3 susemanager-schema-4.0.14-3.3.4 susemanager-sls-4.0.19-3.5.1 susemanager-web-libs-4.0.15-3.6.7 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): mgr-cfg-4.0.9-3.3.6 mgr-cfg-actions-4.0.9-3.3.6 mgr-cfg-client-4.0.9-3.3.6 mgr-cfg-management-4.0.9-3.3.6 mgr-daemon-4.0.7-3.3.4 mgr-osad-4.0.9-3.3.7 python3-mgr-cfg-4.0.9-3.3.6 python3-mgr-cfg-actions-4.0.9-3.3.6 python3-mgr-cfg-client-4.0.9-3.3.6 python3-mgr-cfg-management-4.0.9-3.3.6 python3-mgr-osa-common-4.0.9-3.3.7 python3-mgr-osad-4.0.9-3.3.7 python3-rhnlib-4.0.11-3.7.1 python3-spacewalk-backend-libs-4.0.25-3.10.2 python3-spacewalk-certs-tools-4.0.11-3.3.6 python3-spacewalk-check-4.0.9-3.3.4 python3-spacewalk-client-setup-4.0.9-3.3.4 python3-spacewalk-client-tools-4.0.9-3.3.4 spacewalk-backend-4.0.25-3.10.2 spacewalk-base-minimal-4.0.15-3.6.7 spacewalk-base-minimal-config-4.0.15-3.6.7 spacewalk-certs-tools-4.0.11-3.3.6 spacewalk-check-4.0.9-3.3.4 spacewalk-client-setup-4.0.9-3.3.4 spacewalk-client-tools-4.0.9-3.3.4 spacewalk-remote-utils-4.0.5-3.3.6 References: https://bugzilla.suse.com/1104949 https://bugzilla.suse.com/1109639 https://bugzilla.suse.com/1111371 https://bugzilla.suse.com/1116869 https://bugzilla.suse.com/1118175 https://bugzilla.suse.com/1122559 https://bugzilla.suse.com/1134677 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1137144 https://bugzilla.suse.com/1137229 https://bugzilla.suse.com/1137244 https://bugzilla.suse.com/1137308 https://bugzilla.suse.com/1137881 https://bugzilla.suse.com/1137882 https://bugzilla.suse.com/1137952 https://bugzilla.suse.com/1137965 https://bugzilla.suse.com/1138127 https://bugzilla.suse.com/1138130 https://bugzilla.suse.com/1138268 https://bugzilla.suse.com/1138275 https://bugzilla.suse.com/1138586 https://bugzilla.suse.com/1138655 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1139453 https://bugzilla.suse.com/1139493 https://bugzilla.suse.com/1140644 https://bugzilla.suse.com/1141598 https://bugzilla.suse.com/1141663 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1143204 https://bugzilla.suse.com/1144155 https://bugzilla.suse.com/1144889 https://bugzilla.suse.com/1145584 https://bugzilla.suse.com/1149343 From sle-updates at lists.suse.com Fri Sep 6 07:23:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:23:04 +0200 (CEST) Subject: SUSE-RU-2019:2313-1: moderate: Recommended update for SUSE Manager Proxy 4.0 Message-ID: <20190906132304.A7577F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2313-1 Rating: moderate References: #1104949 #1109639 #1111371 #1116869 #1118175 #1122559 #1130040 #1134677 #1135360 #1136857 #1137144 #1137229 #1137244 #1137308 #1137881 #1137882 #1137952 #1137965 #1138127 #1138130 #1138268 #1138275 #1138586 #1138655 #1138822 #1139453 #1139493 #1140644 #1141598 #1141663 #1142038 #1143204 #1144155 #1144889 #1145584 #1148125 #1148177 #1149343 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has 38 recommended fixes can now be installed. Description: This update fixes the following issues: mgr-cfg: - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-daemon: - Fix systemd timer configuration on SLE12 (bsc#1142038) - Rhnsd service was replaced by rhnsd timer (bsc#1138130) mgr-osad: - Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) rhnlib: - Add SNI support for clients - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacewalk-backend: - Do not overwrite comps and module data with older versions - Fix issue with "dists" keyword in url hostname - Import packages from all collections of a patch not just first one - Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to "registration.register_osad" (bsc#1138822) - Don't skip Deb package tags on package import (bsc#1130040) - For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125) - prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889) spacewalk-certs-tools: - Run bootstrap.sh completely unattended on Ubuntu (bsc#1137881) spacewalk-client-tools: - The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130) spacewalk-remote-utils: - Add RHEL8 spacewalk-web: - Redirect to first step of channel assignment after change channel submit (bsc#1137244) - Hide channels managed by Content Lifecycle projects from available sources (bsc#1137965) - Add unsupported browser warning when using Internet Explorer - Allow virtualization tab for foreign systems (bsc#1116869) - Allow forcing off or resetting VMs - Fix VM creation dialog with non-default pools and networks (bsc#1138268) - Add checks for empty required entries on formula forms (bsc#1109639) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-2313=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2019-2313=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): spacewalk-branding-4.0.13-3.3.6 susemanager-4.0.16-3.3.8 susemanager-tools-4.0.16-3.3.8 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): branch-network-formula-0.1.1561374979.11123db-3.3.3 cpu-mitigations-formula-0.1-4.3.2 mgr-osa-dispatcher-4.0.9-3.3.7 py26-compat-salt-2016.11.10-10.5.1 python3-mgr-osa-common-4.0.9-3.3.7 python3-mgr-osa-dispatcher-4.0.9-3.3.7 python3-rhnlib-4.0.11-3.7.1 python3-spacewalk-backend-libs-4.0.25-3.10.2 python3-spacewalk-certs-tools-4.0.11-3.3.6 python3-spacewalk-client-tools-4.0.9-3.3.4 python3-susemanager-retail-1.0.1564399963.cf19a13-3.3.3 saltboot-formula-0.1.1564399963.cf19a13-3.3.3 spacecmd-4.0.14-3.3.1 spacewalk-backend-4.0.25-3.10.2 spacewalk-backend-app-4.0.25-3.10.2 spacewalk-backend-applet-4.0.25-3.10.2 spacewalk-backend-config-files-4.0.25-3.10.2 spacewalk-backend-config-files-common-4.0.25-3.10.2 spacewalk-backend-config-files-tool-4.0.25-3.10.2 spacewalk-backend-iss-4.0.25-3.10.2 spacewalk-backend-iss-export-4.0.25-3.10.2 spacewalk-backend-package-push-server-4.0.25-3.10.2 spacewalk-backend-server-4.0.25-3.10.2 spacewalk-backend-sql-4.0.25-3.10.2 spacewalk-backend-sql-postgresql-4.0.25-3.10.2 spacewalk-backend-tools-4.0.25-3.10.2 spacewalk-backend-xml-export-libs-4.0.25-3.10.2 spacewalk-backend-xmlrpc-4.0.25-3.10.2 spacewalk-base-4.0.15-3.6.7 spacewalk-base-minimal-4.0.15-3.6.7 spacewalk-base-minimal-config-4.0.15-3.6.7 spacewalk-certs-tools-4.0.11-3.3.6 spacewalk-client-tools-4.0.9-3.3.4 spacewalk-html-4.0.15-3.6.7 spacewalk-java-4.0.23-3.5.2 spacewalk-java-config-4.0.23-3.5.2 spacewalk-java-lib-4.0.23-3.5.2 spacewalk-java-postgresql-4.0.23-3.5.2 spacewalk-setup-4.0.10-3.3.1 spacewalk-taskomatic-4.0.23-3.5.2 spacewalk-utils-4.0.11-3.3.6 susemanager-doc-indexes-4.0-10.6.1 susemanager-docs_en-4.0-10.6.1 susemanager-docs_en-pdf-4.0-10.6.1 susemanager-retail-tools-1.0.1564399963.cf19a13-3.3.3 susemanager-schema-4.0.14-3.3.4 susemanager-sls-4.0.19-3.5.1 susemanager-web-libs-4.0.15-3.6.7 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): mgr-cfg-4.0.9-3.3.6 mgr-cfg-actions-4.0.9-3.3.6 mgr-cfg-client-4.0.9-3.3.6 mgr-cfg-management-4.0.9-3.3.6 mgr-daemon-4.0.7-3.3.4 mgr-osad-4.0.9-3.3.7 python3-mgr-cfg-4.0.9-3.3.6 python3-mgr-cfg-actions-4.0.9-3.3.6 python3-mgr-cfg-client-4.0.9-3.3.6 python3-mgr-cfg-management-4.0.9-3.3.6 python3-mgr-osa-common-4.0.9-3.3.7 python3-mgr-osad-4.0.9-3.3.7 python3-rhnlib-4.0.11-3.7.1 python3-spacewalk-backend-libs-4.0.25-3.10.2 python3-spacewalk-certs-tools-4.0.11-3.3.6 python3-spacewalk-check-4.0.9-3.3.4 python3-spacewalk-client-setup-4.0.9-3.3.4 python3-spacewalk-client-tools-4.0.9-3.3.4 spacewalk-backend-4.0.25-3.10.2 spacewalk-base-minimal-4.0.15-3.6.7 spacewalk-base-minimal-config-4.0.15-3.6.7 spacewalk-certs-tools-4.0.11-3.3.6 spacewalk-check-4.0.9-3.3.4 spacewalk-client-setup-4.0.9-3.3.4 spacewalk-client-tools-4.0.9-3.3.4 spacewalk-remote-utils-4.0.5-3.3.6 References: https://bugzilla.suse.com/1104949 https://bugzilla.suse.com/1109639 https://bugzilla.suse.com/1111371 https://bugzilla.suse.com/1116869 https://bugzilla.suse.com/1118175 https://bugzilla.suse.com/1122559 https://bugzilla.suse.com/1130040 https://bugzilla.suse.com/1134677 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1137144 https://bugzilla.suse.com/1137229 https://bugzilla.suse.com/1137244 https://bugzilla.suse.com/1137308 https://bugzilla.suse.com/1137881 https://bugzilla.suse.com/1137882 https://bugzilla.suse.com/1137952 https://bugzilla.suse.com/1137965 https://bugzilla.suse.com/1138127 https://bugzilla.suse.com/1138130 https://bugzilla.suse.com/1138268 https://bugzilla.suse.com/1138275 https://bugzilla.suse.com/1138586 https://bugzilla.suse.com/1138655 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1139453 https://bugzilla.suse.com/1139493 https://bugzilla.suse.com/1140644 https://bugzilla.suse.com/1141598 https://bugzilla.suse.com/1141663 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1143204 https://bugzilla.suse.com/1144155 https://bugzilla.suse.com/1144889 https://bugzilla.suse.com/1145584 https://bugzilla.suse.com/1148125 https://bugzilla.suse.com/1148177 https://bugzilla.suse.com/1149343 From sle-updates at lists.suse.com Fri Sep 6 07:28:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:28:47 +0200 (CEST) Subject: SUSE-RU-2019:2313-1: moderate: Recommended update for SUSE Manager Server 4.0 Message-ID: <20190906132847.96EB8F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2313-1 Rating: moderate References: #1104949 #1109639 #1111371 #1116869 #1118175 #1122559 #1130040 #1132076 #1134677 #1135360 #1136857 #1137144 #1137229 #1137244 #1137308 #1137881 #1137882 #1137952 #1137965 #1138127 #1138130 #1138268 #1138275 #1138586 #1138655 #1138822 #1139453 #1139493 #1140644 #1141598 #1141663 #1142038 #1143204 #1143946 #1144155 #1144889 #1145584 #1146411 #1146443 #1147126 #1148125 #1148177 #1148311 #1149343 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has 44 recommended fixes can now be installed. Description: This update includes the following new features: - Improve performance of 'Systems requiring reboot' page (fate#327780) - Drop no longer used 'allServerKeywordSinceReboot' view (fate#327780) This update fixes the following issues: branch-network-formula: - Update to version 0.1.1561374979.11123db - Explicitelly specify zone of the internal interface (bsc#1138586) - Use 'onchanges' require instead of 'wait' to clearly see when state was applied or not required to - Firewalld 'public' zone should be used for shared NIC (bsc#1137882) mgr-osad: - Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) patterns-suse-manager: - Add recommends for cpu-mitigations-formula py26-compat-salt: - Do not break repo files with multiple line values on yumpkg (bsc#1135360) - Catch SSLError for TLS 1.2 bootstraps with RES/RHEL6 and SLE11 (bsc#1147126) python-susemanager-retail: - Update to version 0.1.1564399963.cf19a13 - Initialize filename_efi in dhcpd formula (bsc#1143204) rhnlib: - Add SNI support for clients - Fix initialize ssl connection (bsc#1144155) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) saltboot-formula: - Update to version 0.1.1564399963.cf19a13 - Fix rounding errors at the end of disk (bsc#1136857) spacewalk-backend: - prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889) - Do not overwrite comps and module data with older versions - Fix issue with "dists" keyword in url hostname - Import packages from all collections of a patch not just first one - Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to "registration.register_osad" (bsc#1138822) - Don't skip Deb package tags on package import (bsc#1130040) - For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125) - prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889) spacewalk-branding: - Set Copyright year to 2019 (bsc#1141598) - Remove duplicate information message when changing system properties (bsc#1111371) - Add missing strings for task status page spacewalk-certs-tools: - Run bootstrap.sh completely unattended on Ubuntu (bsc#1137881) spacewalk-client-tools: - The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130) spacewalk-java: - Fix: initialize the hibernate transaction when merging errata via XMLRPC API (bsc#1145584) - Improve performance for retrieving the user permissions on channels (bsc#1140644) - Fix permissions of cobbler owned directories - Prerequire salt package to avoid not existing user issues - Support partly patched CVEs in CVE audit (bsc#1137229) - Remove duplicate information message when changing system properties (bsc#1111371) - Align selection column in software channel managers (bsc#1122559) - Hide channels managed by Content Lifecycle projects from available sources (bsc#1137965) - Add caret sorting for rpm versioning - API Documentation: mention the shebang in the system.scheduleScriptRun doc strings (bsc#1138655) - For orphan contentsources, look also in susesccrepositoryauth to make sure they are not being referenced(bsc#1138275) - Fallback to logged-in-user org and then vendor errata when looking up erratum on cloning (bsc#1137308) - Add new validation to avoid creating content lifecycle projects starting with a number (bsc#1139493) - Allow virtualization tab for foreign systems (bsc#1116869) - Improve performance of 'Systems requiring reboot' page (fate#327780) - Allow forcing off or resetting VMs - Keep querystring on ListTag parent_url for actions that have the cid param (bsc#1134677) - Add XML-RPC API calls to manage server monitoring - Fix profiles package scheduling when epoch is null (bsc#1137144) spacewalk-utils: - Fixes SSL hostname matching (bsc#1141663) - Hostname-rename: change hostname in cobbler db and autoinst data - Adds support for Ubuntu and Debian channels to spacewalk-common-channels. spacewalk-web: - Redirect to first step of channel assignment after change channel submit (bsc#1137244) - Hide channels managed by Content Lifecycle projects from available sources (bsc#1137965) - Add unsupported browser warning when using Internet Explorer - Allow virtualization tab for foreign systems (bsc#1116869) - Allow forcing off or resetting VMs - Fix VM creation dialog with non-default pools and networks (bsc#1138268) - Add checks for empty required entries on formula forms (bsc#1109639) susemanager: - Make dmidecode part of the bootstrap repositiories (bsc#1137952) susemanager-nodejs-sdk-devel: - upgrade lodash - https://nodesecurity.io/advisories/1065 - upgrade eslint and react-select minor susemanager-schema: - Improve performance for retrieving the user permissions on channels (bsc#1140644) - Add caret sorting for rpm versioning - Allow repo and manifest sources with the same url - Drop no longer used 'allServerKeywordSinceReboot' view (fate#327780) - Allow forcing off or resetting VMs susemanager-sls: - Force VM off before deleting it (bsc#1138127) - Check for result of image rsync transfer to catch failures early (bsc#1104949) - Allow forcing off or resetting VMs - Make sure dmidecode is installed during bootstrap to ensure that hardware refresh works for all operating systems (bsc#1137952) - Bootstrapping RES6/RHEL6/SLE11 with TLS1.2 now shows error message. (bsc#1147126) - Fix for issue with bootstrapping RES minions (bsc#1147126) spacewalk-setup: - prevent CherryPy timeouts (bsc#1118175, bsc#1149343) cpu-mitigations-formula: - Initial commit of cpu-mitigations-formula (bsc#1143946) spacecmd: - Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311) susemanager-docs_en: - Interface used for branch network on branch server is not added to internal firewall zone (bsc#1132076) - Increasing the maximum size allowed for configuration files (bsc#1146411) - Documentation - Unclear how to use groups with SUMA 4 remote commands (bsc#1146443) - Added link to bootstrap script creation - Added missing zypper entity - Added Canonical IP safeguard - Update for unified proxy installer - lunrjs integration replaces Algolia with local search - Antora UI improvements - JeOS docs cleaned up - Content review and cleanup on books Administration, Installation, Salt, Retail, Client Configuration and Upgrade - Removed outdated command tailf - Added missing images - Improved max size for configuration files - Added matching salt clients by minion_id or with a wildcard - Clarify image store for Kiwi images - Public cloud doc update - Content lifecycle manager filter update - Added note about support status of IE - Fixed IBM Z entity render issue - New Salt tuning guide Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2019-2313=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2019-2313=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): spacewalk-branding-4.0.13-3.3.6 susemanager-4.0.16-3.3.8 susemanager-tools-4.0.16-3.3.8 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): branch-network-formula-0.1.1561374979.11123db-3.3.3 cpu-mitigations-formula-0.1-4.3.2 mgr-osa-dispatcher-4.0.9-3.3.7 py26-compat-salt-2016.11.10-10.5.1 python3-mgr-osa-common-4.0.9-3.3.7 python3-mgr-osa-dispatcher-4.0.9-3.3.7 python3-rhnlib-4.0.11-3.7.1 python3-spacewalk-backend-libs-4.0.25-3.10.2 python3-spacewalk-certs-tools-4.0.11-3.3.6 python3-spacewalk-client-tools-4.0.9-3.3.4 python3-susemanager-retail-1.0.1564399963.cf19a13-3.3.3 saltboot-formula-0.1.1564399963.cf19a13-3.3.3 spacecmd-4.0.14-3.3.1 spacewalk-backend-4.0.25-3.10.2 spacewalk-backend-app-4.0.25-3.10.2 spacewalk-backend-applet-4.0.25-3.10.2 spacewalk-backend-config-files-4.0.25-3.10.2 spacewalk-backend-config-files-common-4.0.25-3.10.2 spacewalk-backend-config-files-tool-4.0.25-3.10.2 spacewalk-backend-iss-4.0.25-3.10.2 spacewalk-backend-iss-export-4.0.25-3.10.2 spacewalk-backend-package-push-server-4.0.25-3.10.2 spacewalk-backend-server-4.0.25-3.10.2 spacewalk-backend-sql-4.0.25-3.10.2 spacewalk-backend-sql-postgresql-4.0.25-3.10.2 spacewalk-backend-tools-4.0.25-3.10.2 spacewalk-backend-xml-export-libs-4.0.25-3.10.2 spacewalk-backend-xmlrpc-4.0.25-3.10.2 spacewalk-base-4.0.15-3.6.7 spacewalk-base-minimal-4.0.15-3.6.7 spacewalk-base-minimal-config-4.0.15-3.6.7 spacewalk-certs-tools-4.0.11-3.3.6 spacewalk-client-tools-4.0.9-3.3.4 spacewalk-html-4.0.15-3.6.7 spacewalk-java-4.0.23-3.5.2 spacewalk-java-config-4.0.23-3.5.2 spacewalk-java-lib-4.0.23-3.5.2 spacewalk-java-postgresql-4.0.23-3.5.2 spacewalk-setup-4.0.10-3.3.1 spacewalk-taskomatic-4.0.23-3.5.2 spacewalk-utils-4.0.11-3.3.6 susemanager-doc-indexes-4.0-10.6.1 susemanager-docs_en-4.0-10.6.1 susemanager-docs_en-pdf-4.0-10.6.1 susemanager-retail-tools-1.0.1564399963.cf19a13-3.3.3 susemanager-schema-4.0.14-3.3.4 susemanager-sls-4.0.19-3.5.1 susemanager-web-libs-4.0.15-3.6.7 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): mgr-cfg-4.0.9-3.3.6 mgr-cfg-actions-4.0.9-3.3.6 mgr-cfg-client-4.0.9-3.3.6 mgr-cfg-management-4.0.9-3.3.6 mgr-daemon-4.0.7-3.3.4 mgr-osad-4.0.9-3.3.7 python3-mgr-cfg-4.0.9-3.3.6 python3-mgr-cfg-actions-4.0.9-3.3.6 python3-mgr-cfg-client-4.0.9-3.3.6 python3-mgr-cfg-management-4.0.9-3.3.6 python3-mgr-osa-common-4.0.9-3.3.7 python3-mgr-osad-4.0.9-3.3.7 python3-rhnlib-4.0.11-3.7.1 python3-spacewalk-backend-libs-4.0.25-3.10.2 python3-spacewalk-certs-tools-4.0.11-3.3.6 python3-spacewalk-check-4.0.9-3.3.4 python3-spacewalk-client-setup-4.0.9-3.3.4 python3-spacewalk-client-tools-4.0.9-3.3.4 spacewalk-backend-4.0.25-3.10.2 spacewalk-base-minimal-4.0.15-3.6.7 spacewalk-base-minimal-config-4.0.15-3.6.7 spacewalk-certs-tools-4.0.11-3.3.6 spacewalk-check-4.0.9-3.3.4 spacewalk-client-setup-4.0.9-3.3.4 spacewalk-client-tools-4.0.9-3.3.4 spacewalk-remote-utils-4.0.5-3.3.6 References: https://bugzilla.suse.com/1104949 https://bugzilla.suse.com/1109639 https://bugzilla.suse.com/1111371 https://bugzilla.suse.com/1116869 https://bugzilla.suse.com/1118175 https://bugzilla.suse.com/1122559 https://bugzilla.suse.com/1130040 https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1134677 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1137144 https://bugzilla.suse.com/1137229 https://bugzilla.suse.com/1137244 https://bugzilla.suse.com/1137308 https://bugzilla.suse.com/1137881 https://bugzilla.suse.com/1137882 https://bugzilla.suse.com/1137952 https://bugzilla.suse.com/1137965 https://bugzilla.suse.com/1138127 https://bugzilla.suse.com/1138130 https://bugzilla.suse.com/1138268 https://bugzilla.suse.com/1138275 https://bugzilla.suse.com/1138586 https://bugzilla.suse.com/1138655 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1139453 https://bugzilla.suse.com/1139493 https://bugzilla.suse.com/1140644 https://bugzilla.suse.com/1141598 https://bugzilla.suse.com/1141663 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1143204 https://bugzilla.suse.com/1143946 https://bugzilla.suse.com/1144155 https://bugzilla.suse.com/1144889 https://bugzilla.suse.com/1145584 https://bugzilla.suse.com/1146411 https://bugzilla.suse.com/1146443 https://bugzilla.suse.com/1147126 https://bugzilla.suse.com/1148125 https://bugzilla.suse.com/1148177 https://bugzilla.suse.com/1148311 https://bugzilla.suse.com/1149343 From sle-updates at lists.suse.com Fri Sep 6 07:35:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:35:34 +0200 (CEST) Subject: SUSE-RU-2019:2316-1: moderate: Recommended update for Salt Message-ID: <20190906133534.835F0F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2316-1 Rating: moderate References: #1128554 #1131114 #1132076 #1133647 #1135360 #1135507 #1139761 #1140193 #1148714 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Multiple fixes on cmdmod, chroot, freezer and zypperpkg needed for Yomi cmdmod: fix runas and group in run_chroot chroot: add missing sys directory chroot: change variable name to root chroot: fix bug in safe_kwargs iteration freezer: do not fail in cache dir is present freezer: clean freeze YAML profile on restore zypperpkg: fix pkg.list_pkgs cache - Avoid traceback on http.query when there are errors with the requested URL (bsc#1128554) - Salt python client get_full_returns seems return data from incorrect jid (bsc#1131114) - Virt.volume_infos: don't raise an error if there is no VM - Prevent ansiblegate unit tests to fail on Ubuntu - Allow passing kwargs to pkg.list_downloaded for Zypper (bsc#1140193) - Do not make "ansiblegate" module to crash on Python3 minions (bsc#1139761) - Provide the missing features required for Yomi (Yet one more installer) - Fix zypper pkg.list_pkgs test expectation and dpkg mocking - Set 'salt' group for files and directories created by salt-standalone-formulas-configuration package - Fix virt.volume_infos raising an exception when there is only virtual machine on the minion. - Fix virt.purge() on all non-KVM hypervisors. For instance on Xen, virt.purge would simply throw an exception about unsupported flag - Building a libvirt pool starts it. When defining a new pool, we need to - Fix handling of Virtual Machines with white space in their name. - Avoid batch.py exception when minion does not respond (bsc#1135507) - Preserve already defined DESTRUCTIVE_TESTS and EXPENSIVE_TESTS env variables - Do not break repo files with multiple line values on yumpkg (bsc#1135360) - Fix return status when installing or updating RPM packages with "ppc64le" arch (bsc#1133647) - Add new "salt-standalone-formulas-configuration" package - Switch firewalld state to use change_interface (bsc#1132076) - Restore default behaviour of pkg list return (bsc#1148714) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2019-2316=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-2316=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2019-2316=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2019-2316=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2019-2316=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.0-46.70.1 python3-salt-2019.2.0-46.70.1 salt-2019.2.0-46.70.1 salt-doc-2019.2.0-46.70.1 salt-minion-2019.2.0-46.70.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): python2-salt-2019.2.0-46.70.1 python3-salt-2019.2.0-46.70.1 salt-2019.2.0-46.70.1 salt-api-2019.2.0-46.70.1 salt-cloud-2019.2.0-46.70.1 salt-doc-2019.2.0-46.70.1 salt-master-2019.2.0-46.70.1 salt-minion-2019.2.0-46.70.1 salt-proxy-2019.2.0-46.70.1 salt-ssh-2019.2.0-46.70.1 salt-syndic-2019.2.0-46.70.1 - SUSE Manager Server 3.2 (noarch): salt-bash-completion-2019.2.0-46.70.1 salt-zsh-completion-2019.2.0-46.70.1 - SUSE Manager Proxy 3.2 (x86_64): python2-salt-2019.2.0-46.70.1 python3-salt-2019.2.0-46.70.1 salt-2019.2.0-46.70.1 salt-minion-2019.2.0-46.70.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python2-salt-2019.2.0-46.70.1 salt-2019.2.0-46.70.1 salt-minion-2019.2.0-46.70.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-2019.2.0-46.70.1 salt-2019.2.0-46.70.1 salt-api-2019.2.0-46.70.1 salt-cloud-2019.2.0-46.70.1 salt-doc-2019.2.0-46.70.1 salt-master-2019.2.0-46.70.1 salt-minion-2019.2.0-46.70.1 salt-proxy-2019.2.0-46.70.1 salt-ssh-2019.2.0-46.70.1 salt-syndic-2019.2.0-46.70.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-2019.2.0-46.70.1 salt-zsh-completion-2019.2.0-46.70.1 References: https://bugzilla.suse.com/1128554 https://bugzilla.suse.com/1131114 https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1133647 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135507 https://bugzilla.suse.com/1139761 https://bugzilla.suse.com/1140193 https://bugzilla.suse.com/1148714 From sle-updates at lists.suse.com Fri Sep 6 07:37:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:37:19 +0200 (CEST) Subject: SUSE-RU-2019:2328-1: moderate: Recommended update for python-msrest, python-msrestazure Message-ID: <20190906133719.CC968F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-msrest, python-msrestazure ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2328-1 Rating: moderate References: #1124482 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-msrest, python-msrestazure fixes the following issues: python-msrest was updated to version 0.4.12 (bsc#1124482): + Features * Input is now more lenient * Model have a "validate" method to check content constraints * Model have now 4 new methods: + "serialize" that gives the RestAPI that will be sent + "as_dict" that returns a dict version of the Model. Callbacks are available. + "deserialize" the parses the RestAPI JSON into a Model + "from_dict" that parses several dict syntax into a Model. Callbacks are available. + More details and examples in the Wiki article on Github: https://github.com/Azure/msrest-for-python/wiki/msrest-0.4.12???Serializati on-change + Bugfixes * Better Enum checking (#38) python-msrestazure was updated to version 0.4.12 (bsc#1124482): + Features * add "timeout" to ServicePrincipalCredentials and UserPasswordCredentials * Threads created by AzureOperationPoller have now a name prefixed by "AzureOperationPoller" to help identify them + Bugfixes * Do not fail if keyring is badly installed * Update Azure Gov login endpoint * Update metadata ARM endpoint parser + Breaking changes * Remove InteractiveCredentials. This class was deprecated and unusable. Use ADAL device code instead. * Update Requires from setup.py Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2328=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-msrest-0.4.12-5.7.1 python-msrestazure-0.4.12-5.7.21 python3-msrest-0.4.12-5.7.1 python3-msrestazure-0.4.12-5.7.21 References: https://bugzilla.suse.com/1124482 From sle-updates at lists.suse.com Fri Sep 6 07:38:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:38:34 +0200 (CEST) Subject: SUSE-RU-2019:14164-1: moderate: Recommended update for Salt Message-ID: <20190906133834.3A859F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14164-1 Rating: moderate References: #1135360 #1147126 Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Do not break repo files with multiple line values on yumpkg (bsc#1135360) - Catch SSLError for TLS 1.2 bootstraps with RES/RHEL6 and SLE11 (bsc#1147126) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-salt-201907-14164=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-salt-201907-14164=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.10-43.54.1 salt-doc-2016.11.10-43.54.1 salt-minion-2016.11.10-43.54.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): salt-2016.11.10-43.54.1 salt-doc-2016.11.10-43.54.1 salt-minion-2016.11.10-43.54.1 References: https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1147126 From sle-updates at lists.suse.com Fri Sep 6 07:39:23 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:39:23 +0200 (CEST) Subject: SUSE-RU-2019:2324-1: moderate: Recommended update for yast2, yast2-packager Message-ID: <20190906133923.73572F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2, yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2324-1 Rating: moderate References: #1132748 #1148536 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2, yast2-packager provides the following fixes: Changes in yast2: - Include the package in the INSTALLER repository to be upgraded during installation. - No source changes Changes in yast2-packager: - Avoid error when generating some warnings. (bsc#1148536) - Always set proper release version for newly added repositories. (bsc#1132748) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2324=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2019-2324=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-4.1.72-3.8.1 yast2-logs-4.1.72-3.8.1 yast2-packager-4.1.49-3.14.2 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-4.1.72-3.8.1 yast2-packager-4.1.49-3.14.2 References: https://bugzilla.suse.com/1132748 https://bugzilla.suse.com/1148536 From sle-updates at lists.suse.com Fri Sep 6 07:40:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:40:50 +0200 (CEST) Subject: SUSE-RU-2019:2325-1: moderate: Recommended update for the SUSE Manager 4.0 release notes Message-ID: <20190906134050.A9EB0F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for the SUSE Manager 4.0 release notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2325-1 Rating: moderate References: #1104949 #1109639 #1111371 #1116869 #1122559 #1130040 #1132076 #1134677 #1135360 #1136857 #1137144 #1137229 #1137244 #1137308 #1137881 #1137882 #1137952 #1137965 #1138127 #1138130 #1138268 #1138275 #1138586 #1138655 #1138822 #1139453 #1139493 #1140644 #1141598 #1141663 #1142038 #1143204 #1143856 #1144155 #1144889 #1145584 #1146411 #1146443 #1147126 #1148125 #1148177 #1148311 #1148714 #1149343 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has 44 recommended fixes can now be installed. Description: This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: - SUSE Manager Proxy bugs fixed by latest updates: bsc#1109639, bsc#1116869, bsc#1130040, bsc#1137244, bsc#1137881, bsc#1137965, bsc#1138130, bsc#1138268, bsc#1138822, bsc#1139453, bsc#1142038, bsc#1144155, bsc#1144889, bsc#1148125, bsc#1148177 - SUSE Manager Server bugs fixed by latest updates: bsc#1104949, bsc#1109639, bsc#1111371, bsc#1116869, bsc#1122559, bsc#1130040, bsc#1132076, bsc#1134677, bsc#1135360, bsc#1136857, bsc#1137144, bsc#1137229, bsc#1137244, bsc#1137308, bsc#1137881, bsc#1137882, bsc#1137952, bsc#1137965, bsc#1138127, bsc#1138130, bsc#1138268, bsc#1138275, bsc#1138586, bsc#1138655, bsc#1138822, bsc#1139453, bsc#1139493, bsc#1140644, bsc#1141598, bsc#1141663, bsc#1143204, bsc#1143856, bsc#1144155, bsc#1144889, bsc#1145584, bsc#1146411, bsc#1146443, bsc#1147126, bsc#1148125, bsc#1148177, bsc#1148311, bsc#1148714, bsc#1149343 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2019-2325=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2019-2325=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2019-2325=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2325=1 Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): release-notes-susemanager-4.0.2-3.19.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): release-notes-susemanager-proxy-4.0.2-0.16.17.1 - SUSE Manager Proxy 4.0 (x86_64): release-notes-susemanager-proxy-4.0.2-0.16.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): release-notes-susemanager-4.0.2-3.19.1 release-notes-susemanager-proxy-4.0.2-0.16.17.1 References: https://bugzilla.suse.com/1104949 https://bugzilla.suse.com/1109639 https://bugzilla.suse.com/1111371 https://bugzilla.suse.com/1116869 https://bugzilla.suse.com/1122559 https://bugzilla.suse.com/1130040 https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1134677 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1137144 https://bugzilla.suse.com/1137229 https://bugzilla.suse.com/1137244 https://bugzilla.suse.com/1137308 https://bugzilla.suse.com/1137881 https://bugzilla.suse.com/1137882 https://bugzilla.suse.com/1137952 https://bugzilla.suse.com/1137965 https://bugzilla.suse.com/1138127 https://bugzilla.suse.com/1138130 https://bugzilla.suse.com/1138268 https://bugzilla.suse.com/1138275 https://bugzilla.suse.com/1138586 https://bugzilla.suse.com/1138655 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1139453 https://bugzilla.suse.com/1139493 https://bugzilla.suse.com/1140644 https://bugzilla.suse.com/1141598 https://bugzilla.suse.com/1141663 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1143204 https://bugzilla.suse.com/1143856 https://bugzilla.suse.com/1144155 https://bugzilla.suse.com/1144889 https://bugzilla.suse.com/1145584 https://bugzilla.suse.com/1146411 https://bugzilla.suse.com/1146443 https://bugzilla.suse.com/1147126 https://bugzilla.suse.com/1148125 https://bugzilla.suse.com/1148177 https://bugzilla.suse.com/1148311 https://bugzilla.suse.com/1148714 https://bugzilla.suse.com/1149343 From sle-updates at lists.suse.com Fri Sep 6 07:47:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:47:15 +0200 (CEST) Subject: SUSE-RU-2019:2322-1: moderate: Recommended update for Salt Message-ID: <20190906134715.B925CF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2322-1 Rating: moderate References: #1128554 #1131114 #1132076 #1133647 #1135360 #1135507 #1139761 #1140193 #1148714 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Multiple fixes on cmdmod, chroot, freezer and zypperpkg needed for Yomi cmdmod: fix runas and group in run_chroot chroot: add missing sys directory chroot: change variable name to root chroot: fix bug in safe_kwargs iteration freezer: do not fail in cache dir is present freezer: clean freeze YAML profile on restore zypperpkg: fix pkg.list_pkgs cache - Avoid traceback on http.query when there are errors with the requested URL (bsc#1128554) - Salt python client get_full_returns seems return data from incorrect jid (bsc#1131114) - Virt.volume_infos: don't raise an error if there is no VM - Prevent ansiblegate unit tests to fail on Ubuntu - Allow passing kwargs to pkg.list_downloaded for Zypper (bsc#1140193) - Do not make "ansiblegate" module to crash on Python3 minions (bsc#1139761) - Provide the missing features required for Yomi (Yet one more installer) - Fix zypper pkg.list_pkgs test expectation and dpkg mocking - Set 'salt' group for files and directories created by salt-standalone-formulas-configuration package - Fix virt.volume_infos raising an exception when there is only virtual machine on the minion. - Fix virt.purge() on all non-KVM hypervisors. For instance on Xen, virt.purge would simply throw an exception about unsupported flag - Building a libvirt pool starts it. When defining a new pool, we need to - Fix handling of Virtual Machines with white space in their name. - Avoid batch.py exception when minion does not respond (bsc#1135507) - Preserve already defined DESTRUCTIVE_TESTS and EXPENSIVE_TESTS env variables - Do not break repo files with multiple line values on yumpkg (bsc#1135360) - Fix return status when installing or updating RPM packages with "ppc64le" arch (bsc#1133647) - Add new "salt-standalone-formulas-configuration" package - Switch firewalld state to use change_interface (bsc#1132076) - Restore default behaviour of pkg list return (bsc#1148714) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2322=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2322=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): salt-api-2019.2.0-5.46.1 salt-cloud-2019.2.0-5.46.1 salt-master-2019.2.0-5.46.1 salt-proxy-2019.2.0-5.46.1 salt-ssh-2019.2.0-5.46.1 salt-syndic-2019.2.0-5.46.1 - SUSE Linux Enterprise Module for Server Applications 15 (noarch): salt-fish-completion-2019.2.0-5.46.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.0-5.46.1 python3-salt-2019.2.0-5.46.1 salt-2019.2.0-5.46.1 salt-doc-2019.2.0-5.46.1 salt-minion-2019.2.0-5.46.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): salt-bash-completion-2019.2.0-5.46.1 salt-zsh-completion-2019.2.0-5.46.1 References: https://bugzilla.suse.com/1128554 https://bugzilla.suse.com/1131114 https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1133647 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135507 https://bugzilla.suse.com/1139761 https://bugzilla.suse.com/1140193 https://bugzilla.suse.com/1148714 From sle-updates at lists.suse.com Fri Sep 6 07:48:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:48:53 +0200 (CEST) Subject: SUSE-RU-2019:14165-1: moderate: Recommended update for Salt Message-ID: <20190906134853.6788EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14165-1 Rating: moderate References: #1128554 #1131114 #1132076 #1133647 #1135360 #1135507 #1139761 #1140193 #1148714 Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Multiple fixes on cmdmod, chroot, freezer and zypperpkg needed for Yomi cmdmod: fix runas and group in run_chroot chroot: add missing sys directory chroot: change variable name to root chroot: fix bug in safe_kwargs iteration freezer: do not fail in cache dir is present freezer: clean freeze YAML profile on restore zypperpkg: fix pkg.list_pkgs cache - Avoid traceback on http.query when there are errors with the requested URL (bsc#1128554) - Salt python client get_full_returns seems return data from incorrect jid (bsc#1131114) - Virt.volume_infos: don't raise an error if there is no VM - Prevent ansiblegate unit tests to fail on Ubuntu - Allow passing kwargs to pkg.list_downloaded for Zypper (bsc#1140193) - Do not make "ansiblegate" module to crash on Python3 minions (bsc#1139761) - Provide the missing features required for Yomi (Yet one more installer) - Fix zypper pkg.list_pkgs test expectation and dpkg mocking - Set 'salt' group for files and directories created by salt-standalone-formulas-configuration package - Fix virt.volume_infos raising an exception when there is only virtual machine on the minion. - Fix virt.purge() on all non-KVM hypervisors. For instance on Xen, virt.purge would simply throw an exception about unsupported flag - Building a libvirt pool starts it. When defining a new pool, we need to - Fix handling of Virtual Machines with white space in their name. - Avoid batch.py exception when minion does not respond (bsc#1135507) - Preserve already defined DESTRUCTIVE_TESTS and EXPENSIVE_TESTS env variables - Do not break repo files with multiple line values on yumpkg (bsc#1135360) - Fix return status when installing or updating RPM packages with "ppc64le" arch (bsc#1133647) - Add new "salt-standalone-formulas-configuration" package - Switch firewalld state to use change_interface (bsc#1132076) - Restore default behaviour of pkg list return (bsc#1148714) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS: zypper in -t patch suse-ubu164ct-salt-201907-14165=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS (all): salt-common-2019.2.0+ds-1.1+16.1 salt-minion-2019.2.0+ds-1.1+16.1 References: https://bugzilla.suse.com/1128554 https://bugzilla.suse.com/1131114 https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1133647 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135507 https://bugzilla.suse.com/1139761 https://bugzilla.suse.com/1140193 https://bugzilla.suse.com/1148714 From sle-updates at lists.suse.com Fri Sep 6 07:50:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 15:50:38 +0200 (CEST) Subject: SUSE-RU-2019:14168-1: moderate: Recommended update for Salt Message-ID: <20190906135038.6315AF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14168-1 Rating: moderate References: #1128554 #1131114 #1132076 #1133647 #1135360 #1135507 #1139761 #1140193 #1148714 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Multiple fixes on cmdmod, chroot, freezer and zypperpkg needed for Yomi cmdmod: fix runas and group in run_chroot chroot: add missing sys directory chroot: change variable name to root chroot: fix bug in safe_kwargs iteration freezer: do not fail in cache dir is present freezer: clean freeze YAML profile on restore zypperpkg: fix pkg.list_pkgs cache - Avoid traceback on http.query when there are errors with the requested URL (bsc#1128554) - Salt python client get_full_returns seems return data from incorrect jid (bsc#1131114) - Virt.volume_infos: don't raise an error if there is no VM - Prevent ansiblegate unit tests to fail on Ubuntu - Allow passing kwargs to pkg.list_downloaded for Zypper (bsc#1140193) - Do not make "ansiblegate" module to crash on Python3 minions (bsc#1139761) - Provide the missing features required for Yomi (Yet one more installer) - Fix zypper pkg.list_pkgs test expectation and dpkg mocking - Set 'salt' group for files and directories created by salt-standalone-formulas-configuration package - Fix virt.volume_infos raising an exception when there is only virtual machine on the minion. - Fix virt.purge() on all non-KVM hypervisors. For instance on Xen, virt.purge would simply throw an exception about unsupported flag - Building a libvirt pool starts it. When defining a new pool, we need to - Fix handling of Virtual Machines with white space in their name. - Avoid batch.py exception when minion does not respond (bsc#1135507) - Preserve already defined DESTRUCTIVE_TESTS and EXPENSIVE_TESTS env variables - Do not break repo files with multiple line values on yumpkg (bsc#1135360) - Fix return status when installing or updating RPM packages with "ppc64le" arch (bsc#1133647) - Add new "salt-standalone-formulas-configuration" package - Switch firewalld state to use change_interface (bsc#1132076) - Restore default behaviour of pkg list return (bsc#1148714) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-salt-201907-14168=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-2019.2.0+ds-1.1+16.1 salt-minion-2019.2.0+ds-1.1+16.1 References: https://bugzilla.suse.com/1128554 https://bugzilla.suse.com/1131114 https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1133647 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135507 https://bugzilla.suse.com/1139761 https://bugzilla.suse.com/1140193 https://bugzilla.suse.com/1148714 From sle-updates at lists.suse.com Fri Sep 6 13:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 21:11:03 +0200 (CEST) Subject: SUSE-SU-2019:2157-1: important: Security update for qemu Message-ID: <20190906191103.EEB6EF798@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2157-1 Rating: important References: #1135902 #1140402 #1143794 Cross-References: CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2157=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2157=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2157=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2157=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2157=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): qemu-2.6.2-41.55.1 qemu-block-curl-2.6.2-41.55.1 qemu-block-curl-debuginfo-2.6.2-41.55.1 qemu-block-ssh-2.6.2-41.55.1 qemu-block-ssh-debuginfo-2.6.2-41.55.1 qemu-debugsource-2.6.2-41.55.1 qemu-guest-agent-2.6.2-41.55.1 qemu-guest-agent-debuginfo-2.6.2-41.55.1 qemu-kvm-2.6.2-41.55.1 qemu-lang-2.6.2-41.55.1 qemu-tools-2.6.2-41.55.1 qemu-tools-debuginfo-2.6.2-41.55.1 - SUSE OpenStack Cloud 7 (noarch): qemu-ipxe-1.0.0-41.55.1 qemu-seabios-1.9.1-41.55.1 qemu-sgabios-8-41.55.1 qemu-vgabios-1.9.1-41.55.1 - SUSE OpenStack Cloud 7 (x86_64): qemu-block-rbd-2.6.2-41.55.1 qemu-block-rbd-debuginfo-2.6.2-41.55.1 qemu-x86-2.6.2-41.55.1 qemu-x86-debuginfo-2.6.2-41.55.1 - SUSE OpenStack Cloud 7 (s390x): qemu-s390-2.6.2-41.55.1 qemu-s390-debuginfo-2.6.2-41.55.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): qemu-2.6.2-41.55.1 qemu-block-curl-2.6.2-41.55.1 qemu-block-curl-debuginfo-2.6.2-41.55.1 qemu-block-ssh-2.6.2-41.55.1 qemu-block-ssh-debuginfo-2.6.2-41.55.1 qemu-debugsource-2.6.2-41.55.1 qemu-guest-agent-2.6.2-41.55.1 qemu-guest-agent-debuginfo-2.6.2-41.55.1 qemu-lang-2.6.2-41.55.1 qemu-tools-2.6.2-41.55.1 qemu-tools-debuginfo-2.6.2-41.55.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): qemu-ppc-2.6.2-41.55.1 qemu-ppc-debuginfo-2.6.2-41.55.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): qemu-block-rbd-2.6.2-41.55.1 qemu-block-rbd-debuginfo-2.6.2-41.55.1 qemu-kvm-2.6.2-41.55.1 qemu-x86-2.6.2-41.55.1 qemu-x86-debuginfo-2.6.2-41.55.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): qemu-ipxe-1.0.0-41.55.1 qemu-seabios-1.9.1-41.55.1 qemu-sgabios-8-41.55.1 qemu-vgabios-1.9.1-41.55.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): qemu-2.6.2-41.55.1 qemu-block-curl-2.6.2-41.55.1 qemu-block-curl-debuginfo-2.6.2-41.55.1 qemu-block-ssh-2.6.2-41.55.1 qemu-block-ssh-debuginfo-2.6.2-41.55.1 qemu-debugsource-2.6.2-41.55.1 qemu-guest-agent-2.6.2-41.55.1 qemu-guest-agent-debuginfo-2.6.2-41.55.1 qemu-lang-2.6.2-41.55.1 qemu-tools-2.6.2-41.55.1 qemu-tools-debuginfo-2.6.2-41.55.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): qemu-kvm-2.6.2-41.55.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): qemu-ppc-2.6.2-41.55.1 qemu-ppc-debuginfo-2.6.2-41.55.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): qemu-block-rbd-2.6.2-41.55.1 qemu-block-rbd-debuginfo-2.6.2-41.55.1 qemu-x86-2.6.2-41.55.1 qemu-x86-debuginfo-2.6.2-41.55.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): qemu-ipxe-1.0.0-41.55.1 qemu-seabios-1.9.1-41.55.1 qemu-sgabios-8-41.55.1 qemu-vgabios-1.9.1-41.55.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): qemu-s390-2.6.2-41.55.1 qemu-s390-debuginfo-2.6.2-41.55.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): qemu-ipxe-1.0.0-41.55.1 qemu-seabios-1.9.1-41.55.1 qemu-sgabios-8-41.55.1 qemu-vgabios-1.9.1-41.55.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): qemu-2.6.2-41.55.1 qemu-block-curl-2.6.2-41.55.1 qemu-block-curl-debuginfo-2.6.2-41.55.1 qemu-block-rbd-2.6.2-41.55.1 qemu-block-rbd-debuginfo-2.6.2-41.55.1 qemu-block-ssh-2.6.2-41.55.1 qemu-block-ssh-debuginfo-2.6.2-41.55.1 qemu-debugsource-2.6.2-41.55.1 qemu-guest-agent-2.6.2-41.55.1 qemu-guest-agent-debuginfo-2.6.2-41.55.1 qemu-kvm-2.6.2-41.55.1 qemu-lang-2.6.2-41.55.1 qemu-tools-2.6.2-41.55.1 qemu-tools-debuginfo-2.6.2-41.55.1 qemu-x86-2.6.2-41.55.1 qemu-x86-debuginfo-2.6.2-41.55.1 - SUSE Enterprise Storage 4 (noarch): qemu-ipxe-1.0.0-41.55.1 qemu-seabios-1.9.1-41.55.1 qemu-sgabios-8-41.55.1 qemu-vgabios-1.9.1-41.55.1 - SUSE Enterprise Storage 4 (x86_64): qemu-2.6.2-41.55.1 qemu-block-curl-2.6.2-41.55.1 qemu-block-curl-debuginfo-2.6.2-41.55.1 qemu-block-rbd-2.6.2-41.55.1 qemu-block-rbd-debuginfo-2.6.2-41.55.1 qemu-block-ssh-2.6.2-41.55.1 qemu-block-ssh-debuginfo-2.6.2-41.55.1 qemu-debugsource-2.6.2-41.55.1 qemu-guest-agent-2.6.2-41.55.1 qemu-guest-agent-debuginfo-2.6.2-41.55.1 qemu-kvm-2.6.2-41.55.1 qemu-lang-2.6.2-41.55.1 qemu-tools-2.6.2-41.55.1 qemu-tools-debuginfo-2.6.2-41.55.1 qemu-x86-2.6.2-41.55.1 qemu-x86-debuginfo-2.6.2-41.55.1 References: https://www.suse.com/security/cve/CVE-2019-12155.html https://www.suse.com/security/cve/CVE-2019-13164.html https://www.suse.com/security/cve/CVE-2019-14378.html https://bugzilla.suse.com/1135902 https://bugzilla.suse.com/1140402 https://bugzilla.suse.com/1143794 From sle-updates at lists.suse.com Fri Sep 6 13:11:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 21:11:59 +0200 (CEST) Subject: SUSE-SU-2019:2329-1: important: Security update for apache2 Message-ID: <20190906191159.2DDD8F798@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2329-1 Rating: important References: #1145575 #1145738 #1145740 #1145741 #1145742 Cross-References: CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10098 CVE-2019-9517 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575). - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742). - CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741). - CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740). - CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2329=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2329=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.43.1 apache2-debugsource-2.4.23-29.43.1 apache2-devel-2.4.23-29.43.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.43.1 apache2-debuginfo-2.4.23-29.43.1 apache2-debugsource-2.4.23-29.43.1 apache2-example-pages-2.4.23-29.43.1 apache2-prefork-2.4.23-29.43.1 apache2-prefork-debuginfo-2.4.23-29.43.1 apache2-utils-2.4.23-29.43.1 apache2-utils-debuginfo-2.4.23-29.43.1 apache2-worker-2.4.23-29.43.1 apache2-worker-debuginfo-2.4.23-29.43.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): apache2-doc-2.4.23-29.43.1 References: https://www.suse.com/security/cve/CVE-2019-10081.html https://www.suse.com/security/cve/CVE-2019-10082.html https://www.suse.com/security/cve/CVE-2019-10092.html https://www.suse.com/security/cve/CVE-2019-10098.html https://www.suse.com/security/cve/CVE-2019-9517.html https://bugzilla.suse.com/1145575 https://bugzilla.suse.com/1145738 https://bugzilla.suse.com/1145740 https://bugzilla.suse.com/1145741 https://bugzilla.suse.com/1145742 From sle-updates at lists.suse.com Fri Sep 6 13:13:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 6 Sep 2019 21:13:09 +0200 (CEST) Subject: SUSE-SU-2019:2330-1: important: Security update for mariadb, mariadb-connector-c Message-ID: <20190906191309.515EAF798@maintenance.suse.de> SUSE Security Update: Security update for mariadb, mariadb-connector-c ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2330-1 Rating: important References: #1126088 #1132666 #1136035 #1143215 Cross-References: CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for mariadb and mariadb-connector-c fixes the following issues: mariadb: - Update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666). - Adjust mysql-systemd-helper ("shutdown protected MySQL" section) so it checks both ping response and the pid in a process list as it can take some time till the process is terminated. Otherwise it can lead to "found left-over process" situation when regular mariadb is started (bsc#1143215). mariadb-connector-c: - Update to version 3.1.2 (bsc#1136035) - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2330=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2330=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2330=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2330=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mariadb-debuginfo-10.2.25-3.19.2 mariadb-debugsource-10.2.25-3.19.2 mariadb-galera-10.2.25-3.19.2 - SUSE OpenStack Cloud 9 (x86_64): mariadb-debuginfo-10.2.25-3.19.2 mariadb-debugsource-10.2.25-3.19.2 mariadb-galera-10.2.25-3.19.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libmariadb3-3.1.2-2.6.6 libmariadb3-debuginfo-3.1.2-2.6.6 libmariadb_plugins-3.1.2-2.6.6 libmariadb_plugins-debuginfo-3.1.2-2.6.6 mariadb-10.2.25-3.19.2 mariadb-client-10.2.25-3.19.2 mariadb-client-debuginfo-10.2.25-3.19.2 mariadb-connector-c-debugsource-3.1.2-2.6.6 mariadb-debuginfo-10.2.25-3.19.2 mariadb-debugsource-10.2.25-3.19.2 mariadb-tools-10.2.25-3.19.2 mariadb-tools-debuginfo-10.2.25-3.19.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): mariadb-errormessages-10.2.25-3.19.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libmariadb3-3.1.2-2.6.6 libmariadb3-debuginfo-3.1.2-2.6.6 libmariadb_plugins-3.1.2-2.6.6 libmariadb_plugins-debuginfo-3.1.2-2.6.6 mariadb-10.2.25-3.19.2 mariadb-client-10.2.25-3.19.2 mariadb-client-debuginfo-10.2.25-3.19.2 mariadb-connector-c-debugsource-3.1.2-2.6.6 mariadb-debuginfo-10.2.25-3.19.2 mariadb-debugsource-10.2.25-3.19.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): mariadb-errormessages-10.2.25-3.19.2 References: https://www.suse.com/security/cve/CVE-2019-2614.html https://www.suse.com/security/cve/CVE-2019-2627.html https://www.suse.com/security/cve/CVE-2019-2628.html https://bugzilla.suse.com/1126088 https://bugzilla.suse.com/1132666 https://bugzilla.suse.com/1136035 https://bugzilla.suse.com/1143215 From sle-updates at lists.suse.com Fri Sep 6 16:11:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 7 Sep 2019 00:11:14 +0200 (CEST) Subject: SUSE-SU-2019:2158-1: important: Security update for postgresql94 Message-ID: <20190906221114.68531F798@maintenance.suse.de> SUSE Security Update: Security update for postgresql94 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2158-1 Rating: important References: #1145092 Cross-References: CVE-2019-10208 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2158=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2158=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2158=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2158=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2158=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2158=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2158=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): postgresql94-9.4.24-21.25.1 postgresql94-contrib-9.4.24-21.25.1 postgresql94-contrib-debuginfo-9.4.24-21.25.1 postgresql94-debuginfo-9.4.24-21.25.1 postgresql94-debugsource-9.4.24-21.25.1 postgresql94-server-9.4.24-21.25.1 postgresql94-server-debuginfo-9.4.24-21.25.1 - SUSE OpenStack Cloud 7 (noarch): postgresql94-docs-9.4.24-21.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): postgresql94-9.4.24-21.25.1 postgresql94-contrib-9.4.24-21.25.1 postgresql94-contrib-debuginfo-9.4.24-21.25.1 postgresql94-debuginfo-9.4.24-21.25.1 postgresql94-debugsource-9.4.24-21.25.1 postgresql94-server-9.4.24-21.25.1 postgresql94-server-debuginfo-9.4.24-21.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): postgresql94-docs-9.4.24-21.25.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): postgresql94-docs-9.4.24-21.25.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): postgresql94-9.4.24-21.25.1 postgresql94-contrib-9.4.24-21.25.1 postgresql94-contrib-debuginfo-9.4.24-21.25.1 postgresql94-debuginfo-9.4.24-21.25.1 postgresql94-debugsource-9.4.24-21.25.1 postgresql94-server-9.4.24-21.25.1 postgresql94-server-debuginfo-9.4.24-21.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): postgresql94-9.4.24-21.25.1 postgresql94-contrib-9.4.24-21.25.1 postgresql94-contrib-debuginfo-9.4.24-21.25.1 postgresql94-debuginfo-9.4.24-21.25.1 postgresql94-debugsource-9.4.24-21.25.1 postgresql94-server-9.4.24-21.25.1 postgresql94-server-debuginfo-9.4.24-21.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): postgresql94-docs-9.4.24-21.25.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): postgresql94-docs-9.4.24-21.25.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): postgresql94-9.4.24-21.25.1 postgresql94-contrib-9.4.24-21.25.1 postgresql94-contrib-debuginfo-9.4.24-21.25.1 postgresql94-debuginfo-9.4.24-21.25.1 postgresql94-debugsource-9.4.24-21.25.1 postgresql94-server-9.4.24-21.25.1 postgresql94-server-debuginfo-9.4.24-21.25.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): postgresql94-9.4.24-21.25.1 postgresql94-contrib-9.4.24-21.25.1 postgresql94-contrib-debuginfo-9.4.24-21.25.1 postgresql94-debuginfo-9.4.24-21.25.1 postgresql94-debugsource-9.4.24-21.25.1 postgresql94-server-9.4.24-21.25.1 postgresql94-server-debuginfo-9.4.24-21.25.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): postgresql94-docs-9.4.24-21.25.1 - SUSE Enterprise Storage 4 (x86_64): postgresql94-9.4.24-21.25.1 postgresql94-contrib-9.4.24-21.25.1 postgresql94-contrib-debuginfo-9.4.24-21.25.1 postgresql94-debuginfo-9.4.24-21.25.1 postgresql94-debugsource-9.4.24-21.25.1 postgresql94-server-9.4.24-21.25.1 postgresql94-server-debuginfo-9.4.24-21.25.1 - SUSE Enterprise Storage 4 (noarch): postgresql94-docs-9.4.24-21.25.1 References: https://www.suse.com/security/cve/CVE-2019-10208.html https://bugzilla.suse.com/1145092 From sle-updates at lists.suse.com Mon Sep 9 07:12:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Sep 2019 15:12:01 +0200 (CEST) Subject: SUSE-SU-2019:2331-1: moderate: Security update for python-urllib3 Message-ID: <20190909131202.01E30F798@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2331-1 Rating: moderate References: #1119376 #1129071 #1132663 #1132900 Cross-References: CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2019-9740 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). - CVE-2018-20060: Remove Authorization header when redirecting cross-host (bsc#1119376). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2331=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python2-urllib3-1.22-6.4.1 python3-urllib3-1.22-6.4.1 References: https://www.suse.com/security/cve/CVE-2018-20060.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-9740.html https://bugzilla.suse.com/1119376 https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 From sle-updates at lists.suse.com Mon Sep 9 07:13:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Sep 2019 15:13:09 +0200 (CEST) Subject: SUSE-SU-2019:2332-1: moderate: Security update for python-urllib3 Message-ID: <20190909131309.C4A4CF798@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2332-1 Rating: moderate References: #1129071 #1132663 #1132900 Cross-References: CVE-2019-11236 CVE-2019-11324 CVE-2019-9740 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-2332=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2332=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (noarch): python2-urllib3-1.24-9.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-urllib3-1.24-9.4.1 References: https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-9740.html https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 From sle-updates at lists.suse.com Mon Sep 9 07:14:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Sep 2019 15:14:05 +0200 (CEST) Subject: SUSE-SU-2019:2335-1: important: Security update for python-Django1 Message-ID: <20190909131405.3981EF798@maintenance.suse.de> SUSE Security Update: Security update for python-Django1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2335-1 Rating: important References: #1136468 #1139945 #1142880 #1142882 #1142883 #1142885 Cross-References: CVE-2019-12308 CVE-2019-12781 CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for python-Django1 to version 1.11.23 fixes the following issues: - CVE-2019-14232: Fixed a denial of service in 'django.utils.text.Truncator' (bsc#1142880). - CVE-2019-14233: Fixed a denial of service in strip_tags() (bsc#1142882). - CVE-2019-14234: Fixed an SQL injection in key and index lookups for 'JSONField'/'HStoreField' (bsc#1142883). - CVE-2019-14235: Fixed a potential memory exhaustion in 'django.utils.encoding.uri_to_iri()' (bsc#1142885). - CVE-2019-12781: Fixed incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945). - CVE-2019-12308: Fixed a cross site scripting vulnerability in the AdminURLFieldWidget (bsc#1136468). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2335=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2335=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Django1-1.11.23-3.9.1 - SUSE OpenStack Cloud 9 (noarch): python-Django1-1.11.23-3.9.1 References: https://www.suse.com/security/cve/CVE-2019-12308.html https://www.suse.com/security/cve/CVE-2019-12781.html https://www.suse.com/security/cve/CVE-2019-14232.html https://www.suse.com/security/cve/CVE-2019-14233.html https://www.suse.com/security/cve/CVE-2019-14234.html https://www.suse.com/security/cve/CVE-2019-14235.html https://bugzilla.suse.com/1136468 https://bugzilla.suse.com/1139945 https://bugzilla.suse.com/1142880 https://bugzilla.suse.com/1142882 https://bugzilla.suse.com/1142883 https://bugzilla.suse.com/1142885 From sle-updates at lists.suse.com Mon Sep 9 07:15:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Sep 2019 15:15:20 +0200 (CEST) Subject: SUSE-RU-2019:2333-1: moderate: Recommended update for release-notes-susemanager Message-ID: <20190909131520.5FD6DF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-susemanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2333-1 Rating: moderate References: #1149642 Affected Products: SUSE Manager Server 4.0 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-susemanager fixes the following issues: - Revision 4.0.2.1 - Add a note about spacewalk-common-channels not having official support (bsc#1149642) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2019-2333=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2333=1 Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): release-notes-susemanager-4.0.2.1-3.22.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): release-notes-susemanager-4.0.2.1-3.22.1 References: https://bugzilla.suse.com/1149642 From sle-updates at lists.suse.com Mon Sep 9 07:16:00 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Sep 2019 15:16:00 +0200 (CEST) Subject: SUSE-SU-2019:2334-1: moderate: Security update for python-Pillow Message-ID: <20190909131600.0A7D2F798@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2334-1 Rating: moderate References: #967970 #975500 Cross-References: CVE-2016-2533 CVE-2016-4009 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Pillow fixes the following issues: - CVE-2016-2533: Fixed a buffer overflow in the PCD decoding (bsc#967970). - CVE-2016-4009: Fixed an interger overflow in ImagingResampleHorizontal() (bsc#975500). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2334=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2334=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-Pillow-2.8.1-4.9.1 python-Pillow-debuginfo-2.8.1-4.9.1 python-Pillow-debugsource-2.8.1-4.9.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-Pillow-2.8.1-4.9.1 python-Pillow-debuginfo-2.8.1-4.9.1 python-Pillow-debugsource-2.8.1-4.9.1 References: https://www.suse.com/security/cve/CVE-2016-2533.html https://www.suse.com/security/cve/CVE-2016-4009.html https://bugzilla.suse.com/967970 https://bugzilla.suse.com/975500 From sle-updates at lists.suse.com Mon Sep 9 10:12:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Sep 2019 18:12:04 +0200 (CEST) Subject: SUSE-SU-2019:2336-1: important: Security update for java-1_7_1-ibm Message-ID: <20190909161204.5F0C0F798@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2336-1 Rating: important References: #1141780 #1141782 #1141783 #1141785 #1141789 #1147021 Cross-References: CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 50. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2336=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2336=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2336=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2336=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2336=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2336=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2336=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2336=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2336=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2336=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2336=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2336=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2336=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2336=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2336=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2336=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2336=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2336=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-devel-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-devel-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-devel-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-devel-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-devel-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-devel-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Enterprise Storage 5 (x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - SUSE Enterprise Storage 4 (x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-devel-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 - HPE Helion Openstack 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1 java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1 References: https://www.suse.com/security/cve/CVE-2019-11771.html https://www.suse.com/security/cve/CVE-2019-11775.html https://www.suse.com/security/cve/CVE-2019-2762.html https://www.suse.com/security/cve/CVE-2019-2766.html https://www.suse.com/security/cve/CVE-2019-2769.html https://www.suse.com/security/cve/CVE-2019-2816.html https://www.suse.com/security/cve/CVE-2019-4473.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1141780 https://bugzilla.suse.com/1141782 https://bugzilla.suse.com/1141783 https://bugzilla.suse.com/1141785 https://bugzilla.suse.com/1141789 https://bugzilla.suse.com/1147021 From sle-updates at lists.suse.com Mon Sep 9 13:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 9 Sep 2019 21:11:03 +0200 (CEST) Subject: SUSE-RU-2019:2166-3: moderate: Recommended update for openvswitch Message-ID: <20190909191103.192C9F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2166-3 Rating: moderate References: #1130276 Affected Products: SUSE OpenStack Cloud Crowbar 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openvswitch fixes the following issues: openvswitch was updated to to 2.7.9 (bsc#1130276). Some of the changes are: * ofp-group: support to insert bucket with weight value for select type * ofproto: fix the bug of bucket counter is not updated * netdev-dpdk: Print netdev name for txq mapping. * ifupdown.sh: Add missing "--may-exist" option * timeval: Check for OS-provided clock_gettime on macOS * travis: Stop rsyslog before start. * vlog: Better handle syslog handler exceptions. * travis: Remove 'sudo' configuration. * ovsdb-monitor.at: Use correct perl scripts. * rconn: Avoid occasional immediate connection failures. * conntrack: Fix L4 csum for V6 extension hdr pkts. * packets: Change return type for 'packet_csum_upperlayer6()'. * ovsdb-client: Fix typo. * ofctl: break the loop if ovs_pcap_read returns error * Revert "ovs-tcpdump: Fix an undefined variable" * dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9 * dhparams: Add pregenerated .c file to the repository. * conntrack: Exclude l2 padding in 'conn_key_extract()'. * dp-packet: Add 'dp_packet_l3_size()'. * monitor: Fix crash when monitor condition adds new columns. * dpif-netdev: Add thread safety annotation to sorted_poll_list. * acinclude: Drop DPDK_EXTRA_LIB variable. * datapath: Fix IPv6 later frags parsing * datapath: Derive IP protocol number for IPv6 later frags * datapath: Avoid OOB read when parsing flow nlattrs * odp-util: Stop parse odp actions if nlattr is overflow * ovs-tcpdump: Fix an undefined variable * stt: Fix return code during xmit. * netdev-linux: Fix function argument order in sfq_tc_load(). * ofproto-dpif-xlate: Account mirrored packets only if the VLAN matches. * ofp-actions: Avoid overflow for ofpact_learn_spec->n_bits * python: Escape backslashes while formatting logs. * docs: Fix table title for VM MQ config in dpdk howto. * cmap: Fix hashing in cmap_find_protected(). * python: Catch setsockopt exceptions for TCP stream. * rhel: Add 'SYSTEMD_NO_WRAP=yes' in ovs init script for SLES * debian: Install correct vtep-ctl. * datapath-windows: Fix invalid reference in Buffermgmt.c * netdev-dpdk: Bring link down when NETDEV_UP is not set * actions: Enforce a maximum limit for nested action depth * bond: Fix LACP fallback to active-backup when recirc is enabled. * netdev-dpdk: Fix netdev_dpdk_get_features(). * ovn-northd: Fix memory leak in free_chassis_queueid(). * python-c-ext: Fix memory leak in Parser_finish * bridge.c: prevent controller connects while flow-restore-wait * connmgr: Fix vswitchd abort when a port is added and the controller is down Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2166=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2166=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): openvswitch-2.7.9-3.31.3 openvswitch-debuginfo-2.7.9-3.31.3 openvswitch-debugsource-2.7.9-3.31.3 - HPE Helion Openstack 8 (x86_64): openvswitch-2.7.9-3.31.3 openvswitch-debuginfo-2.7.9-3.31.3 openvswitch-debugsource-2.7.9-3.31.3 References: https://bugzilla.suse.com/1130276 From sle-updates at lists.suse.com Tue Sep 10 07:10:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 15:10:59 +0200 (CEST) Subject: SUSE-SU-2019:2339-1: moderate: Security update for curl Message-ID: <20190910131059.63435F798@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2339-1 Rating: moderate References: #1149496 Cross-References: CVE-2019-5482 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 References: https://www.suse.com/security/cve/CVE-2019-5482.html https://bugzilla.suse.com/1149496 From sle-updates at lists.suse.com Tue Sep 10 07:11:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 15:11:43 +0200 (CEST) Subject: SUSE-SU-2019:2341-1: important: Security update for buildah Message-ID: <20190910131143.1D2E1F798@maintenance.suse.de> SUSE Security Update: Security update for buildah ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2341-1 Rating: important References: #1144065 Cross-References: CVE-2019-10214 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for buildah fixes the following issues: Security issue fixed: - CVE-2019-10214: Fixed missing enforcement of TLS connections. (bsc#1144065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-2341=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): buildah-1.7.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10214.html https://bugzilla.suse.com/1144065 From sle-updates at lists.suse.com Tue Sep 10 07:12:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 15:12:20 +0200 (CEST) Subject: SUSE-SU-2019:2340-1: important: Security update for skopeo Message-ID: <20190910131220.F3D27F798@maintenance.suse.de> SUSE Security Update: Security update for skopeo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2340-1 Rating: important References: #1144065 Cross-References: CVE-2019-10214 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for skopeo fixes the following issues: Security issues fixed: - CVE-2019-10214: Fixed missing enforcement of TLS connections (bsc#1144065). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2340=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2340=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): skopeo-0.1.32-4.8.1 skopeo-debuginfo-0.1.32-4.8.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): skopeo-0.1.32-4.8.1 skopeo-debuginfo-0.1.32-4.8.1 References: https://www.suse.com/security/cve/CVE-2019-10214.html https://bugzilla.suse.com/1144065 From sle-updates at lists.suse.com Tue Sep 10 10:11:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 18:11:42 +0200 (CEST) Subject: SUSE-RU-2019:2344-1: important: Recommended update for cloud-regionsrv-client Message-ID: <20190910161142.0D13DF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2344-1 Rating: important References: #1148644 #1149840 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Fixes an issue where repositories where missing on a system (bsc#1148644, bsc#1149840) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2344=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2344=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-9.0.4-6.12.1 cloud-regionsrv-client-generic-config-1.0.0-6.12.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.12.1 cloud-regionsrv-client-plugin-ec2-1.0.0-6.12.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.12.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-9.0.4-6.12.1 cloud-regionsrv-client-generic-config-1.0.0-6.12.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.12.1 cloud-regionsrv-client-plugin-ec2-1.0.0-6.12.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.12.1 References: https://bugzilla.suse.com/1148644 https://bugzilla.suse.com/1149840 From sle-updates at lists.suse.com Tue Sep 10 10:12:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 18:12:34 +0200 (CEST) Subject: SUSE-SU-2019:2347-1: moderate: Security update for ghostscript Message-ID: <20190910161234.3B42FF798@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2347-1 Rating: moderate References: #1144621 Cross-References: CVE-2019-10216 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2347=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2347=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2347=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.26a-23.25.1 ghostscript-debugsource-9.26a-23.25.1 ghostscript-devel-9.26a-23.25.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ghostscript-9.26a-23.25.1 ghostscript-debuginfo-9.26a-23.25.1 ghostscript-debugsource-9.26a-23.25.1 ghostscript-x11-9.26a-23.25.1 ghostscript-x11-debuginfo-9.26a-23.25.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ghostscript-9.26a-23.25.1 ghostscript-debuginfo-9.26a-23.25.1 ghostscript-debugsource-9.26a-23.25.1 ghostscript-x11-9.26a-23.25.1 ghostscript-x11-debuginfo-9.26a-23.25.1 References: https://www.suse.com/security/cve/CVE-2019-10216.html https://bugzilla.suse.com/1144621 From sle-updates at lists.suse.com Tue Sep 10 10:13:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 18:13:16 +0200 (CEST) Subject: SUSE-SU-2019:2346-1: moderate: Security update for podman Message-ID: <20190910161316.22AEFF798@maintenance.suse.de> SUSE Security Update: Security update for podman ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2346-1 Rating: moderate References: #1144065 Cross-References: CVE-2019-10214 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for podman fixes the following issues: Security issue fixed: - CVE-2019-10214: Fixed missing enforcement of TLS connections. (bsc#1144065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2019-2346=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): podman-1.4.4-4.11.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (noarch): podman-cni-config-1.4.4-4.11.1 References: https://www.suse.com/security/cve/CVE-2019-10214.html https://bugzilla.suse.com/1144065 From sle-updates at lists.suse.com Tue Sep 10 10:13:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 18:13:57 +0200 (CEST) Subject: SUSE-SU-2019:2349-1: moderate: Security update for libgcrypt Message-ID: <20190910161357.82F0BF798@maintenance.suse.de> SUSE Security Update: Security update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2349-1 Rating: moderate References: #1148987 Cross-References: CVE-2019-13627 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2349=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2349=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libgcrypt-cavs-1.8.2-6.20.1 libgcrypt-cavs-debuginfo-1.8.2-6.20.1 libgcrypt-debugsource-1.8.2-6.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-6.20.1 libgcrypt-devel-1.8.2-6.20.1 libgcrypt-devel-debuginfo-1.8.2-6.20.1 libgcrypt20-1.8.2-6.20.1 libgcrypt20-debuginfo-1.8.2-6.20.1 libgcrypt20-hmac-1.8.2-6.20.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libgcrypt20-32bit-1.8.2-6.20.1 libgcrypt20-32bit-debuginfo-1.8.2-6.20.1 libgcrypt20-hmac-32bit-1.8.2-6.20.1 References: https://www.suse.com/security/cve/CVE-2019-13627.html https://bugzilla.suse.com/1148987 From sle-updates at lists.suse.com Tue Sep 10 10:14:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 18:14:42 +0200 (CEST) Subject: SUSE-RU-2019:2343-1: important: Recommended update for cloud-regionsrv-client Message-ID: <20190910161442.255D7F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2343-1 Rating: important References: #1148644 #1149840 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Fixes an issue where repositories where missing on a system (bsc#1148644, bsc#1149840) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2343=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-9.0.4-52.19.1 cloud-regionsrv-client-generic-config-1.0.0-52.19.1 cloud-regionsrv-client-plugin-azure-1.0.1-52.19.1 cloud-regionsrv-client-plugin-ec2-1.0.0-52.19.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.19.1 References: https://bugzilla.suse.com/1148644 https://bugzilla.suse.com/1149840 From sle-updates at lists.suse.com Tue Sep 10 10:15:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 18:15:33 +0200 (CEST) Subject: SUSE-SU-2019:2348-1: moderate: Security update for ghostscript Message-ID: <20190910161533.3011BF798@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2348-1 Rating: moderate References: #1144621 Cross-References: CVE-2019-10216 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2348=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2348=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2348=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2348=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ghostscript-mini-9.26a-3.18.2 ghostscript-mini-debuginfo-9.26a-3.18.2 ghostscript-mini-debugsource-9.26a-3.18.2 ghostscript-mini-devel-9.26a-3.18.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ghostscript-mini-9.26a-3.18.2 ghostscript-mini-debuginfo-9.26a-3.18.2 ghostscript-mini-debugsource-9.26a-3.18.2 ghostscript-mini-devel-9.26a-3.18.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ghostscript-9.26a-3.18.2 ghostscript-debuginfo-9.26a-3.18.2 ghostscript-debugsource-9.26a-3.18.2 ghostscript-devel-9.26a-3.18.2 ghostscript-x11-9.26a-3.18.2 ghostscript-x11-debuginfo-9.26a-3.18.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ghostscript-9.26a-3.18.2 ghostscript-debuginfo-9.26a-3.18.2 ghostscript-debugsource-9.26a-3.18.2 ghostscript-devel-9.26a-3.18.2 ghostscript-x11-9.26a-3.18.2 ghostscript-x11-debuginfo-9.26a-3.18.2 References: https://www.suse.com/security/cve/CVE-2019-10216.html https://bugzilla.suse.com/1144621 From sle-updates at lists.suse.com Tue Sep 10 10:16:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 18:16:18 +0200 (CEST) Subject: SUSE-SU-2019:2345-1: important: Security update for webkit2gtk3 Message-ID: <20190910161618.1A473F798@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2345-1 Rating: important References: #1135715 #1148931 Cross-References: CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Updated to version 2.24.4 (bsc#1148931). Security issues fixed: - CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: - Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. - Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2345=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2345=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2345=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2345=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 webkit2gtk3-devel-2.24.4-2.47.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libwebkit2gtk3-lang-2.24.4-2.47.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1 libwebkit2gtk-4_0-37-2.24.4-2.47.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1 typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1 typelib-1_0-WebKit2-4_0-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1 webkit2gtk3-debugsource-2.24.4-2.47.1 References: https://www.suse.com/security/cve/CVE-2019-8595.html https://www.suse.com/security/cve/CVE-2019-8607.html https://www.suse.com/security/cve/CVE-2019-8615.html https://www.suse.com/security/cve/CVE-2019-8644.html https://www.suse.com/security/cve/CVE-2019-8649.html https://www.suse.com/security/cve/CVE-2019-8658.html https://www.suse.com/security/cve/CVE-2019-8666.html https://www.suse.com/security/cve/CVE-2019-8669.html https://www.suse.com/security/cve/CVE-2019-8671.html https://www.suse.com/security/cve/CVE-2019-8672.html https://www.suse.com/security/cve/CVE-2019-8673.html https://www.suse.com/security/cve/CVE-2019-8676.html https://www.suse.com/security/cve/CVE-2019-8677.html https://www.suse.com/security/cve/CVE-2019-8678.html https://www.suse.com/security/cve/CVE-2019-8679.html https://www.suse.com/security/cve/CVE-2019-8680.html https://www.suse.com/security/cve/CVE-2019-8681.html https://www.suse.com/security/cve/CVE-2019-8683.html https://www.suse.com/security/cve/CVE-2019-8684.html https://www.suse.com/security/cve/CVE-2019-8686.html https://www.suse.com/security/cve/CVE-2019-8687.html https://www.suse.com/security/cve/CVE-2019-8688.html https://www.suse.com/security/cve/CVE-2019-8689.html https://www.suse.com/security/cve/CVE-2019-8690.html https://bugzilla.suse.com/1135715 https://bugzilla.suse.com/1148931 From sle-updates at lists.suse.com Tue Sep 10 10:17:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 18:17:04 +0200 (CEST) Subject: SUSE-RU-2019:2342-1: moderate: Recommended update for rubygem-chef Message-ID: <20190910161704.DDF10F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for rubygem-chef ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2342-1 Rating: moderate References: #1140267 Affected Products: SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rubygem-chef fixes the following issues: - adjust rescue-encoding-json-error.patch to pretty print inspect results and force encode the content (SOC-9954) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2342=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-chef-10.32.2-7.3.1 rubygem-chef-10.32.2-7.3.1 References: https://bugzilla.suse.com/1140267 From sle-updates at lists.suse.com Tue Sep 10 13:11:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 10 Sep 2019 21:11:42 +0200 (CEST) Subject: SUSE-SU-2019:2350-1: important: Security update for python-SQLAlchemy Message-ID: <20190910191142.E5EBAF798@maintenance.suse.de> SUSE Security Update: Security update for python-SQLAlchemy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2350-1 Rating: important References: #1124593 Cross-References: CVE-2019-7164 CVE-2019-7548 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-SQLAlchemy fixes the following issues: Security issues fixed: - CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593). - CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2350=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2350=1 Package List: - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-SQLAlchemy-1.0.14-4.3.1 python-SQLAlchemy-debuginfo-1.0.14-4.3.1 python-SQLAlchemy-debugsource-1.0.14-4.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-SQLAlchemy-1.0.14-4.3.1 python-SQLAlchemy-debuginfo-1.0.14-4.3.1 python-SQLAlchemy-debugsource-1.0.14-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-7164.html https://www.suse.com/security/cve/CVE-2019-7548.html https://bugzilla.suse.com/1124593 From sle-updates at lists.suse.com Wed Sep 11 04:11:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Sep 2019 12:11:20 +0200 (CEST) Subject: SUSE-RU-2019:2351-1: moderate: Recommended update for libtcnative-1-0 Message-ID: <20190911101120.4DFE6F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtcnative-1-0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2351-1 Rating: moderate References: #1144296 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtcnative-1-0 fixes the following issues: - Upgrade to libtcnative-1.2.23 to fix compatibility with Tomcat. (bsc#1144296) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2351=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2351=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libtcnative-1-0-debuginfo-1.2.23-3.3.3 libtcnative-1-0-debugsource-1.2.23-3.3.3 libtcnative-1-0-devel-1.2.23-3.3.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libtcnative-1-0-1.2.23-3.3.3 libtcnative-1-0-debuginfo-1.2.23-3.3.3 libtcnative-1-0-debugsource-1.2.23-3.3.3 References: https://bugzilla.suse.com/1144296 From sle-updates at lists.suse.com Wed Sep 11 04:12:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Sep 2019 12:12:07 +0200 (CEST) Subject: SUSE-SU-2019:2353-1: important: Security update for qemu Message-ID: <20190911101207.C1AF2F798@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2353-1 Rating: important References: #1079730 #1098403 #1111025 #1127077 #1134880 #1135902 #1136528 #1136777 #1139926 #1140402 #1141043 #1143794 Cross-References: CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves three vulnerabilities and has 9 fixes is now available. Description: This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements: - Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134880) (fate#327764). - Add support for one more security/performance related vcpu feature (bsc#1136777) (fate#327795). - Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025). - Ignore csske for expanding the cpu model (bsc#1136528). - Provide qcow2 L2 caching improvements, which allows for better storage performance in certain configurations (bsc#1139926, ECO-130). - Fixed virsh migrate-setspeed (bsc#1127077, bsc#1141043). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2353=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2353=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): qemu-2.11.2-5.18.1 qemu-block-curl-2.11.2-5.18.1 qemu-block-curl-debuginfo-2.11.2-5.18.1 qemu-block-iscsi-2.11.2-5.18.1 qemu-block-iscsi-debuginfo-2.11.2-5.18.1 qemu-block-ssh-2.11.2-5.18.1 qemu-block-ssh-debuginfo-2.11.2-5.18.1 qemu-debugsource-2.11.2-5.18.1 qemu-guest-agent-2.11.2-5.18.1 qemu-guest-agent-debuginfo-2.11.2-5.18.1 qemu-lang-2.11.2-5.18.1 qemu-tools-2.11.2-5.18.1 qemu-tools-debuginfo-2.11.2-5.18.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 x86_64): qemu-block-rbd-2.11.2-5.18.1 qemu-block-rbd-debuginfo-2.11.2-5.18.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): qemu-kvm-2.11.2-5.18.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le): qemu-ppc-2.11.2-5.18.1 qemu-ppc-debuginfo-2.11.2-5.18.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64): qemu-arm-2.11.2-5.18.1 qemu-arm-debuginfo-2.11.2-5.18.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): qemu-x86-2.11.2-5.18.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): qemu-ipxe-1.0.0+-5.18.1 qemu-seabios-1.11.0-5.18.1 qemu-sgabios-8-5.18.1 qemu-vgabios-1.11.0-5.18.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): qemu-s390-2.11.2-5.18.1 qemu-s390-debuginfo-2.11.2-5.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): qemu-ipxe-1.0.0+-5.18.1 qemu-seabios-1.11.0-5.18.1 qemu-sgabios-8-5.18.1 qemu-vgabios-1.11.0-5.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): qemu-2.11.2-5.18.1 qemu-block-curl-2.11.2-5.18.1 qemu-block-curl-debuginfo-2.11.2-5.18.1 qemu-debugsource-2.11.2-5.18.1 qemu-kvm-2.11.2-5.18.1 qemu-tools-2.11.2-5.18.1 qemu-tools-debuginfo-2.11.2-5.18.1 qemu-x86-2.11.2-5.18.1 References: https://www.suse.com/security/cve/CVE-2019-12155.html https://www.suse.com/security/cve/CVE-2019-13164.html https://www.suse.com/security/cve/CVE-2019-14378.html https://bugzilla.suse.com/1079730 https://bugzilla.suse.com/1098403 https://bugzilla.suse.com/1111025 https://bugzilla.suse.com/1127077 https://bugzilla.suse.com/1134880 https://bugzilla.suse.com/1135902 https://bugzilla.suse.com/1136528 https://bugzilla.suse.com/1136777 https://bugzilla.suse.com/1139926 https://bugzilla.suse.com/1140402 https://bugzilla.suse.com/1141043 https://bugzilla.suse.com/1143794 From sle-updates at lists.suse.com Wed Sep 11 04:14:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Sep 2019 12:14:36 +0200 (CEST) Subject: SUSE-RU-2019:2352-1: moderate: Recommended update for rsyslog Message-ID: <20190911101436.DC249F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2352-1 Rating: moderate References: #1146872 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog brings support for the "mmkubernetes" rsyslog module. (FATE#327800 bsc#1146872) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2352=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2352=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2352=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2352=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2352=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2352=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.17.1 rsyslog-debugsource-8.33.1-3.17.1 rsyslog-module-gssapi-8.33.1-3.17.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.17.1 rsyslog-module-gtls-8.33.1-3.17.1 rsyslog-module-gtls-debuginfo-8.33.1-3.17.1 rsyslog-module-mmnormalize-8.33.1-3.17.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.17.1 rsyslog-module-mysql-8.33.1-3.17.1 rsyslog-module-mysql-debuginfo-8.33.1-3.17.1 rsyslog-module-pgsql-8.33.1-3.17.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.17.1 rsyslog-module-relp-8.33.1-3.17.1 rsyslog-module-relp-debuginfo-8.33.1-3.17.1 rsyslog-module-snmp-8.33.1-3.17.1 rsyslog-module-snmp-debuginfo-8.33.1-3.17.1 rsyslog-module-udpspoof-8.33.1-3.17.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.17.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.17.1 rsyslog-debugsource-8.33.1-3.17.1 rsyslog-module-gssapi-8.33.1-3.17.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.17.1 rsyslog-module-gtls-8.33.1-3.17.1 rsyslog-module-gtls-debuginfo-8.33.1-3.17.1 rsyslog-module-mmnormalize-8.33.1-3.17.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.17.1 rsyslog-module-mysql-8.33.1-3.17.1 rsyslog-module-mysql-debuginfo-8.33.1-3.17.1 rsyslog-module-pgsql-8.33.1-3.17.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.17.1 rsyslog-module-relp-8.33.1-3.17.1 rsyslog-module-relp-debuginfo-8.33.1-3.17.1 rsyslog-module-snmp-8.33.1-3.17.1 rsyslog-module-snmp-debuginfo-8.33.1-3.17.1 rsyslog-module-udpspoof-8.33.1-3.17.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.17.1 rsyslog-debugsource-8.33.1-3.17.1 rsyslog-diag-tools-8.33.1-3.17.1 rsyslog-diag-tools-debuginfo-8.33.1-3.17.1 rsyslog-doc-8.33.1-3.17.1 rsyslog-module-dbi-8.33.1-3.17.1 rsyslog-module-dbi-debuginfo-8.33.1-3.17.1 rsyslog-module-elasticsearch-8.33.1-3.17.1 rsyslog-module-elasticsearch-debuginfo-8.33.1-3.17.1 rsyslog-module-gcrypt-8.33.1-3.17.1 rsyslog-module-gcrypt-debuginfo-8.33.1-3.17.1 rsyslog-module-mmnormalize-8.33.1-3.17.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.17.1 rsyslog-module-omamqp1-8.33.1-3.17.1 rsyslog-module-omamqp1-debuginfo-8.33.1-3.17.1 rsyslog-module-omhttpfs-8.33.1-3.17.1 rsyslog-module-omhttpfs-debuginfo-8.33.1-3.17.1 rsyslog-module-omtcl-8.33.1-3.17.1 rsyslog-module-omtcl-debuginfo-8.33.1-3.17.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.17.1 rsyslog-debugsource-8.33.1-3.17.1 rsyslog-diag-tools-8.33.1-3.17.1 rsyslog-diag-tools-debuginfo-8.33.1-3.17.1 rsyslog-doc-8.33.1-3.17.1 rsyslog-module-dbi-8.33.1-3.17.1 rsyslog-module-dbi-debuginfo-8.33.1-3.17.1 rsyslog-module-elasticsearch-8.33.1-3.17.1 rsyslog-module-elasticsearch-debuginfo-8.33.1-3.17.1 rsyslog-module-gcrypt-8.33.1-3.17.1 rsyslog-module-gcrypt-debuginfo-8.33.1-3.17.1 rsyslog-module-gtls-8.33.1-3.17.1 rsyslog-module-gtls-debuginfo-8.33.1-3.17.1 rsyslog-module-mmnormalize-8.33.1-3.17.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.17.1 rsyslog-module-omamqp1-8.33.1-3.17.1 rsyslog-module-omamqp1-debuginfo-8.33.1-3.17.1 rsyslog-module-omhttpfs-8.33.1-3.17.1 rsyslog-module-omhttpfs-debuginfo-8.33.1-3.17.1 rsyslog-module-omtcl-8.33.1-3.17.1 rsyslog-module-omtcl-debuginfo-8.33.1-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): rsyslog-8.33.1-3.17.1 rsyslog-debuginfo-8.33.1-3.17.1 rsyslog-debugsource-8.33.1-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): rsyslog-8.33.1-3.17.1 rsyslog-debuginfo-8.33.1-3.17.1 rsyslog-debugsource-8.33.1-3.17.1 References: https://bugzilla.suse.com/1146872 From sle-updates at lists.suse.com Wed Sep 11 10:11:04 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Sep 2019 18:11:04 +0200 (CEST) Subject: SUSE-RU-2019:2356-1: moderate: Recommended update for nfs-utils Message-ID: <20190911161104.62313F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2356-1 Rating: moderate References: #1137262 #983491 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - The -u option of 'exportfs' will now fail when IP addresses are unresolvable (bsc#1137262, bsc#983491) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2356=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2356=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): nfs-client-1.3.0-34.18.1 nfs-client-debuginfo-1.3.0-34.18.1 nfs-doc-1.3.0-34.18.1 nfs-kernel-server-1.3.0-34.18.1 nfs-kernel-server-debuginfo-1.3.0-34.18.1 nfs-utils-debugsource-1.3.0-34.18.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): nfs-client-1.3.0-34.18.1 nfs-client-debuginfo-1.3.0-34.18.1 nfs-kernel-server-1.3.0-34.18.1 nfs-kernel-server-debuginfo-1.3.0-34.18.1 nfs-utils-debugsource-1.3.0-34.18.1 - SUSE CaaS Platform 3.0 (x86_64): nfs-client-1.3.0-34.18.1 nfs-client-debuginfo-1.3.0-34.18.1 nfs-utils-debugsource-1.3.0-34.18.1 References: https://bugzilla.suse.com/1137262 https://bugzilla.suse.com/983491 From sle-updates at lists.suse.com Wed Sep 11 13:10:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Sep 2019 21:10:58 +0200 (CEST) Subject: SUSE-RU-2019:2357-1: moderate: Recommended update for lmdb Message-ID: <20190911191058.12574F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for lmdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2357-1 Rating: moderate References: #1136132 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lmdb fixes the following issues: - Fix occasional crash when freed pages landed on the dirty list twice (bsc#1136132). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2357=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2357=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2357=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): lmdb-0.9.17-4.3.1 lmdb-debuginfo-0.9.17-4.3.1 lmdb-debugsource-0.9.17-4.3.1 lmdb-devel-0.9.17-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x): liblmdb-0_9_17-0.9.17-4.3.1 liblmdb-0_9_17-debuginfo-0.9.17-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): liblmdb-0_9_17-32bit-0.9.17-4.3.1 liblmdb-0_9_17-32bit-debuginfo-0.9.17-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): liblmdb-0_9_17-0.9.17-4.3.1 liblmdb-0_9_17-debuginfo-0.9.17-4.3.1 lmdb-0.9.17-4.3.1 lmdb-debuginfo-0.9.17-4.3.1 lmdb-debugsource-0.9.17-4.3.1 lmdb-devel-0.9.17-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): liblmdb-0_9_17-0.9.17-4.3.1 liblmdb-0_9_17-debuginfo-0.9.17-4.3.1 lmdb-debuginfo-0.9.17-4.3.1 lmdb-debugsource-0.9.17-4.3.1 References: https://bugzilla.suse.com/1136132 From sle-updates at lists.suse.com Wed Sep 11 13:11:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Sep 2019 21:11:40 +0200 (CEST) Subject: SUSE-SU-2019:2358-1: moderate: Security update for python-Werkzeug Message-ID: <20190911191140.0E6D1F798@maintenance.suse.de> SUSE Security Update: Security update for python-Werkzeug ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2358-1 Rating: moderate References: #1145383 Cross-References: CVE-2019-14806 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2358=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2358=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2358=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-Werkzeug-0.12.2-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-Werkzeug-0.12.2-3.3.1 - HPE Helion Openstack 8 (noarch): python-Werkzeug-0.12.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-14806.html https://bugzilla.suse.com/1145383 From sle-updates at lists.suse.com Wed Sep 11 13:12:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Sep 2019 21:12:22 +0200 (CEST) Subject: SUSE-RU-2019:2354-1: important: Recommended update for cloud-init Message-ID: <20190911191222.79106F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2354-1 Rating: important References: #1136440 #1141969 #1144363 #1144881 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for cloud-init fixes the following issues: - Properly handle static routes. The EphemeralDHCP context manager did not parse or handle rfc3442 classless static routes which prevented reading datasource metadata in some clouds (bsc#1141969) - Fixes an issue where udevadm settle was executed incorrectly (bsc#1144363) - If no routes are set for a subnet but the subnet has a gateway specified, set the gateway as the default route for the interface (bsc#1144881) - Fixes an issue where the OpenStack data source could not be detected on VMWare Integrated OpenStack (VIO). This has resulted in an unconfigured instance (bsc#1136440) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2354=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2354=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): cloud-init-19.1-5.11.1 cloud-init-config-suse-19.1-5.11.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cloud-init-doc-19.1-5.11.1 References: https://bugzilla.suse.com/1136440 https://bugzilla.suse.com/1141969 https://bugzilla.suse.com/1144363 https://bugzilla.suse.com/1144881 From sle-updates at lists.suse.com Wed Sep 11 13:16:28 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 11 Sep 2019 21:16:28 +0200 (CEST) Subject: SUSE-RU-2019:2355-1: moderate: Recommended update for lvm2 Message-ID: <20190911191628.62E01F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2355-1 Rating: moderate References: #1122666 #1135984 #1137296 #1145232 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Fixes an issue where the message 'unknown feature in status' message was wrongly shown (bsc#1135984) - Fixes an issue with the usage of device aliases with lvmetad (bsc#1137296) - Fixes an issue with SD card readers where the error 'open failed: No medium found' was shown (bsc#1122666) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2355=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2355=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2355=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2355=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-devel-1.02.149-9.12.3 lvm2-debuginfo-2.02.180-9.12.3 lvm2-debugsource-2.02.180-9.12.3 lvm2-devel-2.02.180-9.12.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-9.12.3 device-mapper-debuginfo-1.02.149-9.12.3 lvm2-2.02.180-9.12.3 lvm2-debuginfo-2.02.180-9.12.3 lvm2-debugsource-2.02.180-9.12.3 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): device-mapper-32bit-1.02.149-9.12.3 device-mapper-debuginfo-32bit-1.02.149-9.12.3 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.12.3 lvm2-clvm-debuginfo-2.02.180-9.12.3 lvm2-cmirrord-2.02.180-9.12.3 lvm2-cmirrord-debuginfo-2.02.180-9.12.3 lvm2-debuginfo-2.02.180-9.12.3 lvm2-debugsource-2.02.180-9.12.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): device-mapper-1.02.149-9.12.3 device-mapper-32bit-1.02.149-9.12.3 device-mapper-debuginfo-1.02.149-9.12.3 device-mapper-debuginfo-32bit-1.02.149-9.12.3 lvm2-2.02.180-9.12.3 lvm2-debuginfo-2.02.180-9.12.3 lvm2-debugsource-2.02.180-9.12.3 References: https://bugzilla.suse.com/1122666 https://bugzilla.suse.com/1135984 https://bugzilla.suse.com/1137296 https://bugzilla.suse.com/1145232 From sle-updates at lists.suse.com Wed Sep 11 16:11:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 00:11:05 +0200 (CEST) Subject: SUSE-SU-2019:2227-2: important: Security update for libvirt Message-ID: <20190911221105.A821DF798@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2227-2 Rating: important References: #1133719 #1138301 #1138303 #1138734 Cross-References: CVE-2019-10161 CVE-2019-10167 Affected Products: SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issues fixed: - Fixed an issue with short bitmaps when setting vcpu affinity using the vcpupin (bsc#1138734). - Added support for overriding max threads per process limit (bsc#1133719) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2227=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2227=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2227=1 Package List: - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): libvirt-3.3.0-5.40.1 libvirt-admin-3.3.0-5.40.1 libvirt-admin-debuginfo-3.3.0-5.40.1 libvirt-client-3.3.0-5.40.1 libvirt-client-debuginfo-3.3.0-5.40.1 libvirt-daemon-3.3.0-5.40.1 libvirt-daemon-config-network-3.3.0-5.40.1 libvirt-daemon-config-nwfilter-3.3.0-5.40.1 libvirt-daemon-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-interface-3.3.0-5.40.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-lxc-3.3.0-5.40.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-network-3.3.0-5.40.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-qemu-3.3.0-5.40.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-secret-3.3.0-5.40.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-hooks-3.3.0-5.40.1 libvirt-daemon-lxc-3.3.0-5.40.1 libvirt-daemon-qemu-3.3.0-5.40.1 libvirt-debugsource-3.3.0-5.40.1 libvirt-doc-3.3.0-5.40.1 libvirt-libs-3.3.0-5.40.1 libvirt-libs-debuginfo-3.3.0-5.40.1 libvirt-lock-sanlock-3.3.0-5.40.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.40.1 libvirt-nss-3.3.0-5.40.1 libvirt-nss-debuginfo-3.3.0-5.40.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libvirt-3.3.0-5.40.1 libvirt-admin-3.3.0-5.40.1 libvirt-admin-debuginfo-3.3.0-5.40.1 libvirt-client-3.3.0-5.40.1 libvirt-client-debuginfo-3.3.0-5.40.1 libvirt-daemon-3.3.0-5.40.1 libvirt-daemon-config-network-3.3.0-5.40.1 libvirt-daemon-config-nwfilter-3.3.0-5.40.1 libvirt-daemon-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-interface-3.3.0-5.40.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-libxl-3.3.0-5.40.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-lxc-3.3.0-5.40.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-network-3.3.0-5.40.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-qemu-3.3.0-5.40.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-secret-3.3.0-5.40.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-hooks-3.3.0-5.40.1 libvirt-daemon-lxc-3.3.0-5.40.1 libvirt-daemon-qemu-3.3.0-5.40.1 libvirt-daemon-xen-3.3.0-5.40.1 libvirt-debugsource-3.3.0-5.40.1 libvirt-doc-3.3.0-5.40.1 libvirt-libs-3.3.0-5.40.1 libvirt-libs-debuginfo-3.3.0-5.40.1 libvirt-lock-sanlock-3.3.0-5.40.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.40.1 libvirt-nss-3.3.0-5.40.1 libvirt-nss-debuginfo-3.3.0-5.40.1 - SUSE Enterprise Storage 5 (aarch64): libvirt-3.3.0-5.40.1 libvirt-admin-3.3.0-5.40.1 libvirt-admin-debuginfo-3.3.0-5.40.1 libvirt-client-3.3.0-5.40.1 libvirt-client-debuginfo-3.3.0-5.40.1 libvirt-daemon-3.3.0-5.40.1 libvirt-daemon-config-network-3.3.0-5.40.1 libvirt-daemon-config-nwfilter-3.3.0-5.40.1 libvirt-daemon-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-interface-3.3.0-5.40.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-lxc-3.3.0-5.40.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-network-3.3.0-5.40.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-3.3.0-5.40.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-3.3.0-5.40.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-qemu-3.3.0-5.40.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-secret-3.3.0-5.40.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-3.3.0-5.40.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-3.3.0-5.40.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-3.3.0-5.40.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.40.1 libvirt-daemon-hooks-3.3.0-5.40.1 libvirt-daemon-lxc-3.3.0-5.40.1 libvirt-daemon-qemu-3.3.0-5.40.1 libvirt-debugsource-3.3.0-5.40.1 libvirt-doc-3.3.0-5.40.1 libvirt-libs-3.3.0-5.40.1 libvirt-libs-debuginfo-3.3.0-5.40.1 libvirt-lock-sanlock-3.3.0-5.40.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.40.1 libvirt-nss-3.3.0-5.40.1 libvirt-nss-debuginfo-3.3.0-5.40.1 References: https://www.suse.com/security/cve/CVE-2019-10161.html https://www.suse.com/security/cve/CVE-2019-10167.html https://bugzilla.suse.com/1133719 https://bugzilla.suse.com/1138301 https://bugzilla.suse.com/1138303 https://bugzilla.suse.com/1138734 From sle-updates at lists.suse.com Thu Sep 12 04:11:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 12:11:01 +0200 (CEST) Subject: SUSE-RU-2019:2363-1: moderate: Recommended update for krb5 Message-ID: <20190912101101.25785F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2363-1 Rating: moderate References: #1081947 #1144047 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2363=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2363=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2363=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.15.2-6.9.1 krb5-debugsource-1.15.2-6.9.1 krb5-plugin-kdb-ldap-1.15.2-6.9.1 krb5-plugin-kdb-ldap-debuginfo-1.15.2-6.9.1 krb5-server-1.15.2-6.9.1 krb5-server-debuginfo-1.15.2-6.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): krb5-mini-1.15.2-6.9.1 krb5-mini-debuginfo-1.15.2-6.9.1 krb5-mini-debugsource-1.15.2-6.9.1 krb5-mini-devel-1.15.2-6.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): krb5-1.15.2-6.9.1 krb5-client-1.15.2-6.9.1 krb5-client-debuginfo-1.15.2-6.9.1 krb5-debuginfo-1.15.2-6.9.1 krb5-debugsource-1.15.2-6.9.1 krb5-devel-1.15.2-6.9.1 krb5-plugin-preauth-otp-1.15.2-6.9.1 krb5-plugin-preauth-otp-debuginfo-1.15.2-6.9.1 krb5-plugin-preauth-pkinit-1.15.2-6.9.1 krb5-plugin-preauth-pkinit-debuginfo-1.15.2-6.9.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): krb5-32bit-1.15.2-6.9.1 krb5-32bit-debuginfo-1.15.2-6.9.1 References: https://bugzilla.suse.com/1081947 https://bugzilla.suse.com/1144047 From sle-updates at lists.suse.com Thu Sep 12 04:11:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 12:11:50 +0200 (CEST) Subject: SUSE-RU-2019:2360-1: moderate: Recommended update for desktop-file-utils Message-ID: <20190912101150.59FF2F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for desktop-file-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2360-1 Rating: moderate References: #1094774 #1148080 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for desktop-file-utils fixes the following issues: - Added Pantheon to desktop env list (bsc#1094774) - Fix for update-desktop-database to recognize font media types. (bsc#1148080) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2360=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2360=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): desktop-file-utils-0.23-4.5.1 desktop-file-utils-debuginfo-0.23-4.5.1 desktop-file-utils-debugsource-0.23-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): desktop-file-utils-0.23-4.5.1 desktop-file-utils-debuginfo-0.23-4.5.1 desktop-file-utils-debugsource-0.23-4.5.1 References: https://bugzilla.suse.com/1094774 https://bugzilla.suse.com/1148080 From sle-updates at lists.suse.com Thu Sep 12 04:12:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 12:12:45 +0200 (CEST) Subject: SUSE-RU-2019:2362-1: moderate: Recommended update for python-cairo Message-ID: <20190912101245.21A0DF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-cairo ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2362-1 Rating: moderate References: #1142582 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-cairo does not fix any visible issues to users. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2019-2362=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2362=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2362=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2362=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2362=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2362=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2362=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2362=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python2-cairo-1.15.1-3.3.1 python2-cairo-debuginfo-1.15.1-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python2-cairo-devel-1.15.1-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python2-cairo-devel-1.15.1-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python2-cairo-devel-1.15.1-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): python-cairo-common-devel-1.15.1-3.3.1 python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python3-cairo-devel-1.15.1-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): python-cairo-common-devel-1.15.1-3.3.1 python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python3-cairo-devel-1.15.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python3-cairo-1.15.1-3.3.1 python3-cairo-debuginfo-1.15.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-3.3.1 python-cairo-debugsource-1.15.1-3.3.1 python2-cairo-1.15.1-3.3.1 python2-cairo-debuginfo-1.15.1-3.3.1 python3-cairo-1.15.1-3.3.1 python3-cairo-debuginfo-1.15.1-3.3.1 References: https://bugzilla.suse.com/1142582 From sle-updates at lists.suse.com Thu Sep 12 04:13:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 12:13:33 +0200 (CEST) Subject: SUSE-RU-2019:2361-1: moderate: Recommended update for krb5 Message-ID: <20190912101333.B5F1EF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2361-1 Rating: moderate References: #1081947 #1144047 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2361=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2361=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2361=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.16.3-3.6.1 krb5-debugsource-1.16.3-3.6.1 krb5-plugin-kdb-ldap-1.16.3-3.6.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.6.1 krb5-server-1.16.3-3.6.1 krb5-server-debuginfo-1.16.3-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): krb5-mini-1.16.3-3.6.1 krb5-mini-debuginfo-1.16.3-3.6.1 krb5-mini-debugsource-1.16.3-3.6.1 krb5-mini-devel-1.16.3-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): krb5-32bit-debuginfo-1.16.3-3.6.1 krb5-debugsource-1.16.3-3.6.1 krb5-devel-32bit-1.16.3-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): krb5-1.16.3-3.6.1 krb5-client-1.16.3-3.6.1 krb5-client-debuginfo-1.16.3-3.6.1 krb5-debuginfo-1.16.3-3.6.1 krb5-debugsource-1.16.3-3.6.1 krb5-devel-1.16.3-3.6.1 krb5-plugin-preauth-otp-1.16.3-3.6.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.6.1 krb5-plugin-preauth-pkinit-1.16.3-3.6.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): krb5-32bit-1.16.3-3.6.1 krb5-32bit-debuginfo-1.16.3-3.6.1 References: https://bugzilla.suse.com/1081947 https://bugzilla.suse.com/1144047 From sle-updates at lists.suse.com Thu Sep 12 07:10:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 15:10:55 +0200 (CEST) Subject: SUSE-SU-2019:2365-1: moderate: Security update for python-Werkzeug Message-ID: <20190912131055.B4172F798@maintenance.suse.de> SUSE Security Update: Security update for python-Werkzeug ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2365-1 Rating: moderate References: #1145383 Cross-References: CVE-2019-14806 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2365=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2365=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python-Werkzeug-doc-0.14.1-6.3.1 python2-Werkzeug-0.14.1-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-Werkzeug-0.14.1-6.3.1 References: https://www.suse.com/security/cve/CVE-2019-14806.html https://bugzilla.suse.com/1145383 From sle-updates at lists.suse.com Thu Sep 12 07:11:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 15:11:36 +0200 (CEST) Subject: SUSE-SU-2019:2364-1: moderate: Security update for ceph Message-ID: <20190912131136.1D85EF798@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2364-1 Rating: moderate References: #1121567 #1149961 Cross-References: CVE-2018-16889 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ceph to version 12.2.12-594-g02236657ca fixes the following issues: Security issues fixed: - CVE-2018-16889: Fixed missing sanitation of customer encryption keys from log output in v4 auth. (bsc#1121567) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2364=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2364=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2364=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2364=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.12+git.1568024032.02236657ca-2.39.1 libcephfs-devel-12.2.12+git.1568024032.02236657ca-2.39.1 librados-devel-12.2.12+git.1568024032.02236657ca-2.39.1 librados-devel-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librbd-devel-12.2.12+git.1568024032.02236657ca-2.39.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-common-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-debugsource-12.2.12+git.1568024032.02236657ca-2.39.1 libcephfs2-12.2.12+git.1568024032.02236657ca-2.39.1 libcephfs2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librados2-12.2.12+git.1568024032.02236657ca-2.39.1 librados2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 libradosstriper1-12.2.12+git.1568024032.02236657ca-2.39.1 libradosstriper1-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librbd1-12.2.12+git.1568024032.02236657ca-2.39.1 librbd1-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librgw2-12.2.12+git.1568024032.02236657ca-2.39.1 librgw2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-cephfs-12.2.12+git.1568024032.02236657ca-2.39.1 python-cephfs-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rados-12.2.12+git.1568024032.02236657ca-2.39.1 python-rados-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rbd-12.2.12+git.1568024032.02236657ca-2.39.1 python-rbd-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rgw-12.2.12+git.1568024032.02236657ca-2.39.1 python-rgw-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ceph-common-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-common-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-debugsource-12.2.12+git.1568024032.02236657ca-2.39.1 libcephfs2-12.2.12+git.1568024032.02236657ca-2.39.1 libcephfs2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librados2-12.2.12+git.1568024032.02236657ca-2.39.1 librados2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 libradosstriper1-12.2.12+git.1568024032.02236657ca-2.39.1 libradosstriper1-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librbd1-12.2.12+git.1568024032.02236657ca-2.39.1 librbd1-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librgw2-12.2.12+git.1568024032.02236657ca-2.39.1 librgw2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-cephfs-12.2.12+git.1568024032.02236657ca-2.39.1 python-cephfs-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rados-12.2.12+git.1568024032.02236657ca-2.39.1 python-rados-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rbd-12.2.12+git.1568024032.02236657ca-2.39.1 python-rbd-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rgw-12.2.12+git.1568024032.02236657ca-2.39.1 python-rgw-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-base-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-base-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-common-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-common-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-debugsource-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-fuse-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-fuse-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-mds-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-mds-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-mgr-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-mgr-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-mon-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-mon-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-osd-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-osd-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-radosgw-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-radosgw-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 libcephfs2-12.2.12+git.1568024032.02236657ca-2.39.1 libcephfs2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librados2-12.2.12+git.1568024032.02236657ca-2.39.1 librados2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 libradosstriper1-12.2.12+git.1568024032.02236657ca-2.39.1 libradosstriper1-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librbd1-12.2.12+git.1568024032.02236657ca-2.39.1 librbd1-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librgw2-12.2.12+git.1568024032.02236657ca-2.39.1 librgw2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-ceph-compat-12.2.12+git.1568024032.02236657ca-2.39.1 python-cephfs-12.2.12+git.1568024032.02236657ca-2.39.1 python-cephfs-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rados-12.2.12+git.1568024032.02236657ca-2.39.1 python-rados-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rbd-12.2.12+git.1568024032.02236657ca-2.39.1 python-rbd-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rgw-12.2.12+git.1568024032.02236657ca-2.39.1 python-rgw-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python3-ceph-argparse-12.2.12+git.1568024032.02236657ca-2.39.1 python3-cephfs-12.2.12+git.1568024032.02236657ca-2.39.1 python3-cephfs-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python3-rados-12.2.12+git.1568024032.02236657ca-2.39.1 python3-rados-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python3-rbd-12.2.12+git.1568024032.02236657ca-2.39.1 python3-rbd-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python3-rgw-12.2.12+git.1568024032.02236657ca-2.39.1 python3-rgw-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 rbd-fuse-12.2.12+git.1568024032.02236657ca-2.39.1 rbd-fuse-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 rbd-mirror-12.2.12+git.1568024032.02236657ca-2.39.1 rbd-mirror-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 rbd-nbd-12.2.12+git.1568024032.02236657ca-2.39.1 rbd-nbd-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 - SUSE CaaS Platform 3.0 (x86_64): ceph-common-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-common-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 ceph-debugsource-12.2.12+git.1568024032.02236657ca-2.39.1 libcephfs2-12.2.12+git.1568024032.02236657ca-2.39.1 libcephfs2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librados2-12.2.12+git.1568024032.02236657ca-2.39.1 librados2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 libradosstriper1-12.2.12+git.1568024032.02236657ca-2.39.1 libradosstriper1-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librbd1-12.2.12+git.1568024032.02236657ca-2.39.1 librbd1-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 librgw2-12.2.12+git.1568024032.02236657ca-2.39.1 librgw2-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-cephfs-12.2.12+git.1568024032.02236657ca-2.39.1 python-cephfs-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rados-12.2.12+git.1568024032.02236657ca-2.39.1 python-rados-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rbd-12.2.12+git.1568024032.02236657ca-2.39.1 python-rbd-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 python-rgw-12.2.12+git.1568024032.02236657ca-2.39.1 python-rgw-debuginfo-12.2.12+git.1568024032.02236657ca-2.39.1 References: https://www.suse.com/security/cve/CVE-2018-16889.html https://bugzilla.suse.com/1121567 https://bugzilla.suse.com/1149961 From sle-updates at lists.suse.com Thu Sep 12 13:44:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 21:44:50 +0200 (CEST) Subject: SUSE-SU-2019:2371-1: important: Security update for java-1_8_0-ibm Message-ID: <20190912194450.31584F798@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2371-1 Rating: important References: #1122292 #1122299 #1141780 #1141782 #1141783 #1141785 #1141787 #1141789 #1147021 Cross-References: CVE-2018-11212 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-2449 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2371=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2371=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2371=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2371=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2371=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2371=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2371=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2371=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2371=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2371=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2371=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2371=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2371=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2371=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2371=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2371=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2371=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2371=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-devel-1.8.0_sr5.40-30.54.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-devel-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-devel-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-devel-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-devel-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-devel-1.8.0_sr5.40-30.54.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Enterprise Storage 5 (x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - SUSE Enterprise Storage 4 (x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-devel-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 - HPE Helion Openstack 8 (x86_64): java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54.1 java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54.1 References: https://www.suse.com/security/cve/CVE-2018-11212.html https://www.suse.com/security/cve/CVE-2019-11771.html https://www.suse.com/security/cve/CVE-2019-11772.html https://www.suse.com/security/cve/CVE-2019-11775.html https://www.suse.com/security/cve/CVE-2019-2449.html https://www.suse.com/security/cve/CVE-2019-2762.html https://www.suse.com/security/cve/CVE-2019-2766.html https://www.suse.com/security/cve/CVE-2019-2769.html https://www.suse.com/security/cve/CVE-2019-2786.html https://www.suse.com/security/cve/CVE-2019-2816.html https://www.suse.com/security/cve/CVE-2019-4473.html https://www.suse.com/security/cve/CVE-2019-7317.html https://bugzilla.suse.com/1122292 https://bugzilla.suse.com/1122299 https://bugzilla.suse.com/1141780 https://bugzilla.suse.com/1141782 https://bugzilla.suse.com/1141783 https://bugzilla.suse.com/1141785 https://bugzilla.suse.com/1141787 https://bugzilla.suse.com/1141789 https://bugzilla.suse.com/1147021 From sle-updates at lists.suse.com Thu Sep 12 13:50:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 21:50:13 +0200 (CEST) Subject: SUSE-SU-2019:2374-1: important: Security update for python-SQLAlchemy Message-ID: <20190912195013.8DA47F798@maintenance.suse.de> SUSE Security Update: Security update for python-SQLAlchemy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2374-1 Rating: important References: #1124593 Cross-References: CVE-2019-7164 CVE-2019-7548 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-SQLAlchemy fixes the following issues: Security issues fixed: - CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593). - CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2374=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2374=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-SQLAlchemy-1.2.10-3.3.1 python-SQLAlchemy-debuginfo-1.2.10-3.3.1 python-SQLAlchemy-debugsource-1.2.10-3.3.1 - SUSE OpenStack Cloud 9 (x86_64): python-SQLAlchemy-1.2.10-3.3.1 python-SQLAlchemy-debuginfo-1.2.10-3.3.1 python-SQLAlchemy-debugsource-1.2.10-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-7164.html https://www.suse.com/security/cve/CVE-2019-7548.html https://bugzilla.suse.com/1124593 From sle-updates at lists.suse.com Thu Sep 12 13:53:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 21:53:47 +0200 (CEST) Subject: SUSE-RU-2019:2367-1: moderate: Recommended update for lvm2 Message-ID: <20190912195347.4C519F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2367-1 Rating: moderate References: #1122666 #1135984 #1137296 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Fix unknown feature in status message (bsc#1135984) - Fix using device aliases with lvmetad (bsc#1137296) - Fix devices drop open error message (bsc#1122666) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2367=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2367=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2367=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): lvm2-debuginfo-2.02.180-12.3.1 lvm2-debugsource-2.02.180-12.3.1 lvm2-testsuite-2.02.180-12.3.1 lvm2-testsuite-debuginfo-2.02.180-12.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): device-mapper-debugsource-1.02.149-12.3.1 device-mapper-devel-32bit-1.02.149-12.3.1 libdevmapper-event1_03-32bit-1.02.149-12.3.1 libdevmapper-event1_03-32bit-debuginfo-1.02.149-12.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-12.3.1 device-mapper-debuginfo-1.02.149-12.3.1 device-mapper-debugsource-1.02.149-12.3.1 device-mapper-devel-1.02.149-12.3.1 libdevmapper-event1_03-1.02.149-12.3.1 libdevmapper-event1_03-debuginfo-1.02.149-12.3.1 libdevmapper1_03-1.02.149-12.3.1 libdevmapper1_03-debuginfo-1.02.149-12.3.1 liblvm2app2_2-2.02.180-12.3.1 liblvm2app2_2-debuginfo-2.02.180-12.3.1 liblvm2cmd2_02-2.02.180-12.3.1 liblvm2cmd2_02-debuginfo-2.02.180-12.3.1 lvm2-2.02.180-12.3.1 lvm2-debuginfo-2.02.180-12.3.1 lvm2-debugsource-2.02.180-12.3.1 lvm2-devel-2.02.180-12.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libdevmapper1_03-32bit-1.02.149-12.3.1 libdevmapper1_03-32bit-debuginfo-1.02.149-12.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): lvm2-clvm-2.02.180-12.3.1 lvm2-clvm-debuginfo-2.02.180-12.3.1 lvm2-clvm-debugsource-2.02.180-12.3.1 lvm2-cmirrord-2.02.180-12.3.1 lvm2-cmirrord-debuginfo-2.02.180-12.3.1 lvm2-lockd-2.02.180-12.3.1 lvm2-lockd-debuginfo-2.02.180-12.3.1 References: https://bugzilla.suse.com/1122666 https://bugzilla.suse.com/1135984 https://bugzilla.suse.com/1137296 From sle-updates at lists.suse.com Thu Sep 12 14:02:19 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 22:02:19 +0200 (CEST) Subject: SUSE-SU-2019:2339-2: important: Security update for curl Message-ID: <20190912200219.C0AAEF798@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2339-2 Rating: important References: #1149496 Cross-References: CVE-2019-5482 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2339=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2339=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2339=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2339=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2339=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2339=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2339=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2339=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2339=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2339=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2339=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2339=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2339=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2339=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-32bit-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE OpenStack Cloud 8 (x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-32bit-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE OpenStack Cloud 7 (s390x x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-32bit-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libcurl4-32bit-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libcurl4-32bit-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-32bit-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-32bit-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-32bit-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libcurl4-32bit-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - SUSE Enterprise Storage 5 (x86_64): libcurl4-32bit-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 - SUSE Enterprise Storage 4 (x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-32bit-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 - HPE Helion Openstack 8 (x86_64): curl-7.37.0-37.43.1 curl-debuginfo-7.37.0-37.43.1 curl-debugsource-7.37.0-37.43.1 libcurl4-32bit-7.37.0-37.43.1 libcurl4-7.37.0-37.43.1 libcurl4-debuginfo-32bit-7.37.0-37.43.1 libcurl4-debuginfo-7.37.0-37.43.1 References: https://www.suse.com/security/cve/CVE-2019-5482.html https://bugzilla.suse.com/1149496 From sle-updates at lists.suse.com Thu Sep 12 14:08:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 22:08:51 +0200 (CEST) Subject: SUSE-RU-2019:2375-1: moderate: Recommended update for polkit-default-privs Message-ID: <20190912200851.4C1ACF798@maintenance.suse.de> SUSE Recommended Update: Recommended update for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2375-1 Rating: moderate References: #1144077 Affected Products: SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for polkit-default-privs fixes the following issues: - whitelist the checkpoint action for libvirt (bsc#1144077) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2375=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2375=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-5.8.1 rpmlint-mini-debuginfo-1.10-5.8.1 rpmlint-mini-debugsource-1.10-5.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): polkit-default-privs-13.2-10.33.1 References: https://bugzilla.suse.com/1144077 From sle-updates at lists.suse.com Thu Sep 12 14:11:39 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 22:11:39 +0200 (CEST) Subject: SUSE-RU-2019:2366-1: moderate: Recommended update for libdc1394 Message-ID: <20190912201139.95363F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for libdc1394 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2366-1 Rating: moderate References: #1138808 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libdc1394 fixes the following issues: - Remove libdc1394-visibility.patch as it is no longer needed as of v2.2 (bsc#1138808). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2366=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2366=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2366=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libdc1394-2.2.1-5.3.1 libdc1394-22-2.2.1-5.3.1 libdc1394-22-debuginfo-2.2.1-5.3.1 libdc1394-debuginfo-2.2.1-5.3.1 libdc1394-debugsource-2.2.1-5.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libdc1394-2.2.1-5.3.1 libdc1394-22-2.2.1-5.3.1 libdc1394-22-debuginfo-2.2.1-5.3.1 libdc1394-debuginfo-2.2.1-5.3.1 libdc1394-debugsource-2.2.1-5.3.1 libdc1394-devel-2.2.1-5.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libdc1394-2.2.1-5.3.1 libdc1394-22-2.2.1-5.3.1 libdc1394-22-debuginfo-2.2.1-5.3.1 libdc1394-debuginfo-2.2.1-5.3.1 libdc1394-debugsource-2.2.1-5.3.1 References: https://bugzilla.suse.com/1138808 From sle-updates at lists.suse.com Thu Sep 12 14:13:24 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 22:13:24 +0200 (CEST) Subject: SUSE-SU-2019:2369-1: moderate: Security update for cri-o Message-ID: <20190912201324.CF454F798@maintenance.suse.de> SUSE Security Update: Security update for cri-o ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2369-1 Rating: moderate References: #1144065 Cross-References: CVE-2019-10214 Affected Products: SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cri-o fixes the following issues: Security issues fixed: - CVE-2019-10214: Fixed missing enforcement of TLS connections. (bsc#1144065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.0 (x86_64): cri-o-1.15.0-3.3.2 cri-o-kubeadm-criconfig-1.15.0-3.3.2 References: https://www.suse.com/security/cve/CVE-2019-10214.html https://bugzilla.suse.com/1144065 From sle-updates at lists.suse.com Thu Sep 12 14:17:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 22:17:02 +0200 (CEST) Subject: SUSE-SU-2019:2373-1: important: Security update for curl Message-ID: <20190912201702.6DB08F798@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2373-1 Rating: important References: #1149495 #1149496 Cross-References: CVE-2019-5481 CVE-2019-5482 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2373=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2373=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2373=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2373=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): curl-mini-7.60.0-3.23.1 curl-mini-debuginfo-7.60.0-3.23.1 curl-mini-debugsource-7.60.0-3.23.1 libcurl-mini-devel-7.60.0-3.23.1 libcurl4-mini-7.60.0-3.23.1 libcurl4-mini-debuginfo-7.60.0-3.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): curl-debugsource-7.60.0-3.23.1 libcurl-devel-32bit-7.60.0-3.23.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): curl-mini-7.60.0-3.23.1 curl-mini-debuginfo-7.60.0-3.23.1 curl-mini-debugsource-7.60.0-3.23.1 libcurl-mini-devel-7.60.0-3.23.1 libcurl4-mini-7.60.0-3.23.1 libcurl4-mini-debuginfo-7.60.0-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.23.1 curl-debuginfo-7.60.0-3.23.1 curl-debugsource-7.60.0-3.23.1 libcurl-devel-7.60.0-3.23.1 libcurl4-7.60.0-3.23.1 libcurl4-debuginfo-7.60.0-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcurl4-32bit-7.60.0-3.23.1 libcurl4-32bit-debuginfo-7.60.0-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.23.1 curl-debuginfo-7.60.0-3.23.1 curl-debugsource-7.60.0-3.23.1 libcurl-devel-7.60.0-3.23.1 libcurl4-7.60.0-3.23.1 libcurl4-debuginfo-7.60.0-3.23.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcurl4-32bit-7.60.0-3.23.1 libcurl4-32bit-debuginfo-7.60.0-3.23.1 References: https://www.suse.com/security/cve/CVE-2019-5481.html https://www.suse.com/security/cve/CVE-2019-5482.html https://bugzilla.suse.com/1149495 https://bugzilla.suse.com/1149496 From sle-updates at lists.suse.com Thu Sep 12 14:22:59 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 22:22:59 +0200 (CEST) Subject: SUSE-RU-2019:2372-1: moderate: Recommended update for krb5 Message-ID: <20190912202259.38868F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2372-1 Rating: moderate References: #1139942 #1140914 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for krb5 fixes the following issues: - Fix missing responder if there is no pre-auth; (bsc#1139942) - Load mechglue config files from /etc/gss/mech.d; (bsc#1140914, jsc#SLE-7081) - Fix impersonate_name to work with interposers; (bsc#1140914, jsc#SLE-7081) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2372=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2372=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2372=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.37.7 krb5-debugsource-1.12.5-40.37.7 krb5-devel-1.12.5-40.37.7 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.37.7 krb5-client-1.12.5-40.37.7 krb5-client-debuginfo-1.12.5-40.37.7 krb5-debuginfo-1.12.5-40.37.7 krb5-debugsource-1.12.5-40.37.7 krb5-doc-1.12.5-40.37.7 krb5-plugin-kdb-ldap-1.12.5-40.37.7 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.37.7 krb5-plugin-preauth-otp-1.12.5-40.37.7 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.37.7 krb5-plugin-preauth-pkinit-1.12.5-40.37.7 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.37.7 krb5-server-1.12.5-40.37.7 krb5-server-debuginfo-1.12.5-40.37.7 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): krb5-32bit-1.12.5-40.37.7 krb5-debuginfo-32bit-1.12.5-40.37.7 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): krb5-1.12.5-40.37.7 krb5-32bit-1.12.5-40.37.7 krb5-client-1.12.5-40.37.7 krb5-client-debuginfo-1.12.5-40.37.7 krb5-debuginfo-1.12.5-40.37.7 krb5-debuginfo-32bit-1.12.5-40.37.7 krb5-debugsource-1.12.5-40.37.7 - SUSE CaaS Platform 3.0 (x86_64): krb5-1.12.5-40.37.7 krb5-debuginfo-1.12.5-40.37.7 krb5-debugsource-1.12.5-40.37.7 References: https://bugzilla.suse.com/1139942 https://bugzilla.suse.com/1140914 From sle-updates at lists.suse.com Thu Sep 12 14:24:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 22:24:52 +0200 (CEST) Subject: SUSE-SU-2019:2368-1: important: Security update for cri-o Message-ID: <20190912202452.3EC28F798@maintenance.suse.de> SUSE Security Update: Security update for cri-o ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2368-1 Rating: important References: #1144065 Cross-References: CVE-2019-10214 Affected Products: SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cri-o fixes the following issues: Updated to v1.11.14. Security issues fixed: - CVE-2019-10214: Fixed missing enforcement of TLS connections. (bsc#1144065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): cri-o-1.11.14-4.14.1 References: https://www.suse.com/security/cve/CVE-2019-10214.html https://bugzilla.suse.com/1144065 From sle-updates at lists.suse.com Thu Sep 12 14:27:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 12 Sep 2019 22:27:46 +0200 (CEST) Subject: SUSE-SU-2019:2370-1: moderate: Security update for python-urllib3 Message-ID: <20190912202746.C7527F798@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2370-1 Rating: moderate References: #1119376 #1129071 #1132663 #1132900 Cross-References: CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2019-9740 Affected Products: SUSE Manager Server 3.2 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). - CVE-2018-20060: Remove Authorization header when redirecting cross-host (bsc#1119376). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2019-2370=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2370=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2370=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2370=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 3.2 (noarch): python-urllib3-1.22-3.14.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-urllib3-1.22-3.14.1 python3-urllib3-1.22-3.14.1 - SUSE Enterprise Storage 5 (noarch): python-urllib3-1.22-3.14.1 - SUSE Enterprise Storage 4 (noarch): python-urllib3-1.22-3.14.1 - SUSE CaaS Platform 3.0 (noarch): python-urllib3-1.22-3.14.1 References: https://www.suse.com/security/cve/CVE-2018-20060.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-9740.html https://bugzilla.suse.com/1119376 https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 From sle-updates at lists.suse.com Fri Sep 13 07:10:46 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Sep 2019 15:10:46 +0200 (CEST) Subject: SUSE-RU-2019:2376-1: important: Recommended update for zypper Message-ID: <20190913131046.220B4F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2376-1 Rating: important References: #1145521 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zypper fixes the following issues: - Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2376=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2376=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2376=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2376=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2376=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2376=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2376=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2376=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2376=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2376=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2376=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2376=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2376=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2376=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2376=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2376=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2376=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): zypper-log-1.13.55-18.43.3 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE OpenStack Cloud 8 (x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE OpenStack Cloud 8 (noarch): zypper-log-1.13.55-18.43.3 - SUSE OpenStack Cloud 7 (s390x x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE OpenStack Cloud 7 (noarch): zypper-log-1.13.55-18.43.3 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 libzypp-devel-16.20.2-27.62.2 libzypp-devel-doc-16.20.2-27.62.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): zypper-log-1.13.55-18.43.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): zypper-log-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): zypper-log-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP4 (noarch): zypper-log-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): zypper-log-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): zypper-log-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): zypper-log-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): zypper-log-1.13.55-18.43.3 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): zypper-log-1.13.55-18.43.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): zypper-log-1.13.55-18.43.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE Enterprise Storage 5 (aarch64 x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE Enterprise Storage 5 (noarch): zypper-log-1.13.55-18.43.3 - SUSE Enterprise Storage 4 (noarch): zypper-log-1.13.55-18.43.3 - SUSE Enterprise Storage 4 (x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - SUSE CaaS Platform 3.0 (x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - HPE Helion Openstack 8 (x86_64): libsolv-debugsource-0.6.36-2.27.21.1 libsolv-tools-0.6.36-2.27.21.1 libsolv-tools-debuginfo-0.6.36-2.27.21.1 libzypp-16.20.2-27.62.2 libzypp-debuginfo-16.20.2-27.62.2 libzypp-debugsource-16.20.2-27.62.2 perl-solv-0.6.36-2.27.21.1 perl-solv-debuginfo-0.6.36-2.27.21.1 python-solv-0.6.36-2.27.21.1 python-solv-debuginfo-0.6.36-2.27.21.1 zypper-1.13.55-18.43.3 zypper-debuginfo-1.13.55-18.43.3 zypper-debugsource-1.13.55-18.43.3 - HPE Helion Openstack 8 (noarch): zypper-log-1.13.55-18.43.3 References: https://bugzilla.suse.com/1145521 From sle-updates at lists.suse.com Fri Sep 13 07:11:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Sep 2019 15:11:34 +0200 (CEST) Subject: SUSE-RU-2019:2377-1: moderate: Recommended update for kvm_stat Message-ID: <20190913131134.78EC7F798@maintenance.suse.de> SUSE Recommended Update: Recommended update for kvm_stat ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2377-1 Rating: moderate References: #1140899 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kvm_stat fixes the following issues: - Fixes an issue where the wrong python version was used (bsc#1140899) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2377=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): kvm_stat-4.12.14-6.3.1 References: https://bugzilla.suse.com/1140899 From sle-updates at lists.suse.com Fri Sep 13 10:10:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 13 Sep 2019 18:10:37 +0200 (CEST) Subject: SUSE-RU-2019:2378-1: moderate: Recommended update for apache2-mod_nss Message-ID: <20190913161037.33AA6F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2378-1 Rating: moderate References: #1150133 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2-mod_nss fixes the following issues: - Use a stronger password in gencert to pass the stricter tests in FIPS mode (bsc#1150133) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2378=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2378=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_nss-1.0.17-3.3.1 apache2-mod_nss-debuginfo-1.0.17-3.3.1 apache2-mod_nss-debugsource-1.0.17-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): apache2-mod_nss-1.0.17-3.3.1 apache2-mod_nss-debuginfo-1.0.17-3.3.1 apache2-mod_nss-debugsource-1.0.17-3.3.1 References: https://bugzilla.suse.com/1150133 From sle-updates at lists.suse.com Mon Sep 16 07:10:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Sep 2019 15:10:32 +0200 (CEST) Subject: SUSE-SU-2019:2379-1: moderate: Security update for python-Django Message-ID: <20190916131032.241A1F7B3@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2379-1 Rating: moderate References: #1139945 Cross-References: CVE-2019-12781 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: Security issue fixed: - CVE-2019-12781: Add incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2379=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-Django-1.8.19-3.18.1 References: https://www.suse.com/security/cve/CVE-2019-12781.html https://bugzilla.suse.com/1139945 From sle-updates at lists.suse.com Mon Sep 16 13:11:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 16 Sep 2019 21:11:09 +0200 (CEST) Subject: SUSE-SU-2019:2381-1: important: Security update for curl Message-ID: <20190916191109.22F5CF7B3@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2381-1 Rating: important References: #1149495 #1149496 Cross-References: CVE-2019-5481 CVE-2019-5482 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed a double-free during kerberos FTP data transfer. (bsc#1149495) - CVE-2019-5482: Fixed a TFTP small block size heap buffer overflow (bsc#1149496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2381=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2381=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2381=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-4.9.1 curl-debugsource-7.60.0-4.9.1 libcurl-devel-7.60.0-4.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): curl-7.60.0-4.9.1 curl-debuginfo-7.60.0-4.9.1 curl-debugsource-7.60.0-4.9.1 libcurl4-7.60.0-4.9.1 libcurl4-debuginfo-7.60.0-4.9.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libcurl4-32bit-7.60.0-4.9.1 libcurl4-debuginfo-32bit-7.60.0-4.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): curl-7.60.0-4.9.1 curl-debuginfo-7.60.0-4.9.1 curl-debugsource-7.60.0-4.9.1 libcurl4-32bit-7.60.0-4.9.1 libcurl4-7.60.0-4.9.1 libcurl4-debuginfo-32bit-7.60.0-4.9.1 libcurl4-debuginfo-7.60.0-4.9.1 References: https://www.suse.com/security/cve/CVE-2019-5481.html https://www.suse.com/security/cve/CVE-2019-5482.html https://bugzilla.suse.com/1149495 https://bugzilla.suse.com/1149496 From sle-updates at lists.suse.com Mon Sep 16 16:11:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Sep 2019 00:11:18 +0200 (CEST) Subject: SUSE-RU-2019:2382-1: moderate: Recommended update for python36 Message-ID: <20190916221118.1CAE2F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python36 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2382-1 Rating: moderate References: #1146165 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update provides python 3.6 packages to the SUSE Linux Enterprise 12 SP3 for Teradata codestream. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2382=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): python-rpm-macros-20190408.32abece-3.10.1 References: https://bugzilla.suse.com/1146165 From sle-updates at lists.suse.com Mon Sep 16 16:12:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Sep 2019 00:12:29 +0200 (CEST) Subject: SUSE-RU-2019:2383-1: important: Recommended update for cloud-init Message-ID: <20190916221229.E5ED9F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2383-1 Rating: important References: #1141969 #1144363 #1144881 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-init fixes the following issues: - Properly handle static routes. The EphemeralDHCP context manager did not parse or handle rfc3442 classless static routes which prevented reading datasource metadata in some clouds (bsc#1141969) - Fixes an issue where udevadm settle was executed incorrectly (bsc#1144363) - If no routes are set for a subnet but the subnet has a gateway specified, set the gateway as the default route for the interface (bsc#1144881) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2383=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): cloud-init-19.1-37.27.1 cloud-init-config-suse-19.1-37.27.1 - SUSE CaaS Platform 3.0 (x86_64): cloud-init-19.1-37.27.1 References: https://bugzilla.suse.com/1141969 https://bugzilla.suse.com/1144363 https://bugzilla.suse.com/1144881 From sle-updates at lists.suse.com Tue Sep 17 13:10:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Sep 2019 21:10:49 +0200 (CEST) Subject: SUSE-SU-2019:14172-1: important: Security update for curl Message-ID: <20190917191049.8EE48F7B3@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14172-1 Rating: important References: #1149496 Cross-References: CVE-2019-5482 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed a TFTP small blocksize heap buffer overflow (bsc#1149496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-curl-14172=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-14172=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-curl-14172=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-curl-14172=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-curl-14172=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): curl-7.37.0-70.44.1 libcurl4-7.37.0-70.44.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libcurl4-32bit-7.37.0-70.44.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.37.0-70.44.1 libcurl4-openssl1-7.37.0-70.44.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.37.0-70.44.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.37.0-70.44.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): curl-7.37.0-70.44.1 libcurl-devel-7.37.0-70.44.1 libcurl4-7.37.0-70.44.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): curl-debuginfo-7.37.0-70.44.1 curl-debugsource-7.37.0-70.44.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): curl-debuginfo-7.37.0-70.44.1 curl-debugsource-7.37.0-70.44.1 References: https://www.suse.com/security/cve/CVE-2019-5482.html https://bugzilla.suse.com/1149496 From sle-updates at lists.suse.com Tue Sep 17 13:11:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Sep 2019 21:11:33 +0200 (CEST) Subject: SUSE-SU-2019:2387-1: important: Security update for ibus Message-ID: <20190917191133.8CE6EF7B3@maintenance.suse.de> SUSE Security Update: Security update for ibus ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2387-1 Rating: important References: #1150011 Cross-References: CVE-2019-14822 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2387=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2387=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2387=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-ibus-1.5.17-5.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python3-ibus-1.5.17-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): ibus-1.5.17-5.3.1 ibus-debuginfo-1.5.17-5.3.1 ibus-debugsource-1.5.17-5.3.1 ibus-devel-1.5.17-5.3.1 ibus-gtk-1.5.17-5.3.1 ibus-gtk-debuginfo-1.5.17-5.3.1 ibus-gtk3-1.5.17-5.3.1 ibus-gtk3-debuginfo-1.5.17-5.3.1 libibus-1_0-5-1.5.17-5.3.1 libibus-1_0-5-debuginfo-1.5.17-5.3.1 python-ibus-1.5.17-5.3.1 typelib-1_0-IBus-1_0-1.5.17-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (noarch): ibus-lang-1.5.17-5.3.1 References: https://www.suse.com/security/cve/CVE-2019-14822.html https://bugzilla.suse.com/1150011 From sle-updates at lists.suse.com Tue Sep 17 13:12:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Sep 2019 21:12:14 +0200 (CEST) Subject: SUSE-SU-2019:2392-1: moderate: Security update for util-linux and shadow Message-ID: <20190917191214.623D1F7B3@maintenance.suse.de> SUSE Security Update: Security update for util-linux and shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2392-1 Rating: moderate References: #1081947 #1082293 #1085196 #1106214 #1121197 #1122417 #1125886 #1135534 #1135708 #353876 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Hardening for su wrappers (bsc#353876) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2392=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2392=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2392=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2392=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): util-linux-systemd-debuginfo-2.31.1-9.8.1 util-linux-systemd-debugsource-2.31.1-9.8.1 uuidd-2.31.1-9.8.1 uuidd-debuginfo-2.31.1-9.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-libmount-2.31.1-9.8.1 python-libmount-debuginfo-2.31.1-9.8.1 python-libmount-debugsource-2.31.1-9.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libfdisk-devel-static-2.31.1-9.8.1 libmount-devel-static-2.31.1-9.8.1 libsmartcols-devel-static-2.31.1-9.8.1 python-libmount-2.31.1-9.8.1 python-libmount-debuginfo-2.31.1-9.8.1 python-libmount-debugsource-2.31.1-9.8.1 util-linux-debuginfo-2.31.1-9.8.1 util-linux-debugsource-2.31.1-9.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.31.1-9.8.1 libblkid-devel-static-2.31.1-9.8.1 libblkid1-2.31.1-9.8.1 libblkid1-debuginfo-2.31.1-9.8.1 libfdisk-devel-2.31.1-9.8.1 libfdisk1-2.31.1-9.8.1 libfdisk1-debuginfo-2.31.1-9.8.1 libmount-devel-2.31.1-9.8.1 libmount1-2.31.1-9.8.1 libmount1-debuginfo-2.31.1-9.8.1 libsmartcols-devel-2.31.1-9.8.1 libsmartcols1-2.31.1-9.8.1 libsmartcols1-debuginfo-2.31.1-9.8.1 libuuid-devel-2.31.1-9.8.1 libuuid-devel-static-2.31.1-9.8.1 libuuid1-2.31.1-9.8.1 libuuid1-debuginfo-2.31.1-9.8.1 shadow-4.5-7.6.4 shadow-debuginfo-4.5-7.6.4 shadow-debugsource-4.5-7.6.4 util-linux-2.31.1-9.8.1 util-linux-debuginfo-2.31.1-9.8.1 util-linux-debugsource-2.31.1-9.8.1 util-linux-systemd-2.31.1-9.8.1 util-linux-systemd-debuginfo-2.31.1-9.8.1 util-linux-systemd-debugsource-2.31.1-9.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libblkid1-32bit-2.31.1-9.8.1 libblkid1-32bit-debuginfo-2.31.1-9.8.1 libmount1-32bit-2.31.1-9.8.1 libmount1-32bit-debuginfo-2.31.1-9.8.1 libuuid1-32bit-2.31.1-9.8.1 libuuid1-32bit-debuginfo-2.31.1-9.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): util-linux-lang-2.31.1-9.8.1 References: https://bugzilla.suse.com/1081947 https://bugzilla.suse.com/1082293 https://bugzilla.suse.com/1085196 https://bugzilla.suse.com/1106214 https://bugzilla.suse.com/1121197 https://bugzilla.suse.com/1122417 https://bugzilla.suse.com/1125886 https://bugzilla.suse.com/1135534 https://bugzilla.suse.com/1135708 https://bugzilla.suse.com/353876 From sle-updates at lists.suse.com Tue Sep 17 13:14:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Sep 2019 21:14:10 +0200 (CEST) Subject: SUSE-SU-2019:2388-1: important: Security update for ibus Message-ID: <20190917191410.51404F7B3@maintenance.suse.de> SUSE Security Update: Security update for ibus ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2388-1 Rating: important References: #1150011 Cross-References: CVE-2019-14822 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2388=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2388=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ibus-1.5.8-10.4.1 ibus-debuginfo-1.5.8-10.4.1 ibus-debugsource-1.5.8-10.4.1 ibus-gtk-1.5.8-10.4.1 ibus-gtk-debuginfo-1.5.8-10.4.1 ibus-gtk3-1.5.8-10.4.1 ibus-gtk3-debuginfo-1.5.8-10.4.1 libibus-1_0-5-1.5.8-10.4.1 libibus-1_0-5-debuginfo-1.5.8-10.4.1 typelib-1_0-IBus-1_0-1.5.8-10.4.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): ibus-lang-1.5.8-10.4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ibus-1.5.8-10.4.1 ibus-debuginfo-1.5.8-10.4.1 ibus-debugsource-1.5.8-10.4.1 ibus-gtk-1.5.8-10.4.1 ibus-gtk-debuginfo-1.5.8-10.4.1 ibus-gtk3-1.5.8-10.4.1 ibus-gtk3-debuginfo-1.5.8-10.4.1 libibus-1_0-5-1.5.8-10.4.1 libibus-1_0-5-debuginfo-1.5.8-10.4.1 typelib-1_0-IBus-1_0-1.5.8-10.4.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): ibus-lang-1.5.8-10.4.1 References: https://www.suse.com/security/cve/CVE-2019-14822.html https://bugzilla.suse.com/1150011 From sle-updates at lists.suse.com Tue Sep 17 13:14:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Sep 2019 21:14:51 +0200 (CEST) Subject: SUSE-SU-2019:2390-1: moderate: Security update for openldap2 Message-ID: <20190917191451.A5C25F7B3@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2390-1 Rating: moderate References: #1143194 #1143273 Cross-References: CVE-2019-13057 CVE-2019-13565 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2019-13565: Fixed ssf memory reuse that leads to incorrect authorization of another connection, granting excess connection rights (ssf) (bsc#1143194). - CVE-2019-13057: Fixed rootDN of a backend that may proxyauth incorrectly to another backend, violating multi-tenant isolation (bsc#1143273). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2390=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2390=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2390=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.63.1 openldap2-back-perl-debuginfo-2.4.41-18.63.1 openldap2-debuginfo-2.4.41-18.63.1 openldap2-debugsource-2.4.41-18.63.1 openldap2-devel-2.4.41-18.63.1 openldap2-devel-static-2.4.41-18.63.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.63.1 libldap-2_4-2-debuginfo-2.4.41-18.63.1 openldap2-2.4.41-18.63.1 openldap2-back-meta-2.4.41-18.63.1 openldap2-back-meta-debuginfo-2.4.41-18.63.1 openldap2-client-2.4.41-18.63.1 openldap2-client-debuginfo-2.4.41-18.63.1 openldap2-debuginfo-2.4.41-18.63.1 openldap2-debugsource-2.4.41-18.63.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.63.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.63.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): openldap2-doc-2.4.41-18.63.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libldap-2_4-2-2.4.41-18.63.1 libldap-2_4-2-32bit-2.4.41-18.63.1 libldap-2_4-2-debuginfo-2.4.41-18.63.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.63.1 openldap2-client-2.4.41-18.63.1 openldap2-client-debuginfo-2.4.41-18.63.1 openldap2-debuginfo-2.4.41-18.63.1 openldap2-debugsource-2.4.41-18.63.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): openldap2-doc-2.4.41-18.63.1 - SUSE CaaS Platform 3.0 (x86_64): libldap-2_4-2-2.4.41-18.63.1 libldap-2_4-2-debuginfo-2.4.41-18.63.1 openldap2-debuginfo-2.4.41-18.63.1 openldap2-debugsource-2.4.41-18.63.1 References: https://www.suse.com/security/cve/CVE-2019-13057.html https://www.suse.com/security/cve/CVE-2019-13565.html https://bugzilla.suse.com/1143194 https://bugzilla.suse.com/1143273 From sle-updates at lists.suse.com Tue Sep 17 13:15:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Sep 2019 21:15:44 +0200 (CEST) Subject: SUSE-SU-2019:2389-1: important: Security update for ibus Message-ID: <20190917191544.D5E10F7B3@maintenance.suse.de> SUSE Security Update: Security update for ibus ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2389-1 Rating: important References: #1150011 Cross-References: CVE-2019-14822 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2389=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2389=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2389=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2019-2389=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2389=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2389=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2389=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2389=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2389=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2389=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2389=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2389=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2389=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2389=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2389=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2389=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2389=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2389=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2389=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2389=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): ibus-lang-1.5.13-15.11.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE OpenStack Cloud 8 (x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE OpenStack Cloud 8 (noarch): ibus-lang-1.5.13-15.11.2 - SUSE OpenStack Cloud 7 (s390x x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE OpenStack Cloud 7 (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk3-32bit-1.5.13-15.11.2 ibus-gtk3-debuginfo-32bit-1.5.13-15.11.2 libibus-1_0-5-32bit-1.5.13-15.11.2 libibus-1_0-5-debuginfo-32bit-1.5.13-15.11.2 python-ibus-1.5.13-15.11.2 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk3-32bit-1.5.13-15.11.2 ibus-gtk3-debuginfo-32bit-1.5.13-15.11.2 libibus-1_0-5-32bit-1.5.13-15.11.2 libibus-1_0-5-debuginfo-32bit-1.5.13-15.11.2 python-ibus-1.5.13-15.11.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-devel-1.5.13-15.11.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-devel-1.5.13-15.11.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-32bit-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 ibus-gtk3-debuginfo-32bit-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-32bit-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 libibus-1_0-5-debuginfo-32bit-1.5.13-15.11.2 python-ibus-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE Linux Enterprise Desktop 12-SP5 (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-32bit-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 ibus-gtk3-debuginfo-32bit-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-32bit-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 libibus-1_0-5-debuginfo-32bit-1.5.13-15.11.2 python-ibus-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - SUSE Enterprise Storage 5 (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Enterprise Storage 4 (noarch): ibus-lang-1.5.13-15.11.2 - SUSE Enterprise Storage 4 (x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 - HPE Helion Openstack 8 (noarch): ibus-lang-1.5.13-15.11.2 - HPE Helion Openstack 8 (x86_64): ibus-1.5.13-15.11.2 ibus-debuginfo-1.5.13-15.11.2 ibus-debugsource-1.5.13-15.11.2 ibus-gtk-1.5.13-15.11.2 ibus-gtk-debuginfo-1.5.13-15.11.2 ibus-gtk3-1.5.13-15.11.2 ibus-gtk3-debuginfo-1.5.13-15.11.2 libibus-1_0-5-1.5.13-15.11.2 libibus-1_0-5-debuginfo-1.5.13-15.11.2 typelib-1_0-IBus-1_0-1.5.13-15.11.2 References: https://www.suse.com/security/cve/CVE-2019-14822.html https://bugzilla.suse.com/1150011 From sle-updates at lists.suse.com Tue Sep 17 13:17:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Sep 2019 21:17:03 +0200 (CEST) Subject: SUSE-SU-2019:14171-1: moderate: Security update for openssl1 Message-ID: <20190917191703.22011F7B3@maintenance.suse.de> SUSE Security Update: Security update for openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14171-1 Rating: moderate References: #1150003 #1150250 Cross-References: CVE-2019-1547 CVE-2019-1563 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssl1-14171=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libopenssl1-devel-1.0.1g-0.58.21.1 libopenssl1_0_0-1.0.1g-0.58.21.1 openssl1-1.0.1g-0.58.21.1 openssl1-doc-1.0.1g-0.58.21.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libopenssl1_0_0-32bit-1.0.1g-0.58.21.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libopenssl1_0_0-x86-1.0.1g-0.58.21.1 References: https://www.suse.com/security/cve/CVE-2019-1547.html https://www.suse.com/security/cve/CVE-2019-1563.html https://bugzilla.suse.com/1150003 https://bugzilla.suse.com/1150250 From sle-updates at lists.suse.com Tue Sep 17 13:17:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Sep 2019 21:17:49 +0200 (CEST) Subject: SUSE-SU-2019:2391-1: moderate: Security update for python-urllib3 Message-ID: <20190917191749.AF9F5F7B3@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2391-1 Rating: moderate References: #1129071 #1132663 #1132900 Cross-References: CVE-2019-11236 CVE-2019-11324 CVE-2019-9740 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2391=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2391=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-urllib3-1.23-3.6.1 - SUSE OpenStack Cloud 9 (noarch): python-urllib3-1.23-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-11324.html https://www.suse.com/security/cve/CVE-2019-9740.html https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1132663 https://bugzilla.suse.com/1132900 From sle-updates at lists.suse.com Tue Sep 17 13:18:40 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 17 Sep 2019 21:18:40 +0200 (CEST) Subject: SUSE-SU-2019:14173-1: important: Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 Message-ID: <20190917191840.2F478F7B3@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14173-1 Rating: important References: #1145550 #1149294 #1149295 #1149296 #1149297 #1149298 #1149299 #1149303 Cross-References: CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox, firefox-glib2, firefox-gtk3 fixes the following issues: Mozilla Firefox was updated to the 60.9.0esr release: Security Advisory MFSA 2019-27: * Use-after-free while manipulating video CVE-2019-11746 (bmo#1564449, bsc#1149297) * XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11744 (bmo#1562033, bsc#1149297) * Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11742 (bmo#1559715, bsc#1149303) * Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location CVE-2019-11753 (bmo#1574980, bsc#1149295) * Use-after-free while extracting a key value in IndexedDB CVE-2019-11752 (bmo#1501152, bsc#1149296) * Sandbox escape through Firefox Sync CVE-2019-9812 (bmo#1538008, bmo#1538015, bsc#1149294) * Cross-origin access to unload event attributes CVE-2019-11743 (bmo#1560495, bsc#1149298) Navigation-Timing Level 2 specification * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 CVE-2019-11740 (bmo#1563133, bmo#1573160, bsc#1149299) - Rebuild glib2 schemas on SLE-11 (bsc#1145550) Changes in firefox-glib2: - Fix the rpm macros %glib2_gsettings_schema_* which were replaced with %nil in Factory because they're no longer needed, but we still need them in SLE11 (bsc#1145550) Changes in firefox-gtk3: - Rebuild so %glib2_gsettings_schema_post gets called with fixed rpm macros %glib2_gsettings_schema_* in firefox-glib2 package which were replaced with %nil in Factory because they're no longer needed, but we still need them in SLE11 (bsc#1145550) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-firefox-20190909-14173=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): firefox-gio-branding-upstream-2.54.3-2.11.1 firefox-glib2-lang-2.54.3-2.11.1 firefox-glib2-tools-2.54.3-2.11.1 firefox-gtk3-branding-upstream-3.10.9-2.12.2 firefox-gtk3-data-3.10.9-2.12.2 firefox-gtk3-immodule-amharic-3.10.9-2.12.2 firefox-gtk3-immodule-inuktitut-3.10.9-2.12.2 firefox-gtk3-immodule-multipress-3.10.9-2.12.2 firefox-gtk3-immodule-thai-3.10.9-2.12.2 firefox-gtk3-immodule-vietnamese-3.10.9-2.12.2 firefox-gtk3-immodule-xim-3.10.9-2.12.2 firefox-gtk3-immodules-tigrigna-3.10.9-2.12.2 firefox-gtk3-lang-3.10.9-2.12.2 firefox-gtk3-tools-3.10.9-2.12.2 firefox-libgtk-3-0-3.10.9-2.12.2 libfirefox-gio-2_0-0-2.54.3-2.11.1 libfirefox-glib-2_0-0-2.54.3-2.11.1 libfirefox-gmodule-2_0-0-2.54.3-2.11.1 libfirefox-gobject-2_0-0-2.54.3-2.11.1 libfirefox-gthread-2_0-0-2.54.3-2.11.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-60.9.0esr-78.46.2 MozillaFirefox-translations-common-60.9.0esr-78.46.2 MozillaFirefox-translations-other-60.9.0esr-78.46.2 References: https://www.suse.com/security/cve/CVE-2019-11740.html https://www.suse.com/security/cve/CVE-2019-11742.html https://www.suse.com/security/cve/CVE-2019-11743.html https://www.suse.com/security/cve/CVE-2019-11744.html https://www.suse.com/security/cve/CVE-2019-11746.html https://www.suse.com/security/cve/CVE-2019-11752.html https://www.suse.com/security/cve/CVE-2019-11753.html https://www.suse.com/security/cve/CVE-2019-9812.html https://bugzilla.suse.com/1145550 https://bugzilla.suse.com/1149294 https://bugzilla.suse.com/1149295 https://bugzilla.suse.com/1149296 https://bugzilla.suse.com/1149297 https://bugzilla.suse.com/1149298 https://bugzilla.suse.com/1149299 https://bugzilla.suse.com/1149303 From sle-updates at lists.suse.com Tue Sep 17 19:10:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Sep 2019 03:10:32 +0200 (CEST) Subject: SUSE-RU-2019:2394-1: important: Recommended update for ceph Message-ID: <20190918011032.DCA94F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2394-1 Rating: important References: #1137189 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ceph fixes the following issues: - rgw: Move upload_info declaration out of conditional. (bsc#1137189) - rgw: asio: Check the remote endpoint before processing requests. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2394=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2394=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2394=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-14.2.2.354+g8878cf2360-3.12.3 ceph-base-14.2.2.354+g8878cf2360-3.12.3 ceph-base-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-debugsource-14.2.2.354+g8878cf2360-3.12.3 ceph-fuse-14.2.2.354+g8878cf2360-3.12.3 ceph-fuse-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-mds-14.2.2.354+g8878cf2360-3.12.3 ceph-mds-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-mon-14.2.2.354+g8878cf2360-3.12.3 ceph-mon-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-osd-14.2.2.354+g8878cf2360-3.12.3 ceph-osd-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-radosgw-14.2.2.354+g8878cf2360-3.12.3 ceph-radosgw-debuginfo-14.2.2.354+g8878cf2360-3.12.3 cephfs-shell-14.2.2.354+g8878cf2360-3.12.3 rbd-fuse-14.2.2.354+g8878cf2360-3.12.3 rbd-fuse-debuginfo-14.2.2.354+g8878cf2360-3.12.3 rbd-mirror-14.2.2.354+g8878cf2360-3.12.3 rbd-mirror-debuginfo-14.2.2.354+g8878cf2360-3.12.3 rbd-nbd-14.2.2.354+g8878cf2360-3.12.3 rbd-nbd-debuginfo-14.2.2.354+g8878cf2360-3.12.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): ceph-grafana-dashboards-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-dashboard-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-diskprediction-cloud-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-diskprediction-local-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-rook-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-ssh-14.2.2.354+g8878cf2360-3.12.3 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): ceph-test-14.2.2.354+g8878cf2360-3.12.3 ceph-test-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-test-debugsource-14.2.2.354+g8878cf2360-3.12.3 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-common-14.2.2.354+g8878cf2360-3.12.3 ceph-common-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-debugsource-14.2.2.354+g8878cf2360-3.12.3 libcephfs-devel-14.2.2.354+g8878cf2360-3.12.3 libcephfs2-14.2.2.354+g8878cf2360-3.12.3 libcephfs2-debuginfo-14.2.2.354+g8878cf2360-3.12.3 librados-devel-14.2.2.354+g8878cf2360-3.12.3 librados-devel-debuginfo-14.2.2.354+g8878cf2360-3.12.3 librados2-14.2.2.354+g8878cf2360-3.12.3 librados2-debuginfo-14.2.2.354+g8878cf2360-3.12.3 libradospp-devel-14.2.2.354+g8878cf2360-3.12.3 librbd-devel-14.2.2.354+g8878cf2360-3.12.3 librbd1-14.2.2.354+g8878cf2360-3.12.3 librbd1-debuginfo-14.2.2.354+g8878cf2360-3.12.3 librgw-devel-14.2.2.354+g8878cf2360-3.12.3 librgw2-14.2.2.354+g8878cf2360-3.12.3 librgw2-debuginfo-14.2.2.354+g8878cf2360-3.12.3 python3-ceph-argparse-14.2.2.354+g8878cf2360-3.12.3 python3-cephfs-14.2.2.354+g8878cf2360-3.12.3 python3-cephfs-debuginfo-14.2.2.354+g8878cf2360-3.12.3 python3-rados-14.2.2.354+g8878cf2360-3.12.3 python3-rados-debuginfo-14.2.2.354+g8878cf2360-3.12.3 python3-rbd-14.2.2.354+g8878cf2360-3.12.3 python3-rbd-debuginfo-14.2.2.354+g8878cf2360-3.12.3 python3-rgw-14.2.2.354+g8878cf2360-3.12.3 python3-rgw-debuginfo-14.2.2.354+g8878cf2360-3.12.3 rados-objclass-devel-14.2.2.354+g8878cf2360-3.12.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): ceph-14.2.2.354+g8878cf2360-3.12.3 ceph-base-14.2.2.354+g8878cf2360-3.12.3 ceph-base-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-common-14.2.2.354+g8878cf2360-3.12.3 ceph-common-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-debugsource-14.2.2.354+g8878cf2360-3.12.3 ceph-fuse-14.2.2.354+g8878cf2360-3.12.3 ceph-fuse-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-mds-14.2.2.354+g8878cf2360-3.12.3 ceph-mds-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-mon-14.2.2.354+g8878cf2360-3.12.3 ceph-mon-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-osd-14.2.2.354+g8878cf2360-3.12.3 ceph-osd-debuginfo-14.2.2.354+g8878cf2360-3.12.3 ceph-radosgw-14.2.2.354+g8878cf2360-3.12.3 ceph-radosgw-debuginfo-14.2.2.354+g8878cf2360-3.12.3 cephfs-shell-14.2.2.354+g8878cf2360-3.12.3 libcephfs2-14.2.2.354+g8878cf2360-3.12.3 libcephfs2-debuginfo-14.2.2.354+g8878cf2360-3.12.3 librados2-14.2.2.354+g8878cf2360-3.12.3 librados2-debuginfo-14.2.2.354+g8878cf2360-3.12.3 librbd1-14.2.2.354+g8878cf2360-3.12.3 librbd1-debuginfo-14.2.2.354+g8878cf2360-3.12.3 librgw2-14.2.2.354+g8878cf2360-3.12.3 librgw2-debuginfo-14.2.2.354+g8878cf2360-3.12.3 python3-ceph-argparse-14.2.2.354+g8878cf2360-3.12.3 python3-cephfs-14.2.2.354+g8878cf2360-3.12.3 python3-cephfs-debuginfo-14.2.2.354+g8878cf2360-3.12.3 python3-rados-14.2.2.354+g8878cf2360-3.12.3 python3-rados-debuginfo-14.2.2.354+g8878cf2360-3.12.3 python3-rbd-14.2.2.354+g8878cf2360-3.12.3 python3-rbd-debuginfo-14.2.2.354+g8878cf2360-3.12.3 python3-rgw-14.2.2.354+g8878cf2360-3.12.3 python3-rgw-debuginfo-14.2.2.354+g8878cf2360-3.12.3 rbd-fuse-14.2.2.354+g8878cf2360-3.12.3 rbd-fuse-debuginfo-14.2.2.354+g8878cf2360-3.12.3 rbd-mirror-14.2.2.354+g8878cf2360-3.12.3 rbd-mirror-debuginfo-14.2.2.354+g8878cf2360-3.12.3 rbd-nbd-14.2.2.354+g8878cf2360-3.12.3 rbd-nbd-debuginfo-14.2.2.354+g8878cf2360-3.12.3 - SUSE Enterprise Storage 6 (noarch): ceph-grafana-dashboards-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-dashboard-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-diskprediction-local-14.2.2.354+g8878cf2360-3.12.3 ceph-mgr-rook-14.2.2.354+g8878cf2360-3.12.3 ceph-prometheus-alerts-14.2.2.354+g8878cf2360-3.12.3 References: https://bugzilla.suse.com/1137189 From sle-updates at lists.suse.com Wed Sep 18 04:11:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Sep 2019 12:11:01 +0200 (CEST) Subject: SUSE-SU-2019:2395-1: moderate: Security update for openldap2 Message-ID: <20190918101101.74EA9F7B3@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2395-1 Rating: moderate References: #1073313 #1111388 #1114845 #1143194 #1143273 Cross-References: CVE-2017-17740 CVE-2019-13057 CVE-2019-13565 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2395=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2395=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2395=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2395=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2395=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2395=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2395=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2395=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): openldap2-back-sock-2.4.46-9.19.2 openldap2-back-sock-debuginfo-2.4.46-9.19.2 openldap2-back-sql-2.4.46-9.19.2 openldap2-back-sql-debuginfo-2.4.46-9.19.2 openldap2-contrib-2.4.46-9.19.2 openldap2-contrib-debuginfo-2.4.46-9.19.2 openldap2-debuginfo-2.4.46-9.19.2 openldap2-debugsource-2.4.46-9.19.2 openldap2-ppolicy-check-password-1.2-9.19.2 openldap2-ppolicy-check-password-debuginfo-1.2-9.19.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): libldap-data-2.4.46-9.19.2 openldap2-doc-2.4.46-9.19.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openldap2-back-sock-2.4.46-9.19.2 openldap2-back-sock-debuginfo-2.4.46-9.19.2 openldap2-back-sql-2.4.46-9.19.2 openldap2-back-sql-debuginfo-2.4.46-9.19.2 openldap2-contrib-2.4.46-9.19.2 openldap2-contrib-debuginfo-2.4.46-9.19.2 openldap2-debuginfo-2.4.46-9.19.2 openldap2-debugsource-2.4.46-9.19.2 openldap2-ppolicy-check-password-1.2-9.19.2 openldap2-ppolicy-check-password-debuginfo-1.2-9.19.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): libldap-data-2.4.46-9.19.2 openldap2-doc-2.4.46-9.19.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.19.2 openldap2-back-meta-2.4.46-9.19.2 openldap2-back-meta-debuginfo-2.4.46-9.19.2 openldap2-back-perl-2.4.46-9.19.2 openldap2-back-perl-debuginfo-2.4.46-9.19.2 openldap2-debuginfo-2.4.46-9.19.2 openldap2-debugsource-2.4.46-9.19.2 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.19.2 openldap2-back-meta-2.4.46-9.19.2 openldap2-back-meta-debuginfo-2.4.46-9.19.2 openldap2-back-perl-2.4.46-9.19.2 openldap2-back-perl-debuginfo-2.4.46-9.19.2 openldap2-debuginfo-2.4.46-9.19.2 openldap2-debugsource-2.4.46-9.19.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): openldap2-debugsource-2.4.46-9.19.2 openldap2-devel-32bit-2.4.46-9.19.2 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): openldap2-debugsource-2.4.46-9.19.2 openldap2-devel-32bit-2.4.46-9.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.19.2 libldap-2_4-2-debuginfo-2.4.46-9.19.2 openldap2-client-2.4.46-9.19.2 openldap2-client-debuginfo-2.4.46-9.19.2 openldap2-debuginfo-2.4.46-9.19.2 openldap2-debugsource-2.4.46-9.19.2 openldap2-devel-2.4.46-9.19.2 openldap2-devel-static-2.4.46-9.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libldap-2_4-2-32bit-2.4.46-9.19.2 libldap-2_4-2-32bit-debuginfo-2.4.46-9.19.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.19.2 libldap-2_4-2-debuginfo-2.4.46-9.19.2 openldap2-client-2.4.46-9.19.2 openldap2-client-debuginfo-2.4.46-9.19.2 openldap2-debuginfo-2.4.46-9.19.2 openldap2-debugsource-2.4.46-9.19.2 openldap2-devel-2.4.46-9.19.2 openldap2-devel-static-2.4.46-9.19.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libldap-2_4-2-32bit-2.4.46-9.19.2 libldap-2_4-2-32bit-debuginfo-2.4.46-9.19.2 References: https://www.suse.com/security/cve/CVE-2017-17740.html https://www.suse.com/security/cve/CVE-2019-13057.html https://www.suse.com/security/cve/CVE-2019-13565.html https://bugzilla.suse.com/1073313 https://bugzilla.suse.com/1111388 https://bugzilla.suse.com/1114845 https://bugzilla.suse.com/1143194 https://bugzilla.suse.com/1143273 From sle-updates at lists.suse.com Wed Sep 18 07:10:38 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Sep 2019 15:10:38 +0200 (CEST) Subject: SUSE-SU-2019:2397-1: moderate: Security update for openssl Message-ID: <20190918131038.9A6A2F7B3@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2397-1 Rating: moderate References: #1150003 #1150250 Cross-References: CVE-2019-1547 CVE-2019-1563 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP1-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl fixes the following issues: - OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed a Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2397=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2397=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP1 (noarch): openssl-doc-1.0.1i-54.29.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): libopenssl1_0_0-1.0.1i-54.29.1 libopenssl1_0_0-32bit-1.0.1i-54.29.1 libopenssl1_0_0-debuginfo-1.0.1i-54.29.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.29.1 libopenssl1_0_0-hmac-1.0.1i-54.29.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.29.1 openssl-1.0.1i-54.29.1 openssl-debuginfo-1.0.1i-54.29.1 openssl-debugsource-1.0.1i-54.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): libopenssl1_0_0-1.0.1i-54.29.1 libopenssl1_0_0-debuginfo-1.0.1i-54.29.1 libopenssl1_0_0-hmac-1.0.1i-54.29.1 openssl-1.0.1i-54.29.1 openssl-debuginfo-1.0.1i-54.29.1 openssl-debugsource-1.0.1i-54.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.1i-54.29.1 libopenssl1_0_0-debuginfo-32bit-1.0.1i-54.29.1 libopenssl1_0_0-hmac-32bit-1.0.1i-54.29.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (noarch): openssl-doc-1.0.1i-54.29.1 References: https://www.suse.com/security/cve/CVE-2019-1547.html https://www.suse.com/security/cve/CVE-2019-1563.html https://bugzilla.suse.com/1150003 https://bugzilla.suse.com/1150250 From sle-updates at lists.suse.com Wed Sep 18 10:10:57 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Sep 2019 18:10:57 +0200 (CEST) Subject: SUSE-SU-2019:2399-1: moderate: Security update for python-urllib3 Message-ID: <20190918161057.3F3AEF7B3@maintenance.suse.de> SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2399-1 Rating: moderate References: #1119376 #1129071 #1132663 Cross-References: CVE-2018-20060 CVE-2019-11236 CVE-2019-9740 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). - CVE-2018-20060: Remove Authorization header when redirecting cross-host (bsc#1119376). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2399=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-urllib3-1.16-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-20060.html https://www.suse.com/security/cve/CVE-2019-11236.html https://www.suse.com/security/cve/CVE-2019-9740.html https://bugzilla.suse.com/1119376 https://bugzilla.suse.com/1129071 https://bugzilla.suse.com/1132663 From sle-updates at lists.suse.com Wed Sep 18 10:11:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Sep 2019 18:11:52 +0200 (CEST) Subject: SUSE-RU-2019:2398-1: important: Recommended update for caasp-release Message-ID: <20190918161152.3180CF7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for caasp-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2398-1 Rating: important References: #1150917 Affected Products: SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for caasp-release fixes the following issues: - CaaSP 4.0 will no longer get marked as GMC1 (bsc#1150917) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.0 (x86_64): caasp-release-4.0-8.1 References: https://bugzilla.suse.com/1150917 From sle-updates at lists.suse.com Wed Sep 18 10:12:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Sep 2019 18:12:31 +0200 (CEST) Subject: SUSE-SU-2019:2401-1: moderate: Security update for libreoffice Message-ID: <20190918161231.1E834F7B3@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2401-1 Rating: moderate References: #1133534 #1141861 #1141862 #1146098 #1146105 #1146107 #1149943 #1149944 Cross-References: CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9854 CVE-2019-9855 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for libreoffice to version 6.2.7.1 fixes the following issues: Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). - CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105). - CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107). - CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098). - CVE-2019-9854: Fixed unsafe URL assembly flaw (bsc#1149944). - CVE-2019-9855: Fixed path equivalence handling flaw (bsc#1149943) Non-security issue fixed: - SmartArt: Basic rendering of Trapezoid List (bsc#1133534) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2401=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2401=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2401=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): libreoffice-branding-upstream-6.2.7.1-43.56.3 libreoffice-icon-themes-6.2.7.1-43.56.3 libreoffice-l10n-af-6.2.7.1-43.56.3 libreoffice-l10n-ar-6.2.7.1-43.56.3 libreoffice-l10n-bg-6.2.7.1-43.56.3 libreoffice-l10n-ca-6.2.7.1-43.56.3 libreoffice-l10n-cs-6.2.7.1-43.56.3 libreoffice-l10n-da-6.2.7.1-43.56.3 libreoffice-l10n-de-6.2.7.1-43.56.3 libreoffice-l10n-en-6.2.7.1-43.56.3 libreoffice-l10n-es-6.2.7.1-43.56.3 libreoffice-l10n-fi-6.2.7.1-43.56.3 libreoffice-l10n-fr-6.2.7.1-43.56.3 libreoffice-l10n-gu-6.2.7.1-43.56.3 libreoffice-l10n-hi-6.2.7.1-43.56.3 libreoffice-l10n-hr-6.2.7.1-43.56.3 libreoffice-l10n-hu-6.2.7.1-43.56.3 libreoffice-l10n-it-6.2.7.1-43.56.3 libreoffice-l10n-ja-6.2.7.1-43.56.3 libreoffice-l10n-ko-6.2.7.1-43.56.3 libreoffice-l10n-lt-6.2.7.1-43.56.3 libreoffice-l10n-nb-6.2.7.1-43.56.3 libreoffice-l10n-nl-6.2.7.1-43.56.3 libreoffice-l10n-nn-6.2.7.1-43.56.3 libreoffice-l10n-pl-6.2.7.1-43.56.3 libreoffice-l10n-pt_BR-6.2.7.1-43.56.3 libreoffice-l10n-pt_PT-6.2.7.1-43.56.3 libreoffice-l10n-ro-6.2.7.1-43.56.3 libreoffice-l10n-ru-6.2.7.1-43.56.3 libreoffice-l10n-sk-6.2.7.1-43.56.3 libreoffice-l10n-sv-6.2.7.1-43.56.3 libreoffice-l10n-uk-6.2.7.1-43.56.3 libreoffice-l10n-xh-6.2.7.1-43.56.3 libreoffice-l10n-zh_CN-6.2.7.1-43.56.3 libreoffice-l10n-zh_TW-6.2.7.1-43.56.3 libreoffice-l10n-zu-6.2.7.1-43.56.3 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): libreoffice-6.2.7.1-43.56.3 libreoffice-base-6.2.7.1-43.56.3 libreoffice-base-debuginfo-6.2.7.1-43.56.3 libreoffice-base-drivers-postgresql-6.2.7.1-43.56.3 libreoffice-base-drivers-postgresql-debuginfo-6.2.7.1-43.56.3 libreoffice-calc-6.2.7.1-43.56.3 libreoffice-calc-debuginfo-6.2.7.1-43.56.3 libreoffice-calc-extensions-6.2.7.1-43.56.3 libreoffice-debuginfo-6.2.7.1-43.56.3 libreoffice-debugsource-6.2.7.1-43.56.3 libreoffice-draw-6.2.7.1-43.56.3 libreoffice-draw-debuginfo-6.2.7.1-43.56.3 libreoffice-filters-optional-6.2.7.1-43.56.3 libreoffice-gnome-6.2.7.1-43.56.3 libreoffice-gnome-debuginfo-6.2.7.1-43.56.3 libreoffice-gtk2-6.2.7.1-43.56.3 libreoffice-gtk2-debuginfo-6.2.7.1-43.56.3 libreoffice-impress-6.2.7.1-43.56.3 libreoffice-impress-debuginfo-6.2.7.1-43.56.3 libreoffice-mailmerge-6.2.7.1-43.56.3 libreoffice-math-6.2.7.1-43.56.3 libreoffice-math-debuginfo-6.2.7.1-43.56.3 libreoffice-officebean-6.2.7.1-43.56.3 libreoffice-officebean-debuginfo-6.2.7.1-43.56.3 libreoffice-pyuno-6.2.7.1-43.56.3 libreoffice-pyuno-debuginfo-6.2.7.1-43.56.3 libreoffice-writer-6.2.7.1-43.56.3 libreoffice-writer-debuginfo-6.2.7.1-43.56.3 libreoffice-writer-extensions-6.2.7.1-43.56.3 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 x86_64): libreoffice-debuginfo-6.2.7.1-43.56.3 libreoffice-debugsource-6.2.7.1-43.56.3 libreoffice-sdk-6.2.7.1-43.56.3 libreoffice-sdk-debuginfo-6.2.7.1-43.56.3 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libreoffice-6.2.7.1-43.56.3 libreoffice-base-6.2.7.1-43.56.3 libreoffice-base-debuginfo-6.2.7.1-43.56.3 libreoffice-base-drivers-postgresql-6.2.7.1-43.56.3 libreoffice-base-drivers-postgresql-debuginfo-6.2.7.1-43.56.3 libreoffice-calc-6.2.7.1-43.56.3 libreoffice-calc-debuginfo-6.2.7.1-43.56.3 libreoffice-calc-extensions-6.2.7.1-43.56.3 libreoffice-debuginfo-6.2.7.1-43.56.3 libreoffice-debugsource-6.2.7.1-43.56.3 libreoffice-draw-6.2.7.1-43.56.3 libreoffice-draw-debuginfo-6.2.7.1-43.56.3 libreoffice-filters-optional-6.2.7.1-43.56.3 libreoffice-gnome-6.2.7.1-43.56.3 libreoffice-gnome-debuginfo-6.2.7.1-43.56.3 libreoffice-gtk2-6.2.7.1-43.56.3 libreoffice-gtk2-debuginfo-6.2.7.1-43.56.3 libreoffice-impress-6.2.7.1-43.56.3 libreoffice-impress-debuginfo-6.2.7.1-43.56.3 libreoffice-mailmerge-6.2.7.1-43.56.3 libreoffice-math-6.2.7.1-43.56.3 libreoffice-math-debuginfo-6.2.7.1-43.56.3 libreoffice-officebean-6.2.7.1-43.56.3 libreoffice-officebean-debuginfo-6.2.7.1-43.56.3 libreoffice-pyuno-6.2.7.1-43.56.3 libreoffice-pyuno-debuginfo-6.2.7.1-43.56.3 libreoffice-writer-6.2.7.1-43.56.3 libreoffice-writer-debuginfo-6.2.7.1-43.56.3 libreoffice-writer-extensions-6.2.7.1-43.56.3 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): libreoffice-branding-upstream-6.2.7.1-43.56.3 libreoffice-icon-themes-6.2.7.1-43.56.3 libreoffice-l10n-af-6.2.7.1-43.56.3 libreoffice-l10n-ar-6.2.7.1-43.56.3 libreoffice-l10n-ca-6.2.7.1-43.56.3 libreoffice-l10n-cs-6.2.7.1-43.56.3 libreoffice-l10n-da-6.2.7.1-43.56.3 libreoffice-l10n-de-6.2.7.1-43.56.3 libreoffice-l10n-en-6.2.7.1-43.56.3 libreoffice-l10n-es-6.2.7.1-43.56.3 libreoffice-l10n-fi-6.2.7.1-43.56.3 libreoffice-l10n-fr-6.2.7.1-43.56.3 libreoffice-l10n-gu-6.2.7.1-43.56.3 libreoffice-l10n-hi-6.2.7.1-43.56.3 libreoffice-l10n-hu-6.2.7.1-43.56.3 libreoffice-l10n-it-6.2.7.1-43.56.3 libreoffice-l10n-ja-6.2.7.1-43.56.3 libreoffice-l10n-ko-6.2.7.1-43.56.3 libreoffice-l10n-nb-6.2.7.1-43.56.3 libreoffice-l10n-nl-6.2.7.1-43.56.3 libreoffice-l10n-nn-6.2.7.1-43.56.3 libreoffice-l10n-pl-6.2.7.1-43.56.3 libreoffice-l10n-pt_BR-6.2.7.1-43.56.3 libreoffice-l10n-pt_PT-6.2.7.1-43.56.3 libreoffice-l10n-ro-6.2.7.1-43.56.3 libreoffice-l10n-ru-6.2.7.1-43.56.3 libreoffice-l10n-sk-6.2.7.1-43.56.3 libreoffice-l10n-sv-6.2.7.1-43.56.3 libreoffice-l10n-xh-6.2.7.1-43.56.3 libreoffice-l10n-zh_CN-6.2.7.1-43.56.3 libreoffice-l10n-zh_TW-6.2.7.1-43.56.3 libreoffice-l10n-zu-6.2.7.1-43.56.3 References: https://www.suse.com/security/cve/CVE-2019-9848.html https://www.suse.com/security/cve/CVE-2019-9849.html https://www.suse.com/security/cve/CVE-2019-9850.html https://www.suse.com/security/cve/CVE-2019-9851.html https://www.suse.com/security/cve/CVE-2019-9852.html https://www.suse.com/security/cve/CVE-2019-9854.html https://www.suse.com/security/cve/CVE-2019-9855.html https://bugzilla.suse.com/1133534 https://bugzilla.suse.com/1141861 https://bugzilla.suse.com/1141862 https://bugzilla.suse.com/1146098 https://bugzilla.suse.com/1146105 https://bugzilla.suse.com/1146107 https://bugzilla.suse.com/1149943 https://bugzilla.suse.com/1149944 From sle-updates at lists.suse.com Wed Sep 18 10:14:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Sep 2019 18:14:27 +0200 (CEST) Subject: SUSE-SU-2019:2402-1: moderate: Security update for libreoffice Message-ID: <20190918161427.08CA7F7B3@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2402-1 Rating: moderate References: #1133534 #1141861 #1141862 #1146098 #1146105 #1146107 #1149943 #1149944 Cross-References: CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9854 CVE-2019-9855 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for libreoffice fixes the following issues: Updated to version 6.2.7.1. Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). - CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105). - CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107). - CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098). - CVE-2019-9854: Fixed unsafe URL assembly flaw (bsc#1149944). - CVE-2019-9855: Fixed path equivalence handling flaw (bsc#1149943) Non-security issue fixed: - SmartArt: Basic rendering of Trapezoid List (bsc#1133534). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2402=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2402=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): libreoffice-6.2.7.1-8.10.1 libreoffice-base-6.2.7.1-8.10.1 libreoffice-base-debuginfo-6.2.7.1-8.10.1 libreoffice-base-drivers-postgresql-6.2.7.1-8.10.1 libreoffice-base-drivers-postgresql-debuginfo-6.2.7.1-8.10.1 libreoffice-calc-6.2.7.1-8.10.1 libreoffice-calc-debuginfo-6.2.7.1-8.10.1 libreoffice-calc-extensions-6.2.7.1-8.10.1 libreoffice-debuginfo-6.2.7.1-8.10.1 libreoffice-debugsource-6.2.7.1-8.10.1 libreoffice-draw-6.2.7.1-8.10.1 libreoffice-draw-debuginfo-6.2.7.1-8.10.1 libreoffice-filters-optional-6.2.7.1-8.10.1 libreoffice-gnome-6.2.7.1-8.10.1 libreoffice-gnome-debuginfo-6.2.7.1-8.10.1 libreoffice-gtk3-6.2.7.1-8.10.1 libreoffice-gtk3-debuginfo-6.2.7.1-8.10.1 libreoffice-impress-6.2.7.1-8.10.1 libreoffice-impress-debuginfo-6.2.7.1-8.10.1 libreoffice-mailmerge-6.2.7.1-8.10.1 libreoffice-math-6.2.7.1-8.10.1 libreoffice-math-debuginfo-6.2.7.1-8.10.1 libreoffice-officebean-6.2.7.1-8.10.1 libreoffice-officebean-debuginfo-6.2.7.1-8.10.1 libreoffice-pyuno-6.2.7.1-8.10.1 libreoffice-pyuno-debuginfo-6.2.7.1-8.10.1 libreoffice-writer-6.2.7.1-8.10.1 libreoffice-writer-debuginfo-6.2.7.1-8.10.1 libreoffice-writer-extensions-6.2.7.1-8.10.1 libreofficekit-6.2.7.1-8.10.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): libreoffice-branding-upstream-6.2.7.1-8.10.1 libreoffice-icon-themes-6.2.7.1-8.10.1 libreoffice-l10n-af-6.2.7.1-8.10.1 libreoffice-l10n-ar-6.2.7.1-8.10.1 libreoffice-l10n-as-6.2.7.1-8.10.1 libreoffice-l10n-bg-6.2.7.1-8.10.1 libreoffice-l10n-bn-6.2.7.1-8.10.1 libreoffice-l10n-br-6.2.7.1-8.10.1 libreoffice-l10n-ca-6.2.7.1-8.10.1 libreoffice-l10n-cs-6.2.7.1-8.10.1 libreoffice-l10n-cy-6.2.7.1-8.10.1 libreoffice-l10n-da-6.2.7.1-8.10.1 libreoffice-l10n-de-6.2.7.1-8.10.1 libreoffice-l10n-dz-6.2.7.1-8.10.1 libreoffice-l10n-el-6.2.7.1-8.10.1 libreoffice-l10n-en-6.2.7.1-8.10.1 libreoffice-l10n-eo-6.2.7.1-8.10.1 libreoffice-l10n-es-6.2.7.1-8.10.1 libreoffice-l10n-et-6.2.7.1-8.10.1 libreoffice-l10n-eu-6.2.7.1-8.10.1 libreoffice-l10n-fa-6.2.7.1-8.10.1 libreoffice-l10n-fi-6.2.7.1-8.10.1 libreoffice-l10n-fr-6.2.7.1-8.10.1 libreoffice-l10n-ga-6.2.7.1-8.10.1 libreoffice-l10n-gl-6.2.7.1-8.10.1 libreoffice-l10n-gu-6.2.7.1-8.10.1 libreoffice-l10n-he-6.2.7.1-8.10.1 libreoffice-l10n-hi-6.2.7.1-8.10.1 libreoffice-l10n-hr-6.2.7.1-8.10.1 libreoffice-l10n-hu-6.2.7.1-8.10.1 libreoffice-l10n-it-6.2.7.1-8.10.1 libreoffice-l10n-ja-6.2.7.1-8.10.1 libreoffice-l10n-kk-6.2.7.1-8.10.1 libreoffice-l10n-kn-6.2.7.1-8.10.1 libreoffice-l10n-ko-6.2.7.1-8.10.1 libreoffice-l10n-lt-6.2.7.1-8.10.1 libreoffice-l10n-lv-6.2.7.1-8.10.1 libreoffice-l10n-mai-6.2.7.1-8.10.1 libreoffice-l10n-ml-6.2.7.1-8.10.1 libreoffice-l10n-mr-6.2.7.1-8.10.1 libreoffice-l10n-nb-6.2.7.1-8.10.1 libreoffice-l10n-nl-6.2.7.1-8.10.1 libreoffice-l10n-nn-6.2.7.1-8.10.1 libreoffice-l10n-nr-6.2.7.1-8.10.1 libreoffice-l10n-nso-6.2.7.1-8.10.1 libreoffice-l10n-or-6.2.7.1-8.10.1 libreoffice-l10n-pa-6.2.7.1-8.10.1 libreoffice-l10n-pl-6.2.7.1-8.10.1 libreoffice-l10n-pt_BR-6.2.7.1-8.10.1 libreoffice-l10n-pt_PT-6.2.7.1-8.10.1 libreoffice-l10n-ro-6.2.7.1-8.10.1 libreoffice-l10n-ru-6.2.7.1-8.10.1 libreoffice-l10n-si-6.2.7.1-8.10.1 libreoffice-l10n-sk-6.2.7.1-8.10.1 libreoffice-l10n-sl-6.2.7.1-8.10.1 libreoffice-l10n-sr-6.2.7.1-8.10.1 libreoffice-l10n-ss-6.2.7.1-8.10.1 libreoffice-l10n-st-6.2.7.1-8.10.1 libreoffice-l10n-sv-6.2.7.1-8.10.1 libreoffice-l10n-ta-6.2.7.1-8.10.1 libreoffice-l10n-te-6.2.7.1-8.10.1 libreoffice-l10n-th-6.2.7.1-8.10.1 libreoffice-l10n-tn-6.2.7.1-8.10.1 libreoffice-l10n-tr-6.2.7.1-8.10.1 libreoffice-l10n-ts-6.2.7.1-8.10.1 libreoffice-l10n-uk-6.2.7.1-8.10.1 libreoffice-l10n-ve-6.2.7.1-8.10.1 libreoffice-l10n-xh-6.2.7.1-8.10.1 libreoffice-l10n-zh_CN-6.2.7.1-8.10.1 libreoffice-l10n-zh_TW-6.2.7.1-8.10.1 libreoffice-l10n-zu-6.2.7.1-8.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 x86_64): libreoffice-debuginfo-6.2.7.1-8.10.1 libreoffice-debugsource-6.2.7.1-8.10.1 libreoffice-gtk2-6.2.7.1-8.10.1 libreoffice-gtk2-debuginfo-6.2.7.1-8.10.1 libreoffice-sdk-6.2.7.1-8.10.1 libreoffice-sdk-debuginfo-6.2.7.1-8.10.1 libreoffice-sdk-doc-6.2.7.1-8.10.1 libreofficekit-devel-6.2.7.1-8.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): libreoffice-gdb-pretty-printers-6.2.7.1-8.10.1 libreoffice-glade-6.2.7.1-8.10.1 libreoffice-l10n-am-6.2.7.1-8.10.1 libreoffice-l10n-ast-6.2.7.1-8.10.1 libreoffice-l10n-be-6.2.7.1-8.10.1 libreoffice-l10n-bn_IN-6.2.7.1-8.10.1 libreoffice-l10n-bo-6.2.7.1-8.10.1 libreoffice-l10n-brx-6.2.7.1-8.10.1 libreoffice-l10n-bs-6.2.7.1-8.10.1 libreoffice-l10n-ca_valencia-6.2.7.1-8.10.1 libreoffice-l10n-dgo-6.2.7.1-8.10.1 libreoffice-l10n-en_GB-6.2.7.1-8.10.1 libreoffice-l10n-en_ZA-6.2.7.1-8.10.1 libreoffice-l10n-fy-6.2.7.1-8.10.1 libreoffice-l10n-gd-6.2.7.1-8.10.1 libreoffice-l10n-gug-6.2.7.1-8.10.1 libreoffice-l10n-hsb-6.2.7.1-8.10.1 libreoffice-l10n-id-6.2.7.1-8.10.1 libreoffice-l10n-is-6.2.7.1-8.10.1 libreoffice-l10n-ka-6.2.7.1-8.10.1 libreoffice-l10n-kab-6.2.7.1-8.10.1 libreoffice-l10n-km-6.2.7.1-8.10.1 libreoffice-l10n-kmr_Latn-6.2.7.1-8.10.1 libreoffice-l10n-kok-6.2.7.1-8.10.1 libreoffice-l10n-ks-6.2.7.1-8.10.1 libreoffice-l10n-lb-6.2.7.1-8.10.1 libreoffice-l10n-lo-6.2.7.1-8.10.1 libreoffice-l10n-mk-6.2.7.1-8.10.1 libreoffice-l10n-mn-6.2.7.1-8.10.1 libreoffice-l10n-mni-6.2.7.1-8.10.1 libreoffice-l10n-my-6.2.7.1-8.10.1 libreoffice-l10n-ne-6.2.7.1-8.10.1 libreoffice-l10n-oc-6.2.7.1-8.10.1 libreoffice-l10n-om-6.2.7.1-8.10.1 libreoffice-l10n-rw-6.2.7.1-8.10.1 libreoffice-l10n-sa_IN-6.2.7.1-8.10.1 libreoffice-l10n-sat-6.2.7.1-8.10.1 libreoffice-l10n-sd-6.2.7.1-8.10.1 libreoffice-l10n-sid-6.2.7.1-8.10.1 libreoffice-l10n-sq-6.2.7.1-8.10.1 libreoffice-l10n-sw_TZ-6.2.7.1-8.10.1 libreoffice-l10n-tg-6.2.7.1-8.10.1 libreoffice-l10n-tt-6.2.7.1-8.10.1 libreoffice-l10n-ug-6.2.7.1-8.10.1 libreoffice-l10n-uz-6.2.7.1-8.10.1 libreoffice-l10n-vec-6.2.7.1-8.10.1 libreoffice-l10n-vi-6.2.7.1-8.10.1 References: https://www.suse.com/security/cve/CVE-2019-9848.html https://www.suse.com/security/cve/CVE-2019-9849.html https://www.suse.com/security/cve/CVE-2019-9850.html https://www.suse.com/security/cve/CVE-2019-9851.html https://www.suse.com/security/cve/CVE-2019-9852.html https://www.suse.com/security/cve/CVE-2019-9854.html https://www.suse.com/security/cve/CVE-2019-9855.html https://bugzilla.suse.com/1133534 https://bugzilla.suse.com/1141861 https://bugzilla.suse.com/1141862 https://bugzilla.suse.com/1146098 https://bugzilla.suse.com/1146105 https://bugzilla.suse.com/1146107 https://bugzilla.suse.com/1149943 https://bugzilla.suse.com/1149944 From sle-updates at lists.suse.com Wed Sep 18 10:16:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Sep 2019 18:16:12 +0200 (CEST) Subject: SUSE-SU-2019:2400-1: moderate: Security update for python-Werkzeug Message-ID: <20190918161612.E4FE7F7B3@maintenance.suse.de> SUSE Security Update: Security update for python-Werkzeug ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2400-1 Rating: moderate References: #1145383 Cross-References: CVE-2019-14806 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2400=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2400=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Werkzeug-0.14.1-3.3.1 - SUSE OpenStack Cloud 9 (noarch): python-Werkzeug-0.14.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-14806.html https://bugzilla.suse.com/1145383 From sle-updates at lists.suse.com Wed Sep 18 13:11:02 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Sep 2019 21:11:02 +0200 (CEST) Subject: SUSE-RU-2019:2404-1: moderate: Recommended update for crmsh Message-ID: <20190918191102.B04CBF7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2404-1 Rating: moderate References: #1093564 #1116559 #1120554 #1120555 #1120586 #1120587 #1123187 #1129380 #1129383 #1129719 #1130715 #1135696 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix: bsc#1120554, bsc#1120555 crmsh crashed when using configure>template>apply - Fix: bsc#1120587,bsc#1120586 bootstrap warning messages should better start with like "WARNING:" instead of "!" - Fix: bsc#1129719: check command and related files exist - Fix: cibconfig: #425 The ID attribute is not required for select and select_attributes - Fix: hb_report: analysis.txt should includes warning, error, critical messages(bsc#1135696) - Fix: hb_report: handle UnicodeDecodeError(bsc#1130715) - High: constants: add "promotable", "promoted-max" and "promoted-node-max" in clone meta attributes - High: hbreport: fix UnicodeEncodeError while print(bsc#1093564) - Medium: cibverify: Increase log level for verification (bsc#1116559) - Medium: scripts: Set kind for order constraints, not score (bsc#1123187) - Low: hb_report: collect output of "sbd dump" and "sbd list". (bsc#1129383) - Low: msg: add timestamp for DEBUG messages. (bsc#1129380) - Low: utils: Add support for dpkg and apt-get - Low: utils: convert string contstants to bytes - Dev: hb_report: Using Tempfile class to manage tempfiles Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2404=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.0.0+git.1553262403.5da14df5-2.11.1 crmsh-scripts-4.0.0+git.1553262403.5da14df5-2.11.1 References: https://bugzilla.suse.com/1093564 https://bugzilla.suse.com/1116559 https://bugzilla.suse.com/1120554 https://bugzilla.suse.com/1120555 https://bugzilla.suse.com/1120586 https://bugzilla.suse.com/1120587 https://bugzilla.suse.com/1123187 https://bugzilla.suse.com/1129380 https://bugzilla.suse.com/1129383 https://bugzilla.suse.com/1129719 https://bugzilla.suse.com/1130715 https://bugzilla.suse.com/1135696 From sle-updates at lists.suse.com Wed Sep 18 13:13:15 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 18 Sep 2019 21:13:15 +0200 (CEST) Subject: SUSE-SU-2019:2403-1: moderate: Security update for openssl-1_1 Message-ID: <20190918191315.317A1F7B3@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2403-1 Rating: moderate References: #1150003 #1150250 Cross-References: CVE-2019-1547 CVE-2019-1563 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2403=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2403=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): openssl-1_1-doc-1.1.0i-14.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.3.1 openssl-1_1-debugsource-1.1.0i-14.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-14.3.1 libopenssl1_1-1.1.0i-14.3.1 libopenssl1_1-debuginfo-1.1.0i-14.3.1 libopenssl1_1-hmac-1.1.0i-14.3.1 openssl-1_1-1.1.0i-14.3.1 openssl-1_1-debuginfo-1.1.0i-14.3.1 openssl-1_1-debugsource-1.1.0i-14.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libopenssl1_1-32bit-1.1.0i-14.3.1 libopenssl1_1-32bit-debuginfo-1.1.0i-14.3.1 libopenssl1_1-hmac-32bit-1.1.0i-14.3.1 References: https://www.suse.com/security/cve/CVE-2019-1547.html https://www.suse.com/security/cve/CVE-2019-1563.html https://bugzilla.suse.com/1150003 https://bugzilla.suse.com/1150250 From sle-updates at lists.suse.com Thu Sep 19 04:10:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Sep 2019 12:10:56 +0200 (CEST) Subject: SUSE-RU-2019:2405-1: moderate: Recommended update for pacemaker Message-ID: <20190919101057.04833F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2405-1 Rating: moderate References: #1032511 #1127716 #1130122 #1131353 #1131356 #1133866 #1136712 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - scheduler: Wait for probe actions to complete preventing unnecessary restart/re-promote of dependent resources. (bsc#1130122, bsc#1032511) - controller: Confirm cancel of failed monitors. (bsc#1133866) - controller: Improve failed recurring action messages in the logs and improve SAPHanaSR transition efficiency. (bsc#1133866) - libcrmcommon: Return error when applying XML diffs containing unknown operations. (bsc#1127716) - libcrmcommon: Avoid possible use of NULL when applying XML diffs and apply them correctly with multiple move/create changes. (bsc#1127716) - libcrmcommon: Return proper code if testing PID is denied and avoid NULL by returning active process ID. (bsc#1131353, bsc#1131356) - contoller,scheduler: Guarding hash table of deleting. (bsc#1136712) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-2405=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.18+20180430.b12c320f5-3.12.1 libpacemaker3-1.1.18+20180430.b12c320f5-3.12.1 libpacemaker3-debuginfo-1.1.18+20180430.b12c320f5-3.12.1 pacemaker-1.1.18+20180430.b12c320f5-3.12.1 pacemaker-cli-1.1.18+20180430.b12c320f5-3.12.1 pacemaker-cli-debuginfo-1.1.18+20180430.b12c320f5-3.12.1 pacemaker-debuginfo-1.1.18+20180430.b12c320f5-3.12.1 pacemaker-debugsource-1.1.18+20180430.b12c320f5-3.12.1 pacemaker-remote-1.1.18+20180430.b12c320f5-3.12.1 pacemaker-remote-debuginfo-1.1.18+20180430.b12c320f5-3.12.1 - SUSE Linux Enterprise High Availability 15 (noarch): pacemaker-cts-1.1.18+20180430.b12c320f5-3.12.1 References: https://bugzilla.suse.com/1032511 https://bugzilla.suse.com/1127716 https://bugzilla.suse.com/1130122 https://bugzilla.suse.com/1131353 https://bugzilla.suse.com/1131356 https://bugzilla.suse.com/1133866 https://bugzilla.suse.com/1136712 From sle-updates at lists.suse.com Thu Sep 19 10:12:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Sep 2019 18:12:07 +0200 (CEST) Subject: SUSE-RU-2019:2406-1: moderate: Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer Message-ID: <20190919161207.E0344F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2406-1 Rating: moderate References: #1146853 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Module for Public Cloud 12 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aws-cli, python-boto3, python-botocore, python-s3transfer fixes the following issues: aws-cli was updated to version 1.16.223 (bsc#1146853): + For detailed changes see https://github.com/aws/aws-cli/blob/1.16.223/CHANGELOG.rst python-boto3 was updated to 1.12.213, python-botocore was updated to 1.9.213 and python-s3transfer was updated to 0.2.1 bringing a lot of features and bugfixes (bsc#1146853) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2406=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2406=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2406=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2406=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): aws-cli-1.16.223-22.6.1 python-botocore-1.12.213-28.9.1 python-s3transfer-0.2.1-6.9.1 - SUSE OpenStack Cloud 8 (noarch): aws-cli-1.16.223-22.6.1 python-botocore-1.12.213-28.9.1 python-s3transfer-0.2.1-6.9.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): aws-cli-1.16.223-22.6.1 python-boto3-1.9.213-14.6.1 python-botocore-1.12.213-28.9.1 python-s3transfer-0.2.1-6.9.1 - HPE Helion Openstack 8 (noarch): aws-cli-1.16.223-22.6.1 python-botocore-1.12.213-28.9.1 python-s3transfer-0.2.1-6.9.1 References: https://bugzilla.suse.com/1146853 From sle-updates at lists.suse.com Thu Sep 19 13:10:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Sep 2019 21:10:31 +0200 (CEST) Subject: SUSE-SU-2019:14174-1: moderate: Security update for openssl Message-ID: <20190919191031.47055F7B3@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14174-1 Rating: moderate References: #1150003 #1150250 Cross-References: CVE-2019-1547 CVE-2019-1563 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssl-14174=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-14174=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-14174=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-14174=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.106.25.1 libopenssl0_9_8-hmac-0.9.8j-0.106.25.1 openssl-0.9.8j-0.106.25.1 openssl-doc-0.9.8j-0.106.25.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.25.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.25.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libopenssl-devel-0.9.8j-0.106.25.1 libopenssl0_9_8-0.9.8j-0.106.25.1 libopenssl0_9_8-hmac-0.9.8j-0.106.25.1 openssl-0.9.8j-0.106.25.1 openssl-doc-0.9.8j-0.106.25.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.25.1 openssl-debugsource-0.9.8j-0.106.25.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.25.1 openssl-debugsource-0.9.8j-0.106.25.1 References: https://www.suse.com/security/cve/CVE-2019-1547.html https://www.suse.com/security/cve/CVE-2019-1563.html https://bugzilla.suse.com/1150003 https://bugzilla.suse.com/1150250 From sle-updates at lists.suse.com Thu Sep 19 10:11:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 19 Sep 2019 18:11:11 +0200 (CEST) Subject: SUSE-RU-2019:2407-1: moderate: Recommended update for product-builder, product-builder-plugin-SLE_15 Message-ID: <20190919161112.026EBF7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for product-builder, product-builder-plugin-SLE_15 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2407-1 Rating: moderate References: #1149783 #1150238 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for product-builder, product-builder-plugin-SLE_15 fixes the following issues: product-builder was updated to version 1.2.4: - SLE wrapper got merged - handle multiple packages with same name but different version/release in one repo. (bsc#1150238) - avoid inclusion of rpms in /boot/ directory into metadata (bsc#1149783) - generate cpeid information into report files Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2407=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): product-builder-1.2.4-8.4.1 References: https://bugzilla.suse.com/1149783 https://bugzilla.suse.com/1150238 From sle-updates at lists.suse.com Thu Sep 19 19:10:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 03:10:30 +0200 (CEST) Subject: SUSE-RU-2019:2202-2: moderate: Recommended update for openvswitch Message-ID: <20190920011030.0A22DF7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2202-2 Rating: moderate References: #1132029 #1138948 #1139798 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openvswitch contains the following changes: - fixes a permission error on logrotating (bsc#1132029, bsc#1139798) - This version update to 2.11.1 for openvswitch includes many minor bug fixes (Please refer to the rpm changelog file to see the full list) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2019-2202=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): openvswitch-debuginfo-2.11.1-3.7.1 openvswitch-debugsource-2.11.1-3.7.1 python2-ovs-2.11.1-3.7.1 python2-ovs-debuginfo-2.11.1-3.7.1 python3-ovs-2.11.1-3.7.1 python3-ovs-debuginfo-2.11.1-3.7.1 References: https://bugzilla.suse.com/1132029 https://bugzilla.suse.com/1138948 https://bugzilla.suse.com/1139798 From sle-updates at lists.suse.com Thu Sep 19 19:11:31 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 03:11:31 +0200 (CEST) Subject: SUSE-SU-2019:2365-2: moderate: Security update for python-Werkzeug Message-ID: <20190920011132.00685F7B3@maintenance.suse.de> SUSE Security Update: Security update for python-Werkzeug ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2365-2 Rating: moderate References: #1145383 Cross-References: CVE-2019-14806 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2019-2365=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-Werkzeug-0.14.1-6.3.1 References: https://www.suse.com/security/cve/CVE-2019-14806.html https://bugzilla.suse.com/1145383 From sle-updates at lists.suse.com Thu Sep 19 19:12:10 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 03:12:10 +0200 (CEST) Subject: SUSE-RU-2019:1986-2: moderate: Recommended update for plymouth Message-ID: <20190920011210.C8F28F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for plymouth ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:1986-2 Rating: moderate References: #1138248 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for plymouth fixes the following issues: - Add dependency to dracut for plymouth-scripts. (bsc#1138248). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2019-1986=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): plymouth-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 plymouth-debugsource-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-label-ft-0.9.4+git20190304.ed9f201-3.3.1 plymouth-plugin-label-ft-debuginfo-0.9.4+git20190304.ed9f201-3.3.1 References: https://bugzilla.suse.com/1138248 From sle-updates at lists.suse.com Thu Sep 19 19:12:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 03:12:48 +0200 (CEST) Subject: SUSE-SU-2019:2253-2: important: Security update for python-SQLAlchemy Message-ID: <20190920011248.55E38F7B3@maintenance.suse.de> SUSE Security Update: Security update for python-SQLAlchemy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2253-2 Rating: important References: #1124593 Cross-References: CVE-2019-7164 CVE-2019-7548 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-SQLAlchemy fixes the following issues: Security issues fixed: - CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593). - CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2019-2253=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): python-SQLAlchemy-debuginfo-1.2.14-6.3.1 python-SQLAlchemy-debugsource-1.2.14-6.3.1 python2-SQLAlchemy-1.2.14-6.3.1 python2-SQLAlchemy-debuginfo-1.2.14-6.3.1 References: https://www.suse.com/security/cve/CVE-2019-7164.html https://www.suse.com/security/cve/CVE-2019-7548.html https://bugzilla.suse.com/1124593 From sle-updates at lists.suse.com Fri Sep 20 07:10:50 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 15:10:50 +0200 (CEST) Subject: SUSE-SU-2019:2410-1: moderate: Security update for openssl-1_1 Message-ID: <20190920131051.05586F7B3@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2410-1 Rating: moderate References: #1150003 #1150250 Cross-References: CVE-2019-1547 CVE-2019-1563 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2410=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2410=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): openssl-1_1-doc-1.1.0i-4.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-4.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-4.24.1 libopenssl1_1-1.1.0i-4.24.1 libopenssl1_1-debuginfo-1.1.0i-4.24.1 libopenssl1_1-hmac-1.1.0i-4.24.1 openssl-1_1-1.1.0i-4.24.1 openssl-1_1-debuginfo-1.1.0i-4.24.1 openssl-1_1-debugsource-1.1.0i-4.24.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libopenssl1_1-32bit-1.1.0i-4.24.1 libopenssl1_1-32bit-debuginfo-1.1.0i-4.24.1 libopenssl1_1-hmac-32bit-1.1.0i-4.24.1 References: https://www.suse.com/security/cve/CVE-2019-1547.html https://www.suse.com/security/cve/CVE-2019-1563.html https://bugzilla.suse.com/1150003 https://bugzilla.suse.com/1150250 From sle-updates at lists.suse.com Fri Sep 20 07:11:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 15:11:44 +0200 (CEST) Subject: SUSE-SU-2019:2414-1: important: Security update for the Linux Kernel Message-ID: <20190920131144.BC95CF7B3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2414-1 Rating: important References: #1047238 #1050911 #1051510 #1054914 #1055117 #1056686 #1060662 #1061840 #1061843 #1064597 #1064701 #1065600 #1065729 #1066369 #1071009 #1071306 #1078248 #1082555 #1085030 #1085536 #1085539 #1086103 #1087092 #1090734 #1091171 #1093205 #1102097 #1104902 #1106061 #1106284 #1106434 #1108382 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113722 #1114279 #1114542 #1118689 #1119086 #1120876 #1120902 #1120937 #1123105 #1123959 #1124370 #1129424 #1129519 #1129664 #1131107 #1131281 #1131565 #1133021 #1134291 #1134881 #1134882 #1135219 #1135642 #1135897 #1136261 #1137811 #1137884 #1138539 #1139020 #1139021 #1139101 #1139500 #1140012 #1140426 #1140487 #1141450 #1141543 #1141554 #1142019 #1142076 #1142109 #1142117 #1142118 #1142119 #1142496 #1142541 #1142635 #1142685 #1142701 #1142857 #1143300 #1143466 #1143765 #1143841 #1143843 #1144123 #1144333 #1144474 #1144518 #1144718 #1144813 #1144880 #1144886 #1144912 #1144920 #1144979 #1145010 #1145051 #1145059 #1145189 #1145235 #1145300 #1145302 #1145388 #1145389 #1145390 #1145391 #1145392 #1145393 #1145394 #1145395 #1145396 #1145397 #1145408 #1145409 #1145661 #1145678 #1145687 #1145920 #1145922 #1145934 #1145937 #1145940 #1145941 #1145942 #1146074 #1146084 #1146163 #1146285 #1146346 #1146351 #1146352 #1146361 #1146376 #1146378 #1146381 #1146391 #1146399 #1146413 #1146425 #1146512 #1146514 #1146516 #1146519 #1146524 #1146526 #1146529 #1146531 #1146543 #1146547 #1146550 #1146575 #1146589 #1146678 #1146938 #1148031 #1148032 #1148033 #1148034 #1148035 #1148093 #1148133 #1148192 #1148196 #1148198 #1148202 #1148303 #1148363 #1148379 #1148394 #1148527 #1148574 #1148616 #1148617 #1148619 #1148859 #1148868 #1149053 #1149083 #1149104 #1149105 #1149106 #1149197 #1149214 #1149224 #1149325 #1149376 #1149413 #1149418 #1149424 #1149522 #1149527 #1149539 #1149552 #1149591 #1149602 #1149612 #1149626 #1149652 #1149713 #1149940 #1149976 #1150025 #1150033 #1150112 #1150562 #1150727 #1150860 #1150861 #1150933 Cross-References: CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that solves 39 vulnerabilities and has 180 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#321840: Reduce memory required to boot capture kernel while using fadump - fate#326869: perf: pmu mem_load/store event support - fate:327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times The following security bugs were fixed: - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: kvm: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: kvm: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoC: dapm: Fix handling of custom_stop_condition on DApm graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcache: kernel oops on reading sysfs cache_mode file (bsc#1144979). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata "Needless activation of MRAF irq" (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133 bsc#1138539). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on smb2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on smb2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change smb2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count smb3 credits for malformed pending responses (bsc#1144333). - cifs: Display smb2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on smbDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip smb2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on smb2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when tracesmb is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for smb2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on smb2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing smb tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for smb2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in smb2_read (bsc#1144333). - cifs: Fix use-after-free in smb2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_cifs_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending smb packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for smb3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send smb2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired smb sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for smb2 async IO (bsc#1144333). - cifs: Reopen file before get smb2 MTU credits for async IO (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Respect smb2 hdr preamble size in read responses (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in smb2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in smb2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add a new smb2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in smb 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add smb2_close_init()/smb2_close_free() (bsc#1144333). - cifs: add smb2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add smb2_query_info_[init|free]() (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling smb2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_OP_RENAME and smb2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change smb2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change smb2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check cifs_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if smb2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in smb2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create a define for how many iovs we need for an smb2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a smb2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for smb2_set_info_init/free() (bsc#1144333). - cifs: create smb2_open_init()/smb2_open_free() helpers (bsc#1144333). - cifs: do not allow creating sockets except with smb1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in smb2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_cifs_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for smb_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_smb2_hidR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for smb1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in smb3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in smb2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in smb2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb1 breakage (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in smb2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to cifsMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on smb1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print cifsMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all smb2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to smb2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from smb2_read (bsc#1144333). - cifs: rename and clarify cifs_ASYNC_OP and cifs_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_cifs_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: smbD: Add rdma mount option (bsc#1144333). - cifs: smbD: Add smb Direct debug counters (bsc#1144333). - cifs: smbD: Add smb Direct protocol initial values and constants (bsc#1144333). - cifs: smbD: Disable signing on smb direct transport (bsc#1144333). - cifs: smbD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: smbD: Establish smb Direct connection (bsc#1144333). - cifs: smbD: Fix the definition for smb2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: smbD: Implement RDMA memory registration (bsc#1144333). - cifs: smbD: Implement function to create a smb Direct connection (bsc#1144333). - cifs: smbD: Implement function to destroy a smb Direct connection (bsc#1144333). - cifs: smbD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: smbD: Implement function to reconnect to a smb Direct transport (bsc#1144333). - cifs: smbD: Implement function to send data via RDMA send (bsc#1144333). - cifs: smbD: Read correct returned data length for RDMA write (smb read) I/O (bsc#1144333). - cifs: smbD: Set smb Direct maximum read or write size for I/O (bsc#1144333). - cifs: smbD: Support page offset in RDMA recv (bsc#1144333). - cifs: smbD: Support page offset in RDMA send (bsc#1144333). - cifs: smbD: Support page offset in memory registration (bsc#1144333). - cifs: smbD: Upper layer connects to smbDirect session (bsc#1144333). - cifs: smbD: Upper layer destroys smb Direct session on shutdown or umount (bsc#1144333). - cifs: smbD: Upper layer performs smb read via RDMA write through memory registration (bsc#1144333). - cifs: smbD: Upper layer performs smb write via RDMA read through memory registration (bsc#1144333). - cifs: smbD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: smbD: Upper layer reconnects to smb Direct session (bsc#1144333). - cifs: smbD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: smbD: _smbd_get_connection() can be static (bsc#1144333). - cifs: smbD: export protocol initial values (bsc#1144333). - cifs: smbD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: smbD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump smb packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on smb2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of smb2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in smb2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 smbus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Handle SG length overflow better (bsc#1146084). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: fix invalid stored role for a disk (bsc#1143765). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/acpi: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - power: xive support (bsc#1085030, bsc#1144518, LTC#178833). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during Lpm (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue pm status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved smb3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add smb3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add support for multidialect negotiate (smb2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Allow smb3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of smb3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Fix smb3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for smb3 not just cifs (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each smb3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new smb311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_cifs_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for smb3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_cifs_smb311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: address lock imbalance warnings in smbdirect.c (bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix Tpm 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for Lpm enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-2414=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.35.1 kernel-default-debugsource-4.12.14-150.35.1 kernel-default-livepatch-4.12.14-150.35.1 kernel-livepatch-4_12_14-150_35-default-1-1.3.1 kernel-livepatch-4_12_14-150_35-default-debuginfo-1-1.3.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2018-20976.html https://www.suse.com/security/cve/CVE-2018-21008.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-15030.html https://www.suse.com/security/cve/CVE-2019-15031.html https://www.suse.com/security/cve/CVE-2019-15090.html https://www.suse.com/security/cve/CVE-2019-15098.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-15211.html https://www.suse.com/security/cve/CVE-2019-15212.html https://www.suse.com/security/cve/CVE-2019-15214.html https://www.suse.com/security/cve/CVE-2019-15215.html https://www.suse.com/security/cve/CVE-2019-15216.html https://www.suse.com/security/cve/CVE-2019-15217.html https://www.suse.com/security/cve/CVE-2019-15218.html https://www.suse.com/security/cve/CVE-2019-15219.html https://www.suse.com/security/cve/CVE-2019-15220.html https://www.suse.com/security/cve/CVE-2019-15221.html https://www.suse.com/security/cve/CVE-2019-15222.html https://www.suse.com/security/cve/CVE-2019-15239.html https://www.suse.com/security/cve/CVE-2019-15290.html https://www.suse.com/security/cve/CVE-2019-15292.html https://www.suse.com/security/cve/CVE-2019-15538.html https://www.suse.com/security/cve/CVE-2019-15666.html https://www.suse.com/security/cve/CVE-2019-15902.html https://www.suse.com/security/cve/CVE-2019-15917.html https://www.suse.com/security/cve/CVE-2019-15919.html https://www.suse.com/security/cve/CVE-2019-15920.html https://www.suse.com/security/cve/CVE-2019-15921.html https://www.suse.com/security/cve/CVE-2019-15924.html https://www.suse.com/security/cve/CVE-2019-15926.html https://www.suse.com/security/cve/CVE-2019-15927.html https://www.suse.com/security/cve/CVE-2019-9456.html https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1050911 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1060662 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1061843 https://bugzilla.suse.com/1064597 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066369 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086103 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1118689 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120876 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120937 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1123959 https://bugzilla.suse.com/1124370 https://bugzilla.suse.com/1129424 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131281 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134291 https://bugzilla.suse.com/1134881 https://bugzilla.suse.com/1134882 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136261 https://bugzilla.suse.com/1137811 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1138539 https://bugzilla.suse.com/1139020 https://bugzilla.suse.com/1139021 https://bugzilla.suse.com/1139101 https://bugzilla.suse.com/1139500 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140426 https://bugzilla.suse.com/1140487 https://bugzilla.suse.com/1141450 https://bugzilla.suse.com/1141543 https://bugzilla.suse.com/1141554 https://bugzilla.suse.com/1142019 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142109 https://bugzilla.suse.com/1142117 https://bugzilla.suse.com/1142118 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142496 https://bugzilla.suse.com/1142541 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1143300 https://bugzilla.suse.com/1143466 https://bugzilla.suse.com/1143765 https://bugzilla.suse.com/1143841 https://bugzilla.suse.com/1143843 https://bugzilla.suse.com/1144123 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1144474 https://bugzilla.suse.com/1144518 https://bugzilla.suse.com/1144718 https://bugzilla.suse.com/1144813 https://bugzilla.suse.com/1144880 https://bugzilla.suse.com/1144886 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1144979 https://bugzilla.suse.com/1145010 https://bugzilla.suse.com/1145051 https://bugzilla.suse.com/1145059 https://bugzilla.suse.com/1145189 https://bugzilla.suse.com/1145235 https://bugzilla.suse.com/1145300 https://bugzilla.suse.com/1145302 https://bugzilla.suse.com/1145388 https://bugzilla.suse.com/1145389 https://bugzilla.suse.com/1145390 https://bugzilla.suse.com/1145391 https://bugzilla.suse.com/1145392 https://bugzilla.suse.com/1145393 https://bugzilla.suse.com/1145394 https://bugzilla.suse.com/1145395 https://bugzilla.suse.com/1145396 https://bugzilla.suse.com/1145397 https://bugzilla.suse.com/1145408 https://bugzilla.suse.com/1145409 https://bugzilla.suse.com/1145661 https://bugzilla.suse.com/1145678 https://bugzilla.suse.com/1145687 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1145934 https://bugzilla.suse.com/1145937 https://bugzilla.suse.com/1145940 https://bugzilla.suse.com/1145941 https://bugzilla.suse.com/1145942 https://bugzilla.suse.com/1146074 https://bugzilla.suse.com/1146084 https://bugzilla.suse.com/1146163 https://bugzilla.suse.com/1146285 https://bugzilla.suse.com/1146346 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1146352 https://bugzilla.suse.com/1146361 https://bugzilla.suse.com/1146376 https://bugzilla.suse.com/1146378 https://bugzilla.suse.com/1146381 https://bugzilla.suse.com/1146391 https://bugzilla.suse.com/1146399 https://bugzilla.suse.com/1146413 https://bugzilla.suse.com/1146425 https://bugzilla.suse.com/1146512 https://bugzilla.suse.com/1146514 https://bugzilla.suse.com/1146516 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146524 https://bugzilla.suse.com/1146526 https://bugzilla.suse.com/1146529 https://bugzilla.suse.com/1146531 https://bugzilla.suse.com/1146543 https://bugzilla.suse.com/1146547 https://bugzilla.suse.com/1146550 https://bugzilla.suse.com/1146575 https://bugzilla.suse.com/1146589 https://bugzilla.suse.com/1146678 https://bugzilla.suse.com/1146938 https://bugzilla.suse.com/1148031 https://bugzilla.suse.com/1148032 https://bugzilla.suse.com/1148033 https://bugzilla.suse.com/1148034 https://bugzilla.suse.com/1148035 https://bugzilla.suse.com/1148093 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148192 https://bugzilla.suse.com/1148196 https://bugzilla.suse.com/1148198 https://bugzilla.suse.com/1148202 https://bugzilla.suse.com/1148303 https://bugzilla.suse.com/1148363 https://bugzilla.suse.com/1148379 https://bugzilla.suse.com/1148394 https://bugzilla.suse.com/1148527 https://bugzilla.suse.com/1148574 https://bugzilla.suse.com/1148616 https://bugzilla.suse.com/1148617 https://bugzilla.suse.com/1148619 https://bugzilla.suse.com/1148859 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149053 https://bugzilla.suse.com/1149083 https://bugzilla.suse.com/1149104 https://bugzilla.suse.com/1149105 https://bugzilla.suse.com/1149106 https://bugzilla.suse.com/1149197 https://bugzilla.suse.com/1149214 https://bugzilla.suse.com/1149224 https://bugzilla.suse.com/1149325 https://bugzilla.suse.com/1149376 https://bugzilla.suse.com/1149413 https://bugzilla.suse.com/1149418 https://bugzilla.suse.com/1149424 https://bugzilla.suse.com/1149522 https://bugzilla.suse.com/1149527 https://bugzilla.suse.com/1149539 https://bugzilla.suse.com/1149552 https://bugzilla.suse.com/1149591 https://bugzilla.suse.com/1149602 https://bugzilla.suse.com/1149612 https://bugzilla.suse.com/1149626 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1149713 https://bugzilla.suse.com/1149940 https://bugzilla.suse.com/1149976 https://bugzilla.suse.com/1150025 https://bugzilla.suse.com/1150033 https://bugzilla.suse.com/1150112 https://bugzilla.suse.com/1150562 https://bugzilla.suse.com/1150727 https://bugzilla.suse.com/1150860 https://bugzilla.suse.com/1150861 https://bugzilla.suse.com/1150933 From sle-updates at lists.suse.com Fri Sep 20 07:38:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 15:38:13 +0200 (CEST) Subject: SUSE-SU-2019:2412-1: important: Security update for the Linux Kernel Message-ID: <20190920133813.3C36CF7C7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2412-1 Rating: important References: #1047238 #1050911 #1051510 #1054914 #1055117 #1056686 #1060662 #1061840 #1061843 #1064597 #1064701 #1065600 #1065729 #1066369 #1071009 #1071306 #1078248 #1082555 #1085030 #1085536 #1085539 #1086103 #1087092 #1090734 #1091171 #1093205 #1102097 #1104902 #1106061 #1106284 #1106434 #1108382 #1112178 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113722 #1114279 #1114542 #1118689 #1119086 #1120876 #1120902 #1120937 #1123105 #1123959 #1124370 #1129424 #1129519 #1129664 #1131107 #1131281 #1131565 #1133021 #1134291 #1134881 #1134882 #1135219 #1135642 #1135897 #1136261 #1137069 #1137884 #1138539 #1139020 #1139021 #1139101 #1139500 #1140012 #1140426 #1140487 #1141013 #1141450 #1141543 #1141554 #1142019 #1142076 #1142109 #1142117 #1142118 #1142119 #1142496 #1142541 #1142635 #1142685 #1142701 #1142857 #1143300 #1143466 #1143765 #1143841 #1143843 #1144123 #1144333 #1144474 #1144518 #1144718 #1144813 #1144880 #1144886 #1144912 #1144920 #1144979 #1145010 #1145024 #1145051 #1145059 #1145189 #1145235 #1145300 #1145302 #1145388 #1145389 #1145390 #1145391 #1145392 #1145393 #1145394 #1145395 #1145396 #1145397 #1145408 #1145409 #1145661 #1145678 #1145687 #1145920 #1145922 #1145934 #1145937 #1145940 #1145941 #1145942 #1146074 #1146084 #1146163 #1146285 #1146346 #1146351 #1146352 #1146361 #1146368 #1146376 #1146378 #1146381 #1146391 #1146399 #1146413 #1146425 #1146516 #1146519 #1146524 #1146526 #1146529 #1146531 #1146543 #1146547 #1146550 #1146575 #1146589 #1146678 #1146938 #1148031 #1148032 #1148033 #1148034 #1148035 #1148093 #1148133 #1148192 #1148196 #1148198 #1148202 #1148303 #1148363 #1148379 #1148394 #1148527 #1148574 #1148616 #1148617 #1148619 #1148698 #1148859 #1148868 #1149053 #1149083 #1149104 #1149105 #1149106 #1149197 #1149214 #1149224 #1149325 #1149376 #1149413 #1149418 #1149424 #1149522 #1149527 #1149539 #1149552 #1149591 #1149602 #1149612 #1149626 #1149652 #1149713 #1149940 #1149959 #1149963 #1149976 #1150025 #1150033 #1150112 #1150562 #1150727 #1150860 #1150861 #1150933 Cross-References: CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 40 vulnerabilities and has 184 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#322438: Integrate P9 XIVE support (on PowerVM only) - fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only) - fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only) - fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump - fate#326869: perf: pmu mem_load/store event support The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368) - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi/iort: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - add some missing definitions (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoc: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoc: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: revert "validate BLE connection interval updates" (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata "Needless activation of MRAF irq" (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cfg80211: revert "fix processing world regdomain when non modular" (bsc#1051510). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: bufio: revert: "fix deadlock with loop device" (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - ecryptfs: fix a couple type promotion bugs (bsc#1051510). - edac, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - edac/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - fs/*/kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version &< 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kabi: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: ethtool: revert "add extra properties retrieval via get_priv_flags" (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - pm / opp: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rename patches according to their names in SLE15-SP1. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: ncr5380: revert "Increase register polling limit" (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: ufs: revert "disable vccq if it's not needed by UFS device" (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2412=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2412=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2412=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2412=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2412=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.32.1 kernel-default-debugsource-4.12.14-95.32.1 kernel-default-extra-4.12.14-95.32.1 kernel-default-extra-debuginfo-4.12.14-95.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.32.1 kernel-obs-build-debugsource-4.12.14-95.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.32.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.32.1 kernel-default-base-4.12.14-95.32.1 kernel-default-base-debuginfo-4.12.14-95.32.1 kernel-default-debuginfo-4.12.14-95.32.1 kernel-default-debugsource-4.12.14-95.32.1 kernel-default-devel-4.12.14-95.32.1 kernel-syms-4.12.14-95.32.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.32.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.32.1 kernel-macros-4.12.14-95.32.1 kernel-source-4.12.14-95.32.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.32.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.32.1 cluster-md-kmp-default-debuginfo-4.12.14-95.32.1 dlm-kmp-default-4.12.14-95.32.1 dlm-kmp-default-debuginfo-4.12.14-95.32.1 gfs2-kmp-default-4.12.14-95.32.1 gfs2-kmp-default-debuginfo-4.12.14-95.32.1 kernel-default-debuginfo-4.12.14-95.32.1 kernel-default-debugsource-4.12.14-95.32.1 ocfs2-kmp-default-4.12.14-95.32.1 ocfs2-kmp-default-debuginfo-4.12.14-95.32.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.32.1 kernel-macros-4.12.14-95.32.1 kernel-source-4.12.14-95.32.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.32.1 kernel-default-debuginfo-4.12.14-95.32.1 kernel-default-debugsource-4.12.14-95.32.1 kernel-default-devel-4.12.14-95.32.1 kernel-default-devel-debuginfo-4.12.14-95.32.1 kernel-default-extra-4.12.14-95.32.1 kernel-default-extra-debuginfo-4.12.14-95.32.1 kernel-syms-4.12.14-95.32.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2018-20976.html https://www.suse.com/security/cve/CVE-2018-21008.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-15030.html https://www.suse.com/security/cve/CVE-2019-15031.html https://www.suse.com/security/cve/CVE-2019-15090.html https://www.suse.com/security/cve/CVE-2019-15098.html https://www.suse.com/security/cve/CVE-2019-15099.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-15211.html https://www.suse.com/security/cve/CVE-2019-15212.html https://www.suse.com/security/cve/CVE-2019-15214.html https://www.suse.com/security/cve/CVE-2019-15215.html https://www.suse.com/security/cve/CVE-2019-15216.html https://www.suse.com/security/cve/CVE-2019-15217.html https://www.suse.com/security/cve/CVE-2019-15218.html https://www.suse.com/security/cve/CVE-2019-15219.html https://www.suse.com/security/cve/CVE-2019-15220.html https://www.suse.com/security/cve/CVE-2019-15221.html https://www.suse.com/security/cve/CVE-2019-15222.html https://www.suse.com/security/cve/CVE-2019-15239.html https://www.suse.com/security/cve/CVE-2019-15290.html https://www.suse.com/security/cve/CVE-2019-15292.html https://www.suse.com/security/cve/CVE-2019-15538.html https://www.suse.com/security/cve/CVE-2019-15666.html https://www.suse.com/security/cve/CVE-2019-15902.html https://www.suse.com/security/cve/CVE-2019-15917.html https://www.suse.com/security/cve/CVE-2019-15919.html https://www.suse.com/security/cve/CVE-2019-15920.html https://www.suse.com/security/cve/CVE-2019-15921.html https://www.suse.com/security/cve/CVE-2019-15924.html https://www.suse.com/security/cve/CVE-2019-15926.html https://www.suse.com/security/cve/CVE-2019-15927.html https://www.suse.com/security/cve/CVE-2019-9456.html https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1050911 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1060662 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1061843 https://bugzilla.suse.com/1064597 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066369 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086103 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1118689 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120876 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120937 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1123959 https://bugzilla.suse.com/1124370 https://bugzilla.suse.com/1129424 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131281 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134291 https://bugzilla.suse.com/1134881 https://bugzilla.suse.com/1134882 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136261 https://bugzilla.suse.com/1137069 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1138539 https://bugzilla.suse.com/1139020 https://bugzilla.suse.com/1139021 https://bugzilla.suse.com/1139101 https://bugzilla.suse.com/1139500 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140426 https://bugzilla.suse.com/1140487 https://bugzilla.suse.com/1141013 https://bugzilla.suse.com/1141450 https://bugzilla.suse.com/1141543 https://bugzilla.suse.com/1141554 https://bugzilla.suse.com/1142019 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142109 https://bugzilla.suse.com/1142117 https://bugzilla.suse.com/1142118 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142496 https://bugzilla.suse.com/1142541 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1143300 https://bugzilla.suse.com/1143466 https://bugzilla.suse.com/1143765 https://bugzilla.suse.com/1143841 https://bugzilla.suse.com/1143843 https://bugzilla.suse.com/1144123 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1144474 https://bugzilla.suse.com/1144518 https://bugzilla.suse.com/1144718 https://bugzilla.suse.com/1144813 https://bugzilla.suse.com/1144880 https://bugzilla.suse.com/1144886 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1144979 https://bugzilla.suse.com/1145010 https://bugzilla.suse.com/1145024 https://bugzilla.suse.com/1145051 https://bugzilla.suse.com/1145059 https://bugzilla.suse.com/1145189 https://bugzilla.suse.com/1145235 https://bugzilla.suse.com/1145300 https://bugzilla.suse.com/1145302 https://bugzilla.suse.com/1145388 https://bugzilla.suse.com/1145389 https://bugzilla.suse.com/1145390 https://bugzilla.suse.com/1145391 https://bugzilla.suse.com/1145392 https://bugzilla.suse.com/1145393 https://bugzilla.suse.com/1145394 https://bugzilla.suse.com/1145395 https://bugzilla.suse.com/1145396 https://bugzilla.suse.com/1145397 https://bugzilla.suse.com/1145408 https://bugzilla.suse.com/1145409 https://bugzilla.suse.com/1145661 https://bugzilla.suse.com/1145678 https://bugzilla.suse.com/1145687 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1145934 https://bugzilla.suse.com/1145937 https://bugzilla.suse.com/1145940 https://bugzilla.suse.com/1145941 https://bugzilla.suse.com/1145942 https://bugzilla.suse.com/1146074 https://bugzilla.suse.com/1146084 https://bugzilla.suse.com/1146163 https://bugzilla.suse.com/1146285 https://bugzilla.suse.com/1146346 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1146352 https://bugzilla.suse.com/1146361 https://bugzilla.suse.com/1146368 https://bugzilla.suse.com/1146376 https://bugzilla.suse.com/1146378 https://bugzilla.suse.com/1146381 https://bugzilla.suse.com/1146391 https://bugzilla.suse.com/1146399 https://bugzilla.suse.com/1146413 https://bugzilla.suse.com/1146425 https://bugzilla.suse.com/1146516 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146524 https://bugzilla.suse.com/1146526 https://bugzilla.suse.com/1146529 https://bugzilla.suse.com/1146531 https://bugzilla.suse.com/1146543 https://bugzilla.suse.com/1146547 https://bugzilla.suse.com/1146550 https://bugzilla.suse.com/1146575 https://bugzilla.suse.com/1146589 https://bugzilla.suse.com/1146678 https://bugzilla.suse.com/1146938 https://bugzilla.suse.com/1148031 https://bugzilla.suse.com/1148032 https://bugzilla.suse.com/1148033 https://bugzilla.suse.com/1148034 https://bugzilla.suse.com/1148035 https://bugzilla.suse.com/1148093 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148192 https://bugzilla.suse.com/1148196 https://bugzilla.suse.com/1148198 https://bugzilla.suse.com/1148202 https://bugzilla.suse.com/1148303 https://bugzilla.suse.com/1148363 https://bugzilla.suse.com/1148379 https://bugzilla.suse.com/1148394 https://bugzilla.suse.com/1148527 https://bugzilla.suse.com/1148574 https://bugzilla.suse.com/1148616 https://bugzilla.suse.com/1148617 https://bugzilla.suse.com/1148619 https://bugzilla.suse.com/1148698 https://bugzilla.suse.com/1148859 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149053 https://bugzilla.suse.com/1149083 https://bugzilla.suse.com/1149104 https://bugzilla.suse.com/1149105 https://bugzilla.suse.com/1149106 https://bugzilla.suse.com/1149197 https://bugzilla.suse.com/1149214 https://bugzilla.suse.com/1149224 https://bugzilla.suse.com/1149325 https://bugzilla.suse.com/1149376 https://bugzilla.suse.com/1149413 https://bugzilla.suse.com/1149418 https://bugzilla.suse.com/1149424 https://bugzilla.suse.com/1149522 https://bugzilla.suse.com/1149527 https://bugzilla.suse.com/1149539 https://bugzilla.suse.com/1149552 https://bugzilla.suse.com/1149591 https://bugzilla.suse.com/1149602 https://bugzilla.suse.com/1149612 https://bugzilla.suse.com/1149626 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1149713 https://bugzilla.suse.com/1149940 https://bugzilla.suse.com/1149959 https://bugzilla.suse.com/1149963 https://bugzilla.suse.com/1149976 https://bugzilla.suse.com/1150025 https://bugzilla.suse.com/1150033 https://bugzilla.suse.com/1150112 https://bugzilla.suse.com/1150562 https://bugzilla.suse.com/1150727 https://bugzilla.suse.com/1150860 https://bugzilla.suse.com/1150861 https://bugzilla.suse.com/1150933 From sle-updates at lists.suse.com Fri Sep 20 08:05:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 16:05:27 +0200 (CEST) Subject: SUSE-SU-2019:2412-1: important: Security update for the Linux Kernel Message-ID: <20190920140527.8E61CF7C7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2412-1 Rating: important References: #1047238 #1050911 #1051510 #1054914 #1055117 #1056686 #1060662 #1061840 #1061843 #1064597 #1064701 #1065600 #1065729 #1066369 #1071009 #1071306 #1078248 #1082555 #1085030 #1085536 #1085539 #1086103 #1087092 #1090734 #1091171 #1093205 #1102097 #1104902 #1106061 #1106284 #1106434 #1108382 #1112178 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113722 #1114279 #1114542 #1118689 #1119086 #1120876 #1120902 #1120937 #1123105 #1123959 #1124370 #1129424 #1129519 #1129664 #1131107 #1131281 #1131565 #1133021 #1134291 #1134881 #1134882 #1135219 #1135642 #1135897 #1136261 #1137069 #1137884 #1138539 #1139020 #1139021 #1139101 #1139500 #1140012 #1140426 #1140487 #1141013 #1141450 #1141543 #1141554 #1142019 #1142076 #1142109 #1142117 #1142118 #1142119 #1142496 #1142541 #1142635 #1142685 #1142701 #1142857 #1143300 #1143466 #1143765 #1143841 #1143843 #1144123 #1144333 #1144474 #1144518 #1144718 #1144813 #1144880 #1144886 #1144912 #1144920 #1144979 #1145010 #1145024 #1145051 #1145059 #1145189 #1145235 #1145300 #1145302 #1145388 #1145389 #1145390 #1145391 #1145392 #1145393 #1145394 #1145395 #1145396 #1145397 #1145408 #1145409 #1145661 #1145678 #1145687 #1145920 #1145922 #1145934 #1145937 #1145940 #1145941 #1145942 #1146074 #1146084 #1146163 #1146285 #1146346 #1146351 #1146352 #1146361 #1146368 #1146376 #1146378 #1146381 #1146391 #1146399 #1146413 #1146425 #1146516 #1146519 #1146524 #1146526 #1146529 #1146531 #1146543 #1146547 #1146550 #1146575 #1146589 #1146678 #1146938 #1148031 #1148032 #1148033 #1148034 #1148035 #1148093 #1148133 #1148192 #1148196 #1148198 #1148202 #1148303 #1148363 #1148379 #1148394 #1148527 #1148574 #1148616 #1148617 #1148619 #1148698 #1148859 #1148868 #1149053 #1149083 #1149104 #1149105 #1149106 #1149197 #1149214 #1149224 #1149325 #1149376 #1149413 #1149418 #1149424 #1149522 #1149527 #1149539 #1149552 #1149591 #1149602 #1149612 #1149626 #1149652 #1149713 #1149940 #1149959 #1149963 #1149976 #1150025 #1150033 #1150112 #1150562 #1150727 #1150860 #1150861 #1150933 Cross-References: CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves 40 vulnerabilities and has 184 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#322438: Integrate P9 XIVE support (on PowerVM only) - fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only) - fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only) - fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump - fate#326869: perf: pmu mem_load/store event support The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368) - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi/iort: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - add some missing definitions (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoc: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoc: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: revert "validate BLE connection interval updates" (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata "Needless activation of MRAF irq" (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cfg80211: revert "fix processing world regdomain when non modular" (bsc#1051510). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: bufio: revert: "fix deadlock with loop device" (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - ecryptfs: fix a couple type promotion bugs (bsc#1051510). - edac, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - edac/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - fs/*/kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version &< 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kabi: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: ethtool: revert "add extra properties retrieval via get_priv_flags" (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - pm / opp: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rename patches according to their names in SLE15-SP1. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: ncr5380: revert "Increase register polling limit" (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: ufs: revert "disable vccq if it's not needed by UFS device" (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2412=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2412=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2412=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-2412=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2412=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2412=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): kernel-default-debuginfo-4.12.14-95.32.1 kernel-default-debugsource-4.12.14-95.32.1 kernel-default-extra-4.12.14-95.32.1 kernel-default-extra-debuginfo-4.12.14-95.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-95.32.1 kernel-obs-build-debugsource-4.12.14-95.32.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (noarch): kernel-docs-4.12.14-95.32.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.32.1 kernel-default-base-4.12.14-95.32.1 kernel-default-base-debuginfo-4.12.14-95.32.1 kernel-default-debuginfo-4.12.14-95.32.1 kernel-default-debugsource-4.12.14-95.32.1 kernel-default-devel-4.12.14-95.32.1 kernel-syms-4.12.14-95.32.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kernel-devel-4.12.14-95.32.1 kernel-macros-4.12.14-95.32.1 kernel-source-4.12.14-95.32.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.32.1 - SUSE Linux Enterprise Server 12-SP4 (s390x): kernel-default-man-4.12.14-95.32.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_32-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.32.1 cluster-md-kmp-default-debuginfo-4.12.14-95.32.1 dlm-kmp-default-4.12.14-95.32.1 dlm-kmp-default-debuginfo-4.12.14-95.32.1 gfs2-kmp-default-4.12.14-95.32.1 gfs2-kmp-default-debuginfo-4.12.14-95.32.1 kernel-default-debuginfo-4.12.14-95.32.1 kernel-default-debugsource-4.12.14-95.32.1 ocfs2-kmp-default-4.12.14-95.32.1 ocfs2-kmp-default-debuginfo-4.12.14-95.32.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): kernel-devel-4.12.14-95.32.1 kernel-macros-4.12.14-95.32.1 kernel-source-4.12.14-95.32.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): kernel-default-4.12.14-95.32.1 kernel-default-debuginfo-4.12.14-95.32.1 kernel-default-debugsource-4.12.14-95.32.1 kernel-default-devel-4.12.14-95.32.1 kernel-default-devel-debuginfo-4.12.14-95.32.1 kernel-default-extra-4.12.14-95.32.1 kernel-default-extra-debuginfo-4.12.14-95.32.1 kernel-syms-4.12.14-95.32.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2018-20976.html https://www.suse.com/security/cve/CVE-2018-21008.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-15030.html https://www.suse.com/security/cve/CVE-2019-15031.html https://www.suse.com/security/cve/CVE-2019-15090.html https://www.suse.com/security/cve/CVE-2019-15098.html https://www.suse.com/security/cve/CVE-2019-15099.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-15211.html https://www.suse.com/security/cve/CVE-2019-15212.html https://www.suse.com/security/cve/CVE-2019-15214.html https://www.suse.com/security/cve/CVE-2019-15215.html https://www.suse.com/security/cve/CVE-2019-15216.html https://www.suse.com/security/cve/CVE-2019-15217.html https://www.suse.com/security/cve/CVE-2019-15218.html https://www.suse.com/security/cve/CVE-2019-15219.html https://www.suse.com/security/cve/CVE-2019-15220.html https://www.suse.com/security/cve/CVE-2019-15221.html https://www.suse.com/security/cve/CVE-2019-15222.html https://www.suse.com/security/cve/CVE-2019-15239.html https://www.suse.com/security/cve/CVE-2019-15290.html https://www.suse.com/security/cve/CVE-2019-15292.html https://www.suse.com/security/cve/CVE-2019-15538.html https://www.suse.com/security/cve/CVE-2019-15666.html https://www.suse.com/security/cve/CVE-2019-15902.html https://www.suse.com/security/cve/CVE-2019-15917.html https://www.suse.com/security/cve/CVE-2019-15919.html https://www.suse.com/security/cve/CVE-2019-15920.html https://www.suse.com/security/cve/CVE-2019-15921.html https://www.suse.com/security/cve/CVE-2019-15924.html https://www.suse.com/security/cve/CVE-2019-15926.html https://www.suse.com/security/cve/CVE-2019-15927.html https://www.suse.com/security/cve/CVE-2019-9456.html https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1050911 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1060662 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1061843 https://bugzilla.suse.com/1064597 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066369 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086103 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1118689 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120876 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120937 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1123959 https://bugzilla.suse.com/1124370 https://bugzilla.suse.com/1129424 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131281 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134291 https://bugzilla.suse.com/1134881 https://bugzilla.suse.com/1134882 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136261 https://bugzilla.suse.com/1137069 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1138539 https://bugzilla.suse.com/1139020 https://bugzilla.suse.com/1139021 https://bugzilla.suse.com/1139101 https://bugzilla.suse.com/1139500 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140426 https://bugzilla.suse.com/1140487 https://bugzilla.suse.com/1141013 https://bugzilla.suse.com/1141450 https://bugzilla.suse.com/1141543 https://bugzilla.suse.com/1141554 https://bugzilla.suse.com/1142019 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142109 https://bugzilla.suse.com/1142117 https://bugzilla.suse.com/1142118 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142496 https://bugzilla.suse.com/1142541 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1143300 https://bugzilla.suse.com/1143466 https://bugzilla.suse.com/1143765 https://bugzilla.suse.com/1143841 https://bugzilla.suse.com/1143843 https://bugzilla.suse.com/1144123 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1144474 https://bugzilla.suse.com/1144518 https://bugzilla.suse.com/1144718 https://bugzilla.suse.com/1144813 https://bugzilla.suse.com/1144880 https://bugzilla.suse.com/1144886 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1144979 https://bugzilla.suse.com/1145010 https://bugzilla.suse.com/1145024 https://bugzilla.suse.com/1145051 https://bugzilla.suse.com/1145059 https://bugzilla.suse.com/1145189 https://bugzilla.suse.com/1145235 https://bugzilla.suse.com/1145300 https://bugzilla.suse.com/1145302 https://bugzilla.suse.com/1145388 https://bugzilla.suse.com/1145389 https://bugzilla.suse.com/1145390 https://bugzilla.suse.com/1145391 https://bugzilla.suse.com/1145392 https://bugzilla.suse.com/1145393 https://bugzilla.suse.com/1145394 https://bugzilla.suse.com/1145395 https://bugzilla.suse.com/1145396 https://bugzilla.suse.com/1145397 https://bugzilla.suse.com/1145408 https://bugzilla.suse.com/1145409 https://bugzilla.suse.com/1145661 https://bugzilla.suse.com/1145678 https://bugzilla.suse.com/1145687 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1145934 https://bugzilla.suse.com/1145937 https://bugzilla.suse.com/1145940 https://bugzilla.suse.com/1145941 https://bugzilla.suse.com/1145942 https://bugzilla.suse.com/1146074 https://bugzilla.suse.com/1146084 https://bugzilla.suse.com/1146163 https://bugzilla.suse.com/1146285 https://bugzilla.suse.com/1146346 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1146352 https://bugzilla.suse.com/1146361 https://bugzilla.suse.com/1146368 https://bugzilla.suse.com/1146376 https://bugzilla.suse.com/1146378 https://bugzilla.suse.com/1146381 https://bugzilla.suse.com/1146391 https://bugzilla.suse.com/1146399 https://bugzilla.suse.com/1146413 https://bugzilla.suse.com/1146425 https://bugzilla.suse.com/1146516 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146524 https://bugzilla.suse.com/1146526 https://bugzilla.suse.com/1146529 https://bugzilla.suse.com/1146531 https://bugzilla.suse.com/1146543 https://bugzilla.suse.com/1146547 https://bugzilla.suse.com/1146550 https://bugzilla.suse.com/1146575 https://bugzilla.suse.com/1146589 https://bugzilla.suse.com/1146678 https://bugzilla.suse.com/1146938 https://bugzilla.suse.com/1148031 https://bugzilla.suse.com/1148032 https://bugzilla.suse.com/1148033 https://bugzilla.suse.com/1148034 https://bugzilla.suse.com/1148035 https://bugzilla.suse.com/1148093 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148192 https://bugzilla.suse.com/1148196 https://bugzilla.suse.com/1148198 https://bugzilla.suse.com/1148202 https://bugzilla.suse.com/1148303 https://bugzilla.suse.com/1148363 https://bugzilla.suse.com/1148379 https://bugzilla.suse.com/1148394 https://bugzilla.suse.com/1148527 https://bugzilla.suse.com/1148574 https://bugzilla.suse.com/1148616 https://bugzilla.suse.com/1148617 https://bugzilla.suse.com/1148619 https://bugzilla.suse.com/1148698 https://bugzilla.suse.com/1148859 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149053 https://bugzilla.suse.com/1149083 https://bugzilla.suse.com/1149104 https://bugzilla.suse.com/1149105 https://bugzilla.suse.com/1149106 https://bugzilla.suse.com/1149197 https://bugzilla.suse.com/1149214 https://bugzilla.suse.com/1149224 https://bugzilla.suse.com/1149325 https://bugzilla.suse.com/1149376 https://bugzilla.suse.com/1149413 https://bugzilla.suse.com/1149418 https://bugzilla.suse.com/1149424 https://bugzilla.suse.com/1149522 https://bugzilla.suse.com/1149527 https://bugzilla.suse.com/1149539 https://bugzilla.suse.com/1149552 https://bugzilla.suse.com/1149591 https://bugzilla.suse.com/1149602 https://bugzilla.suse.com/1149612 https://bugzilla.suse.com/1149626 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1149713 https://bugzilla.suse.com/1149940 https://bugzilla.suse.com/1149959 https://bugzilla.suse.com/1149963 https://bugzilla.suse.com/1149976 https://bugzilla.suse.com/1150025 https://bugzilla.suse.com/1150033 https://bugzilla.suse.com/1150112 https://bugzilla.suse.com/1150562 https://bugzilla.suse.com/1150727 https://bugzilla.suse.com/1150860 https://bugzilla.suse.com/1150861 https://bugzilla.suse.com/1150933 From sle-updates at lists.suse.com Fri Sep 20 08:38:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 16:38:37 +0200 (CEST) Subject: SUSE-RU-2019:2417-1: moderate: Recommended update for yast2-auth-client Message-ID: <20190920143837.A1C1AFCA6@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-auth-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2417-1 Rating: moderate References: #1136139 #1137380 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-auth-client provides the following fixes: - Fix issue importing legacy XML based autoyast configuration. (bsc#1137380) - Require network to be configured before importing autoyast configuration. (bsc#1136139) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2417=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-auth-client-4.1.2-3.3.1 References: https://bugzilla.suse.com/1136139 https://bugzilla.suse.com/1137380 From sle-updates at lists.suse.com Fri Sep 20 08:39:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 16:39:56 +0200 (CEST) Subject: SUSE-RU-2019:2415-1: moderate: Recommended update for SAPHanaSR Message-ID: <20190920143956.F01D5FCA6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2415-1 Rating: moderate References: #1082974 #1101373 #1133024 #1133866 #1134106 #1139715 #1149829 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Fixes a bug where an attribute was not correctly set for remoteNode (bsc#1082974) - Does no longer set attributes to prevent unlogged failovers because of empty or unknown attributes (bsc#1134106, bsc#1133024, bsc#1101373) - Will now return $OCF_RUNNING_MASTER (8) instead of $OCF_SUCCESS (0) when probing a promoted node (bsc#1133866) - Using crm-attributes written by a SAP HANA SR provider hook does improve the data integrity in special error conditions with multiple errors coming in a short time frame (bsc#1139715) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2019-2415=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2415=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): SAPHanaSR-0.153.2-3.8.2 SAPHanaSR-doc-0.153.2-3.8.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): SAPHanaSR-0.153.2-3.8.2 SAPHanaSR-doc-0.153.2-3.8.2 References: https://bugzilla.suse.com/1082974 https://bugzilla.suse.com/1101373 https://bugzilla.suse.com/1133024 https://bugzilla.suse.com/1133866 https://bugzilla.suse.com/1134106 https://bugzilla.suse.com/1139715 https://bugzilla.suse.com/1149829 From sle-updates at lists.suse.com Fri Sep 20 08:41:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 16:41:35 +0200 (CEST) Subject: SUSE-SU-2019:2413-1: moderate: Security update for openssl Message-ID: <20190920144135.06273FCA6@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2413-1 Rating: moderate References: #1150003 #1150250 Cross-References: CVE-2019-1547 CVE-2019-1563 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 SUSE CaaS Platform 3.0 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2413=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2413=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2413=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2413=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2413=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2413=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2413=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2413=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2413=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2413=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2413=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2413=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): openssl-doc-1.0.2j-60.55.1 - SUSE OpenStack Cloud 8 (x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - SUSE OpenStack Cloud 8 (noarch): openssl-doc-1.0.2j-60.55.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - SUSE OpenStack Cloud 7 (noarch): openssl-doc-1.0.2j-60.55.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): openssl-doc-1.0.2j-60.55.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): openssl-doc-1.0.2j-60.55.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): openssl-doc-1.0.2j-60.55.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): openssl-doc-1.0.2j-60.55.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): openssl-doc-1.0.2j-60.55.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openssl-doc-1.0.2j-60.55.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - SUSE Enterprise Storage 5 (x86_64): libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 - SUSE Enterprise Storage 5 (noarch): openssl-doc-1.0.2j-60.55.1 - SUSE Enterprise Storage 4 (x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - SUSE Enterprise Storage 4 (noarch): openssl-doc-1.0.2j-60.55.1 - SUSE CaaS Platform 3.0 (x86_64): libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 - HPE Helion Openstack 8 (noarch): openssl-doc-1.0.2j-60.55.1 - HPE Helion Openstack 8 (x86_64): libopenssl-devel-1.0.2j-60.55.1 libopenssl1_0_0-1.0.2j-60.55.1 libopenssl1_0_0-32bit-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-1.0.2j-60.55.1 libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.55.1 libopenssl1_0_0-hmac-1.0.2j-60.55.1 libopenssl1_0_0-hmac-32bit-1.0.2j-60.55.1 openssl-1.0.2j-60.55.1 openssl-debuginfo-1.0.2j-60.55.1 openssl-debugsource-1.0.2j-60.55.1 References: https://www.suse.com/security/cve/CVE-2019-1547.html https://www.suse.com/security/cve/CVE-2019-1563.html https://bugzilla.suse.com/1150003 https://bugzilla.suse.com/1150250 From sle-updates at lists.suse.com Fri Sep 20 08:42:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 16:42:29 +0200 (CEST) Subject: SUSE-RU-2019:2416-1: moderate: Recommended update for suse-module-tools Message-ID: <20190920144229.15343FCA6@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2416-1 Rating: moderate References: #1148494 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-module-tools fixes the following issues: - Remove 'modhash' as it has moved to mokutil package. (jsc#SLE-6094, bsc#1148494) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2416=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2416=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): suse-module-tools-legacy-15.1.17-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): suse-module-tools-15.1.17-3.6.1 References: https://bugzilla.suse.com/1148494 From sle-updates at lists.suse.com Fri Sep 20 08:43:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 16:43:16 +0200 (CEST) Subject: SUSE-SU-2019:2414-1: important: Security update for the Linux Kernel Message-ID: <20190920144316.46175FCA6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2414-1 Rating: important References: #1047238 #1050911 #1051510 #1054914 #1055117 #1056686 #1060662 #1061840 #1061843 #1064597 #1064701 #1065600 #1065729 #1066369 #1071009 #1071306 #1078248 #1082555 #1085030 #1085536 #1085539 #1086103 #1087092 #1090734 #1091171 #1093205 #1102097 #1104902 #1106061 #1106284 #1106434 #1108382 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113722 #1114279 #1114542 #1118689 #1119086 #1120876 #1120902 #1120937 #1123105 #1123959 #1124370 #1129424 #1129519 #1129664 #1131107 #1131281 #1131565 #1133021 #1134291 #1134881 #1134882 #1135219 #1135642 #1135897 #1136261 #1137811 #1137884 #1138539 #1139020 #1139021 #1139101 #1139500 #1140012 #1140426 #1140487 #1141450 #1141543 #1141554 #1142019 #1142076 #1142109 #1142117 #1142118 #1142119 #1142496 #1142541 #1142635 #1142685 #1142701 #1142857 #1143300 #1143466 #1143765 #1143841 #1143843 #1144123 #1144333 #1144474 #1144518 #1144718 #1144813 #1144880 #1144886 #1144912 #1144920 #1144979 #1145010 #1145051 #1145059 #1145189 #1145235 #1145300 #1145302 #1145388 #1145389 #1145390 #1145391 #1145392 #1145393 #1145394 #1145395 #1145396 #1145397 #1145408 #1145409 #1145661 #1145678 #1145687 #1145920 #1145922 #1145934 #1145937 #1145940 #1145941 #1145942 #1146074 #1146084 #1146163 #1146285 #1146346 #1146351 #1146352 #1146361 #1146376 #1146378 #1146381 #1146391 #1146399 #1146413 #1146425 #1146512 #1146514 #1146516 #1146519 #1146524 #1146526 #1146529 #1146531 #1146543 #1146547 #1146550 #1146575 #1146589 #1146678 #1146938 #1148031 #1148032 #1148033 #1148034 #1148035 #1148093 #1148133 #1148192 #1148196 #1148198 #1148202 #1148303 #1148363 #1148379 #1148394 #1148527 #1148574 #1148616 #1148617 #1148619 #1148859 #1148868 #1149053 #1149083 #1149104 #1149105 #1149106 #1149197 #1149214 #1149224 #1149325 #1149376 #1149413 #1149418 #1149424 #1149522 #1149527 #1149539 #1149552 #1149591 #1149602 #1149612 #1149626 #1149652 #1149713 #1149940 #1149976 #1150025 #1150033 #1150112 #1150562 #1150727 #1150860 #1150861 #1150933 Cross-References: CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 39 vulnerabilities and has 180 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#321840: Reduce memory required to boot capture kernel while using fadump - fate#326869: perf: pmu mem_load/store event support - fate:327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times The following security bugs were fixed: - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: kvm: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: kvm: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoC: dapm: Fix handling of custom_stop_condition on DApm graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcache: kernel oops on reading sysfs cache_mode file (bsc#1144979). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata "Needless activation of MRAF irq" (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133 bsc#1138539). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on smb2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on smb2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change smb2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count smb3 credits for malformed pending responses (bsc#1144333). - cifs: Display smb2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on smbDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip smb2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on smb2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when tracesmb is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for smb2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on smb2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing smb tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for smb2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in smb2_read (bsc#1144333). - cifs: Fix use-after-free in smb2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_cifs_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending smb packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for smb3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send smb2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired smb sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for smb2 async IO (bsc#1144333). - cifs: Reopen file before get smb2 MTU credits for async IO (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Respect smb2 hdr preamble size in read responses (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in smb2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in smb2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add a new smb2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in smb 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add smb2_close_init()/smb2_close_free() (bsc#1144333). - cifs: add smb2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add smb2_query_info_[init|free]() (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling smb2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_OP_RENAME and smb2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change smb2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change smb2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check cifs_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if smb2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in smb2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create a define for how many iovs we need for an smb2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a smb2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for smb2_set_info_init/free() (bsc#1144333). - cifs: create smb2_open_init()/smb2_open_free() helpers (bsc#1144333). - cifs: do not allow creating sockets except with smb1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in smb2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_cifs_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for smb_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_smb2_hidR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for smb1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in smb3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in smb2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in smb2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb1 breakage (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in smb2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to cifsMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on smb1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print cifsMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all smb2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to smb2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from smb2_read (bsc#1144333). - cifs: rename and clarify cifs_ASYNC_OP and cifs_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_cifs_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: smbD: Add rdma mount option (bsc#1144333). - cifs: smbD: Add smb Direct debug counters (bsc#1144333). - cifs: smbD: Add smb Direct protocol initial values and constants (bsc#1144333). - cifs: smbD: Disable signing on smb direct transport (bsc#1144333). - cifs: smbD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: smbD: Establish smb Direct connection (bsc#1144333). - cifs: smbD: Fix the definition for smb2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: smbD: Implement RDMA memory registration (bsc#1144333). - cifs: smbD: Implement function to create a smb Direct connection (bsc#1144333). - cifs: smbD: Implement function to destroy a smb Direct connection (bsc#1144333). - cifs: smbD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: smbD: Implement function to reconnect to a smb Direct transport (bsc#1144333). - cifs: smbD: Implement function to send data via RDMA send (bsc#1144333). - cifs: smbD: Read correct returned data length for RDMA write (smb read) I/O (bsc#1144333). - cifs: smbD: Set smb Direct maximum read or write size for I/O (bsc#1144333). - cifs: smbD: Support page offset in RDMA recv (bsc#1144333). - cifs: smbD: Support page offset in RDMA send (bsc#1144333). - cifs: smbD: Support page offset in memory registration (bsc#1144333). - cifs: smbD: Upper layer connects to smbDirect session (bsc#1144333). - cifs: smbD: Upper layer destroys smb Direct session on shutdown or umount (bsc#1144333). - cifs: smbD: Upper layer performs smb read via RDMA write through memory registration (bsc#1144333). - cifs: smbD: Upper layer performs smb write via RDMA read through memory registration (bsc#1144333). - cifs: smbD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: smbD: Upper layer reconnects to smb Direct session (bsc#1144333). - cifs: smbD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: smbD: _smbd_get_connection() can be static (bsc#1144333). - cifs: smbD: export protocol initial values (bsc#1144333). - cifs: smbD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: smbD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump smb packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on smb2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of smb2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in smb2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 smbus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Handle SG length overflow better (bsc#1146084). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: fix invalid stored role for a disk (bsc#1143765). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/acpi: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - power: xive support (bsc#1085030, bsc#1144518, LTC#178833). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during Lpm (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue pm status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved smb3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add smb3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add support for multidialect negotiate (smb2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Allow smb3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of smb3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Fix smb3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for smb3 not just cifs (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each smb3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new smb311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_cifs_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for smb3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_cifs_smb311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: address lock imbalance warnings in smbdirect.c (bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix Tpm 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for Lpm enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2414=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2414=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-2414=1 - SUSE Linux Enterprise Module for Legacy Software 15: zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2414=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2414=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2414=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-2414=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): kernel-default-debuginfo-4.12.14-150.35.1 kernel-default-debugsource-4.12.14-150.35.1 kernel-default-extra-4.12.14-150.35.1 kernel-default-extra-debuginfo-4.12.14-150.35.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-default-base-4.12.14-150.35.1 kernel-default-base-debuginfo-4.12.14-150.35.1 kernel-default-debuginfo-4.12.14-150.35.1 kernel-default-debugsource-4.12.14-150.35.1 kernel-obs-qa-4.12.14-150.35.1 kselftests-kmp-default-4.12.14-150.35.1 kselftests-kmp-default-debuginfo-4.12.14-150.35.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): kernel-docs-html-4.12.14-150.35.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.35.1 kernel-default-debugsource-4.12.14-150.35.1 kernel-default-livepatch-4.12.14-150.35.1 kernel-livepatch-4_12_14-150_35-default-1-1.3.1 kernel-livepatch-4_12_14-150_35-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-150.35.1 kernel-default-debugsource-4.12.14-150.35.1 reiserfs-kmp-default-4.12.14-150.35.1 reiserfs-kmp-default-debuginfo-4.12.14-150.35.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-150.35.1 kernel-obs-build-debugsource-4.12.14-150.35.1 kernel-syms-4.12.14-150.35.1 kernel-vanilla-base-4.12.14-150.35.1 kernel-vanilla-base-debuginfo-4.12.14-150.35.1 kernel-vanilla-debuginfo-4.12.14-150.35.1 kernel-vanilla-debugsource-4.12.14-150.35.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): kernel-docs-4.12.14-150.35.1 kernel-source-4.12.14-150.35.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150.35.1 kernel-default-base-4.12.14-150.35.1 kernel-default-debuginfo-4.12.14-150.35.1 kernel-default-debugsource-4.12.14-150.35.1 kernel-default-devel-4.12.14-150.35.1 kernel-default-devel-debuginfo-4.12.14-150.35.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): kernel-devel-4.12.14-150.35.1 kernel-macros-4.12.14-150.35.1 - SUSE Linux Enterprise Module for Basesystem 15 (s390x): kernel-default-man-4.12.14-150.35.1 kernel-zfcpdump-4.12.14-150.35.1 kernel-zfcpdump-debuginfo-4.12.14-150.35.1 kernel-zfcpdump-debugsource-4.12.14-150.35.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.35.1 cluster-md-kmp-default-debuginfo-4.12.14-150.35.1 dlm-kmp-default-4.12.14-150.35.1 dlm-kmp-default-debuginfo-4.12.14-150.35.1 gfs2-kmp-default-4.12.14-150.35.1 gfs2-kmp-default-debuginfo-4.12.14-150.35.1 kernel-default-debuginfo-4.12.14-150.35.1 kernel-default-debugsource-4.12.14-150.35.1 ocfs2-kmp-default-4.12.14-150.35.1 ocfs2-kmp-default-debuginfo-4.12.14-150.35.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2018-20976.html https://www.suse.com/security/cve/CVE-2018-21008.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-15030.html https://www.suse.com/security/cve/CVE-2019-15031.html https://www.suse.com/security/cve/CVE-2019-15090.html https://www.suse.com/security/cve/CVE-2019-15098.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-15211.html https://www.suse.com/security/cve/CVE-2019-15212.html https://www.suse.com/security/cve/CVE-2019-15214.html https://www.suse.com/security/cve/CVE-2019-15215.html https://www.suse.com/security/cve/CVE-2019-15216.html https://www.suse.com/security/cve/CVE-2019-15217.html https://www.suse.com/security/cve/CVE-2019-15218.html https://www.suse.com/security/cve/CVE-2019-15219.html https://www.suse.com/security/cve/CVE-2019-15220.html https://www.suse.com/security/cve/CVE-2019-15221.html https://www.suse.com/security/cve/CVE-2019-15222.html https://www.suse.com/security/cve/CVE-2019-15239.html https://www.suse.com/security/cve/CVE-2019-15290.html https://www.suse.com/security/cve/CVE-2019-15292.html https://www.suse.com/security/cve/CVE-2019-15538.html https://www.suse.com/security/cve/CVE-2019-15666.html https://www.suse.com/security/cve/CVE-2019-15902.html https://www.suse.com/security/cve/CVE-2019-15917.html https://www.suse.com/security/cve/CVE-2019-15919.html https://www.suse.com/security/cve/CVE-2019-15920.html https://www.suse.com/security/cve/CVE-2019-15921.html https://www.suse.com/security/cve/CVE-2019-15924.html https://www.suse.com/security/cve/CVE-2019-15926.html https://www.suse.com/security/cve/CVE-2019-15927.html https://www.suse.com/security/cve/CVE-2019-9456.html https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1050911 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1060662 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1061843 https://bugzilla.suse.com/1064597 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066369 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086103 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1118689 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1120876 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1120937 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1123959 https://bugzilla.suse.com/1124370 https://bugzilla.suse.com/1129424 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131281 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134291 https://bugzilla.suse.com/1134881 https://bugzilla.suse.com/1134882 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136261 https://bugzilla.suse.com/1137811 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1138539 https://bugzilla.suse.com/1139020 https://bugzilla.suse.com/1139021 https://bugzilla.suse.com/1139101 https://bugzilla.suse.com/1139500 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140426 https://bugzilla.suse.com/1140487 https://bugzilla.suse.com/1141450 https://bugzilla.suse.com/1141543 https://bugzilla.suse.com/1141554 https://bugzilla.suse.com/1142019 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142109 https://bugzilla.suse.com/1142117 https://bugzilla.suse.com/1142118 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142496 https://bugzilla.suse.com/1142541 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1143300 https://bugzilla.suse.com/1143466 https://bugzilla.suse.com/1143765 https://bugzilla.suse.com/1143841 https://bugzilla.suse.com/1143843 https://bugzilla.suse.com/1144123 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1144474 https://bugzilla.suse.com/1144518 https://bugzilla.suse.com/1144718 https://bugzilla.suse.com/1144813 https://bugzilla.suse.com/1144880 https://bugzilla.suse.com/1144886 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1144979 https://bugzilla.suse.com/1145010 https://bugzilla.suse.com/1145051 https://bugzilla.suse.com/1145059 https://bugzilla.suse.com/1145189 https://bugzilla.suse.com/1145235 https://bugzilla.suse.com/1145300 https://bugzilla.suse.com/1145302 https://bugzilla.suse.com/1145388 https://bugzilla.suse.com/1145389 https://bugzilla.suse.com/1145390 https://bugzilla.suse.com/1145391 https://bugzilla.suse.com/1145392 https://bugzilla.suse.com/1145393 https://bugzilla.suse.com/1145394 https://bugzilla.suse.com/1145395 https://bugzilla.suse.com/1145396 https://bugzilla.suse.com/1145397 https://bugzilla.suse.com/1145408 https://bugzilla.suse.com/1145409 https://bugzilla.suse.com/1145661 https://bugzilla.suse.com/1145678 https://bugzilla.suse.com/1145687 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1145934 https://bugzilla.suse.com/1145937 https://bugzilla.suse.com/1145940 https://bugzilla.suse.com/1145941 https://bugzilla.suse.com/1145942 https://bugzilla.suse.com/1146074 https://bugzilla.suse.com/1146084 https://bugzilla.suse.com/1146163 https://bugzilla.suse.com/1146285 https://bugzilla.suse.com/1146346 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1146352 https://bugzilla.suse.com/1146361 https://bugzilla.suse.com/1146376 https://bugzilla.suse.com/1146378 https://bugzilla.suse.com/1146381 https://bugzilla.suse.com/1146391 https://bugzilla.suse.com/1146399 https://bugzilla.suse.com/1146413 https://bugzilla.suse.com/1146425 https://bugzilla.suse.com/1146512 https://bugzilla.suse.com/1146514 https://bugzilla.suse.com/1146516 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146524 https://bugzilla.suse.com/1146526 https://bugzilla.suse.com/1146529 https://bugzilla.suse.com/1146531 https://bugzilla.suse.com/1146543 https://bugzilla.suse.com/1146547 https://bugzilla.suse.com/1146550 https://bugzilla.suse.com/1146575 https://bugzilla.suse.com/1146589 https://bugzilla.suse.com/1146678 https://bugzilla.suse.com/1146938 https://bugzilla.suse.com/1148031 https://bugzilla.suse.com/1148032 https://bugzilla.suse.com/1148033 https://bugzilla.suse.com/1148034 https://bugzilla.suse.com/1148035 https://bugzilla.suse.com/1148093 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148192 https://bugzilla.suse.com/1148196 https://bugzilla.suse.com/1148198 https://bugzilla.suse.com/1148202 https://bugzilla.suse.com/1148303 https://bugzilla.suse.com/1148363 https://bugzilla.suse.com/1148379 https://bugzilla.suse.com/1148394 https://bugzilla.suse.com/1148527 https://bugzilla.suse.com/1148574 https://bugzilla.suse.com/1148616 https://bugzilla.suse.com/1148617 https://bugzilla.suse.com/1148619 https://bugzilla.suse.com/1148859 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149053 https://bugzilla.suse.com/1149083 https://bugzilla.suse.com/1149104 https://bugzilla.suse.com/1149105 https://bugzilla.suse.com/1149106 https://bugzilla.suse.com/1149197 https://bugzilla.suse.com/1149214 https://bugzilla.suse.com/1149224 https://bugzilla.suse.com/1149325 https://bugzilla.suse.com/1149376 https://bugzilla.suse.com/1149413 https://bugzilla.suse.com/1149418 https://bugzilla.suse.com/1149424 https://bugzilla.suse.com/1149522 https://bugzilla.suse.com/1149527 https://bugzilla.suse.com/1149539 https://bugzilla.suse.com/1149552 https://bugzilla.suse.com/1149591 https://bugzilla.suse.com/1149602 https://bugzilla.suse.com/1149612 https://bugzilla.suse.com/1149626 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1149713 https://bugzilla.suse.com/1149940 https://bugzilla.suse.com/1149976 https://bugzilla.suse.com/1150025 https://bugzilla.suse.com/1150033 https://bugzilla.suse.com/1150112 https://bugzilla.suse.com/1150562 https://bugzilla.suse.com/1150727 https://bugzilla.suse.com/1150860 https://bugzilla.suse.com/1150861 https://bugzilla.suse.com/1150933 From sle-updates at lists.suse.com Fri Sep 20 09:16:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 17:16:03 +0200 (CEST) Subject: SUSE-RU-2019:2420-1: moderate: Recommended update for kiwi, python-kiwi Message-ID: <20190920151603.CFB1FF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi, python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2420-1 Rating: moderate References: #1141156 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kiwi and python-kiwi fixes the following issues: - In some specific partition size configurations in the PXE client the partition layout was always seen as an invalid one in each boot. This was causing a repartition and re-deploy of the PXE image in every single boot. (bsc#1141156) - Use the kiwi-tools from python-kiwi (instead of kiwi itself) in SLES-12-SP2-LTSS. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2420=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2420=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2420=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2420=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2420=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2420=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2420=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2420=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2420=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2420=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2420=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2420=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-isoboot-7.04.51-72.41.2 kiwi-desc-netboot-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-man-pages-8.33.14-9.31.1 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 python-kiwi-debugsource-8.33.14-9.31.1 python2-kiwi-8.33.14-9.31.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): kiwi-doc-7.04.51-72.41.2 - SUSE OpenStack Cloud 8 (noarch): kiwi-doc-7.04.51-72.41.2 - SUSE OpenStack Cloud 8 (x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-isoboot-7.04.51-72.41.2 kiwi-desc-netboot-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-man-pages-8.33.14-9.31.1 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 python-kiwi-debugsource-8.33.14-9.31.1 python2-kiwi-8.33.14-9.31.1 - SUSE OpenStack Cloud 7 (s390x x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-netboot-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 - SUSE OpenStack Cloud 7 (x86_64): kiwi-desc-isoboot-7.04.51-72.41.2 - SUSE OpenStack Cloud 7 (noarch): kiwi-doc-7.04.51-72.41.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-netboot-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-man-pages-8.33.14-9.31.1 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 python-kiwi-debugsource-8.33.14-9.31.1 python2-kiwi-8.33.14-9.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kiwi-doc-7.04.51-72.41.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): kiwi-desc-isoboot-7.04.51-72.41.2 kiwi-pxeboot-8.33.14-9.31.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-netboot-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): kiwi-desc-isoboot-7.04.51-72.41.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kiwi-doc-7.04.51-72.41.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-man-pages-8.33.14-9.31.1 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 python-kiwi-debugsource-8.33.14-9.31.1 python2-kiwi-8.33.14-9.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): kiwi-desc-netboot-7.04.51-72.41.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): kiwi-desc-isoboot-7.04.51-72.41.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kiwi-doc-7.04.51-72.41.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-isoboot-7.04.51-72.41.2 kiwi-desc-netboot-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-man-pages-8.33.14-9.31.1 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 python-kiwi-debugsource-8.33.14-9.31.1 python2-kiwi-8.33.14-9.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kiwi-doc-7.04.51-72.41.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-netboot-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): kiwi-desc-isoboot-7.04.51-72.41.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kiwi-doc-7.04.51-72.41.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kiwi-doc-7.04.51-72.41.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-isoboot-7.04.51-72.41.2 kiwi-desc-netboot-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 - SUSE Enterprise Storage 5 (x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-isoboot-7.04.51-72.41.2 kiwi-desc-netboot-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-man-pages-8.33.14-9.31.1 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 python-kiwi-debugsource-8.33.14-9.31.1 python2-kiwi-8.33.14-9.31.1 - SUSE Enterprise Storage 5 (noarch): kiwi-doc-7.04.51-72.41.2 - SUSE Enterprise Storage 4 (x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-isoboot-7.04.51-72.41.2 kiwi-desc-netboot-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 - SUSE Enterprise Storage 4 (noarch): kiwi-doc-7.04.51-72.41.2 - HPE Helion Openstack 8 (noarch): kiwi-doc-7.04.51-72.41.2 - HPE Helion Openstack 8 (x86_64): kiwi-7.04.51-72.41.2 kiwi-desc-isoboot-7.04.51-72.41.2 kiwi-desc-netboot-7.04.51-72.41.2 kiwi-desc-oemboot-7.04.51-72.41.2 kiwi-desc-vmxboot-7.04.51-72.41.2 kiwi-man-pages-8.33.14-9.31.1 kiwi-templates-7.04.51-72.41.2 kiwi-tools-8.33.14-9.31.1 kiwi-tools-debuginfo-8.33.14-9.31.1 python-kiwi-debugsource-8.33.14-9.31.1 python2-kiwi-8.33.14-9.31.1 References: https://bugzilla.suse.com/1141156 From sle-updates at lists.suse.com Fri Sep 20 09:16:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 17:16:49 +0200 (CEST) Subject: SUSE-RU-2019:2418-1: moderate: Recommended update for bash Message-ID: <20190920151649.7BE9FF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2418-1 Rating: moderate References: #1133773 #1143055 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for bash fixes the following issues: - Rework patch readline-7.0-screen (bsc#1143055): map all "screen(-xxx)?.yyy(-zzz)?" to "screen" as well as map "konsole(-xxx)?" and "gnome(-xxx)?" to "xterm" - Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2418=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2418=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2418=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2418=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.4-9.10.1 bash-debugsource-4.4-9.10.1 bash-loadables-4.4-9.10.1 bash-loadables-debuginfo-4.4-9.10.1 readline-devel-static-7.0-9.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libreadline7-32bit-7.0-9.10.1 libreadline7-32bit-debuginfo-7.0-9.10.1 readline-devel-32bit-7.0-9.10.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.4-9.10.1 bash-debugsource-4.4-9.10.1 bash-loadables-4.4-9.10.1 bash-loadables-debuginfo-4.4-9.10.1 readline-devel-static-7.0-9.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): bash-4.4-9.10.1 bash-debuginfo-4.4-9.10.1 bash-debugsource-4.4-9.10.1 bash-devel-4.4-9.10.1 libreadline7-7.0-9.10.1 libreadline7-debuginfo-7.0-9.10.1 readline-devel-7.0-9.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): bash-doc-4.4-9.10.1 bash-lang-4.4-9.10.1 readline-doc-7.0-9.10.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): bash-4.4-9.10.1 bash-debuginfo-4.4-9.10.1 bash-debugsource-4.4-9.10.1 bash-devel-4.4-9.10.1 libreadline7-7.0-9.10.1 libreadline7-debuginfo-7.0-9.10.1 readline-devel-7.0-9.10.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): bash-doc-4.4-9.10.1 bash-lang-4.4-9.10.1 readline-doc-7.0-9.10.1 References: https://bugzilla.suse.com/1133773 https://bugzilla.suse.com/1143055 From sle-updates at lists.suse.com Fri Sep 20 09:17:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 17:17:45 +0200 (CEST) Subject: SUSE-RU-2019:2419-1: moderate: Recommended update for Mesa, libdrm Message-ID: <20190920151745.A4420F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for Mesa, libdrm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2419-1 Rating: moderate References: #1137515 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for Mesa, libdrm provides the following enhancements: Changes in Mesa: - Add support for Cometlake. (jsc#SLE-4983, bsc#1137515) Changes in libdrm: - Add support for Amberlake. (jsc#SLE-4989, bsc#1137515) - Add support for Cometalke. (jsc#SLE-4983, bsc#1137515) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2419=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2419=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2419=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): Mesa-dri-nouveau-18.3.2-34.3.14 Mesa-dri-nouveau-debuginfo-18.3.2-34.3.14 Mesa-drivers-debugsource-18.3.2-34.3.14 libXvMC_nouveau-18.3.2-34.3.14 libXvMC_nouveau-debuginfo-18.3.2-34.3.14 libvdpau_nouveau-18.3.2-34.3.14 libvdpau_nouveau-debuginfo-18.3.2-34.3.14 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): Mesa-drivers-debugsource-18.3.2-34.3.14 Mesa-libOpenCL-18.3.2-34.3.14 Mesa-libOpenCL-debuginfo-18.3.2-34.3.14 libdrm-debugsource-2.4.97-3.3.11 libdrm-tools-2.4.97-3.3.11 libdrm-tools-debuginfo-2.4.97-3.3.11 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): libXvMC_r600-18.3.2-34.3.14 libXvMC_r600-debuginfo-18.3.2-34.3.14 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): Mesa-libd3d-18.3.2-34.3.14 Mesa-libd3d-debuginfo-18.3.2-34.3.14 Mesa-libd3d-devel-18.3.2-34.3.14 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le): Mesa-dri-nouveau-18.3.2-34.3.14 Mesa-dri-nouveau-debuginfo-18.3.2-34.3.14 libXvMC_nouveau-18.3.2-34.3.14 libXvMC_nouveau-debuginfo-18.3.2-34.3.14 libvdpau_nouveau-18.3.2-34.3.14 libvdpau_nouveau-debuginfo-18.3.2-34.3.14 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): Mesa-debugsource-18.3.2-34.3.14 Mesa-dri-nouveau-32bit-18.3.2-34.3.14 Mesa-dri-nouveau-32bit-debuginfo-18.3.2-34.3.14 Mesa-libd3d-32bit-18.3.2-34.3.14 Mesa-libd3d-32bit-debuginfo-18.3.2-34.3.14 Mesa-libd3d-devel-32bit-18.3.2-34.3.14 Mesa-libglapi-devel-32bit-18.3.2-34.3.14 libOSMesa-devel-32bit-18.3.2-34.3.14 libOSMesa8-32bit-18.3.2-34.3.14 libOSMesa8-32bit-debuginfo-18.3.2-34.3.14 libXvMC_nouveau-32bit-18.3.2-34.3.14 libXvMC_nouveau-32bit-debuginfo-18.3.2-34.3.14 libXvMC_r600-32bit-18.3.2-34.3.14 libXvMC_r600-32bit-debuginfo-18.3.2-34.3.14 libdrm-devel-32bit-2.4.97-3.3.11 libgbm-devel-32bit-18.3.2-34.3.14 libkms-devel-32bit-2.4.97-3.3.11 libkms1-32bit-2.4.97-3.3.11 libkms1-32bit-debuginfo-2.4.97-3.3.11 libvdpau_nouveau-32bit-18.3.2-34.3.14 libvdpau_nouveau-32bit-debuginfo-18.3.2-34.3.14 libvdpau_r300-32bit-18.3.2-34.3.14 libvdpau_r300-32bit-debuginfo-18.3.2-34.3.14 libvdpau_r600-32bit-18.3.2-34.3.14 libvdpau_r600-32bit-debuginfo-18.3.2-34.3.14 libvdpau_radeonsi-32bit-18.3.2-34.3.14 libvdpau_radeonsi-32bit-debuginfo-18.3.2-34.3.14 libvulkan_intel-32bit-18.3.2-34.3.14 libvulkan_intel-32bit-debuginfo-18.3.2-34.3.14 libvulkan_radeon-32bit-18.3.2-34.3.14 libvulkan_radeon-32bit-debuginfo-18.3.2-34.3.14 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): Mesa-18.3.2-34.3.14 Mesa-KHR-devel-18.3.2-34.3.14 Mesa-debugsource-18.3.2-34.3.14 Mesa-devel-18.3.2-34.3.14 Mesa-dri-18.3.2-34.3.14 Mesa-dri-debuginfo-18.3.2-34.3.14 Mesa-dri-devel-18.3.2-34.3.14 Mesa-drivers-debugsource-18.3.2-34.3.14 Mesa-gallium-18.3.2-34.3.14 Mesa-gallium-debuginfo-18.3.2-34.3.14 Mesa-libEGL-devel-18.3.2-34.3.14 Mesa-libEGL1-18.3.2-34.3.14 Mesa-libEGL1-debuginfo-18.3.2-34.3.14 Mesa-libGL-devel-18.3.2-34.3.14 Mesa-libGL1-18.3.2-34.3.14 Mesa-libGL1-debuginfo-18.3.2-34.3.14 Mesa-libGLESv1_CM-devel-18.3.2-34.3.14 Mesa-libGLESv1_CM1-18.3.2-34.3.14 Mesa-libGLESv2-2-18.3.2-34.3.14 Mesa-libGLESv2-devel-18.3.2-34.3.14 Mesa-libGLESv3-devel-18.3.2-34.3.14 Mesa-libglapi-devel-18.3.2-34.3.14 Mesa-libglapi0-18.3.2-34.3.14 Mesa-libglapi0-debuginfo-18.3.2-34.3.14 libOSMesa-devel-18.3.2-34.3.14 libOSMesa8-18.3.2-34.3.14 libOSMesa8-debuginfo-18.3.2-34.3.14 libdrm-debugsource-2.4.97-3.3.11 libdrm-devel-2.4.97-3.3.11 libdrm2-2.4.97-3.3.11 libdrm2-debuginfo-2.4.97-3.3.11 libdrm_amdgpu1-2.4.97-3.3.11 libdrm_amdgpu1-debuginfo-2.4.97-3.3.11 libdrm_nouveau2-2.4.97-3.3.11 libdrm_nouveau2-debuginfo-2.4.97-3.3.11 libdrm_radeon1-2.4.97-3.3.11 libdrm_radeon1-debuginfo-2.4.97-3.3.11 libgbm-devel-18.3.2-34.3.14 libgbm1-18.3.2-34.3.14 libgbm1-debuginfo-18.3.2-34.3.14 libkms-devel-2.4.97-3.3.11 libkms1-2.4.97-3.3.11 libkms1-debuginfo-2.4.97-3.3.11 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le x86_64): Mesa-libva-18.3.2-34.3.14 Mesa-libva-debuginfo-18.3.2-34.3.14 libvdpau_r300-18.3.2-34.3.14 libvdpau_r300-debuginfo-18.3.2-34.3.14 libvdpau_r600-18.3.2-34.3.14 libvdpau_r600-debuginfo-18.3.2-34.3.14 libxatracker-devel-1.0.0-34.3.14 libxatracker2-1.0.0-34.3.14 libxatracker2-debuginfo-1.0.0-34.3.14 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64): libdrm_etnaviv1-2.4.97-3.3.11 libdrm_etnaviv1-debuginfo-2.4.97-3.3.11 libdrm_exynos1-2.4.97-3.3.11 libdrm_exynos1-debuginfo-2.4.97-3.3.11 libdrm_freedreno1-2.4.97-3.3.11 libdrm_freedreno1-debuginfo-2.4.97-3.3.11 libdrm_tegra0-2.4.97-3.3.11 libdrm_tegra0-debuginfo-2.4.97-3.3.11 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): Mesa-32bit-18.3.2-34.3.14 Mesa-dri-32bit-18.3.2-34.3.14 Mesa-dri-32bit-debuginfo-18.3.2-34.3.14 Mesa-gallium-32bit-18.3.2-34.3.14 Mesa-gallium-32bit-debuginfo-18.3.2-34.3.14 Mesa-libEGL1-32bit-18.3.2-34.3.14 Mesa-libEGL1-32bit-debuginfo-18.3.2-34.3.14 Mesa-libGL1-32bit-18.3.2-34.3.14 Mesa-libGL1-32bit-debuginfo-18.3.2-34.3.14 Mesa-libVulkan-devel-18.3.2-34.3.14 Mesa-libd3d-18.3.2-34.3.14 Mesa-libd3d-debuginfo-18.3.2-34.3.14 Mesa-libd3d-devel-18.3.2-34.3.14 Mesa-libglapi0-32bit-18.3.2-34.3.14 Mesa-libglapi0-32bit-debuginfo-18.3.2-34.3.14 libdrm2-32bit-2.4.97-3.3.11 libdrm2-32bit-debuginfo-2.4.97-3.3.11 libdrm_amdgpu1-32bit-2.4.97-3.3.11 libdrm_amdgpu1-32bit-debuginfo-2.4.97-3.3.11 libdrm_intel1-2.4.97-3.3.11 libdrm_intel1-32bit-2.4.97-3.3.11 libdrm_intel1-32bit-debuginfo-2.4.97-3.3.11 libdrm_intel1-debuginfo-2.4.97-3.3.11 libdrm_nouveau2-32bit-2.4.97-3.3.11 libdrm_nouveau2-32bit-debuginfo-2.4.97-3.3.11 libdrm_radeon1-32bit-2.4.97-3.3.11 libdrm_radeon1-32bit-debuginfo-2.4.97-3.3.11 libgbm1-32bit-18.3.2-34.3.14 libgbm1-32bit-debuginfo-18.3.2-34.3.14 libvdpau_radeonsi-18.3.2-34.3.14 libvdpau_radeonsi-debuginfo-18.3.2-34.3.14 libvulkan_intel-18.3.2-34.3.14 libvulkan_intel-debuginfo-18.3.2-34.3.14 libvulkan_radeon-18.3.2-34.3.14 libvulkan_radeon-debuginfo-18.3.2-34.3.14 References: https://bugzilla.suse.com/1137515 From sle-updates at lists.suse.com Fri Sep 20 13:10:53 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 21:10:53 +0200 (CEST) Subject: SUSE-SU-2019:2424-1: important: Security update for the Linux Kernel Message-ID: <20190920191053.5F694F7B3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2424-1 Rating: important References: #1047238 #1050911 #1051510 #1054914 #1055117 #1056686 #1060662 #1061840 #1061843 #1064597 #1064701 #1065600 #1065729 #1066369 #1071009 #1071306 #1078248 #1082555 #1082635 #1085030 #1085536 #1085539 #1086103 #1087092 #1090734 #1091171 #1093205 #1102097 #1103990 #1104353 #1104427 #1104745 #1104902 #1106061 #1106284 #1106434 #1108382 #1109837 #1111666 #1112178 #1112374 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113722 #1113994 #1114279 #1114542 #1118689 #1119086 #1119113 #1120046 #1120876 #1120902 #1123105 #1123959 #1124370 #1129424 #1129519 #1129664 #1131107 #1131281 #1131489 #1131565 #1133021 #1134291 #1134476 #1134881 #1134882 #1135219 #1135642 #1135897 #1135990 #1136039 #1136261 #1136346 #1136349 #1136352 #1136496 #1136498 #1136502 #1136682 #1137322 #1137323 #1137884 #1138099 #1138100 #1138539 #1139020 #1139021 #1139101 #1139500 #1140012 #1140426 #1140487 #1141340 #1141450 #1141543 #1141554 #1142019 #1142076 #1142109 #1142117 #1142118 #1142119 #1142496 #1142541 #1142635 #1142685 #1142701 #1142857 #1143300 #1143331 #1143466 #1143706 #1143738 #1143765 #1143841 #1143843 #1143962 #1144123 #1144333 #1144375 #1144474 #1144518 #1144582 #1144718 #1144813 #1144880 #1144886 #1144912 #1144920 #1144979 #1145010 #1145018 #1145051 #1145059 #1145189 #1145235 #1145256 #1145300 #1145302 #1145357 #1145388 #1145389 #1145390 #1145391 #1145392 #1145393 #1145394 #1145395 #1145396 #1145397 #1145408 #1145409 #1145446 #1145661 #1145678 #1145687 #1145920 #1145922 #1145934 #1145937 #1145940 #1145941 #1145942 #1145946 #1146074 #1146084 #1146141 #1146163 #1146215 #1146285 #1146346 #1146351 #1146352 #1146361 #1146368 #1146376 #1146378 #1146381 #1146391 #1146399 #1146413 #1146425 #1146516 #1146519 #1146524 #1146526 #1146529 #1146531 #1146543 #1146547 #1146550 #1146575 #1146589 #1146678 #1146938 #1148031 #1148032 #1148033 #1148034 #1148035 #1148093 #1148133 #1148192 #1148196 #1148198 #1148202 #1148219 #1148297 #1148303 #1148308 #1148363 #1148379 #1148394 #1148527 #1148570 #1148574 #1148616 #1148617 #1148619 #1148698 #1148859 #1148868 #1149053 #1149083 #1149104 #1149105 #1149106 #1149197 #1149214 #1149224 #1149325 #1149376 #1149413 #1149418 #1149424 #1149522 #1149527 #1149539 #1149552 #1149591 #1149602 #1149612 #1149626 #1149652 #1149713 #1149940 #1149976 #1150025 #1150033 #1150112 #1150562 #1150727 #1150860 #1150861 #1150933 Cross-References: CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 40 vulnerabilities and has 222 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#326869: perf: pmu mem_load/store event support - fate#327380: KVM: Add hardware CPU Model - kernel part - fate#327377: KVM: Support for configurable virtio-crypto - fate#327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times - fate#326472: Marvell Armada 7K/8K Ethernet (incl. 10G) kernel enablement - fate#326416: Hi1620 (Vendor: Huawei): RDMA kernel enablement - fate#326415: Hi1620 (Vendor: Huawei): HNS3 (100G) network kernel enablement The following security bugs were fixed: - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Fixes inverted Conexant GPIO mic mute led (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/ca0132 - Add new SBZ quirk (bsc#1051510). - alsa: hda/realtek - Add quirk for HP Envy x360 (bsc#1051510). - alsa: hda/realtek - Add quirk for HP Pavilion 15 (bsc#1051510). - alsa: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: Fix 1-minute detection delay when i915 module is not available (bsc#1111666). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Add implicit fb quirk for Behringer UFX1604 (bsc#1051510). - alsa: usb-audio: Check mixer unit bitmap yet more strictly (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - alsa: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate() (bsc#1051510). - alsa: usb-audio: fix a memory leak bug (bsc#1111666). - arch: integrate XIVE support (bsc#1085030, bsc#1144518, LTC#178833). - arm64/kernel: enable A53 erratum #8434319 handling at runtime (bsc#1148219). - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1148219). - arm64: fix undefined reference to 'printk' (bsc#1148219). - arm64: kvm: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1148219). - arm64: pci: Preserve firmware configuration when desired (SLE-9332). - arm: (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y - arm: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: kvm: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoc: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoc: dapm: Fix handling of custom_stop_condition on DApm graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath10k: Change the warning message string (bsc#1051510). - ath10k: Drop WARN_ON()s that always trigger during system resume (bsc#1111666). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: Revert "bcache: use sysfs_match_string() instead of __sysfs_match_string()" (git fixes). - bcache: bsc#1144979: kernel oops on reading sysfs cache_mode file - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2fc_fcoe: Use skb_queue_walk_safe() (bsc#1136502 jsc#SLE-4703). - bnx2x: Disable multi-cos feature (bsc#1136498 jsc#SLE-4699). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bnxt_en: Fix VNIC clearing logic for 57500 chips (bsc#1104745 ). - bnxt_en: Fix to include flow direction in L2 key (bsc#1104745 ). - bnxt_en: Improve RX doorbell sequence (bsc#1104745). - bnxt_en: Use correct src_fid to determine direction of the flow (bsc#1104745). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - bpf: sockmap, only create entry if ulp is not already enabled (bsc#1109837). - bpf: sockmap, sock_map_delete needs to use xchg (bsc#1109837). - bpf: sockmap, synchronize_rcu before free'ing map (bsc#1109837). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata "Needless activation of MRAF irq" (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: add btime field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: add ceph.snap.btime vxattr (bsc#1148133 bsc#1148570). - ceph: add change_attr field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: carry snapshot creation time with inodes (bsc#1148133 bsc#1148570). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: clear page dirty before invalidate page (bsc#1148133). - ceph: decode feature bits in session message (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix decode_locker to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix infinite loop in get_quota_realm() (bsc#1148133). - ceph: fix invalid opcode (bsc#1148133 bsc#1138539). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: fix listxattr vxattr buffer length calculation (bsc#1148133 bsc#1148570). - ceph: handle btime in cap messages (bsc#1148133 bsc#1136682). - ceph: handle change_attr in cap messages (bsc#1148133 bsc#1136682). - ceph: have MDS map decoding use entity_addr_t decoder (bsc#1148133 bsc#1136682). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: increment change_attribute on local changes (bsc#1148133 bsc#1136682). - ceph: initialize superblock s_time_gran to 1 (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: remove unused vxattr length helpers (bsc#1148133 bsc#1148570). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - config: arm64: Remove CONFIG_ARM64_MODULE_CMODEL_LARGE Option removed by patches in bsc#1148219 - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - crypto: virtio - Read crypto services and algorithm masks (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307). - crypto: virtio - Register an algo only if it's supported (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: correctly calculate the size of metadata area (git fixes). - dm integrity: fix a crash due to BUG_ON in __journal_read_write() (git fixes). - dm integrity: fix deadlock with overlapping I/O (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - documentation: Update Documentation for iommu.passthrough (bsc#1136039). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amd/display: Always allocate initial connector state state (bsc#1111666). - drm/amd/display: Disable ABM before destroy ABM struct (bsc#1111666). - drm/amd/display: Fill prescale_params->scale for RGB565 (bsc#1111666). - drm/amd/display: Fix dc_create failure handling and 666 color depths (bsc#1111666). - drm/amd/display: Increase size of audios array (bsc#1111666). - drm/amd/display: Only enable audio if speaker allocation exists (bsc#1111666). - drm/amd/display: Remove redundant non-zero and overflow check (bsc#1145946). - drm/amd/display: Wait for backlight programming completion in set backlight level (bsc#1111666). - drm/amd/display: fix compilation error (bsc#1111666). - drm/amd/display: num of sw i2c/aux engines less than num of connectors (bsc#1145946). - drm/amd/display: use encoder's engine id to find matched free audio device (bsc#1111666). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE (bsc#1111666). - drm/amdgpu: Add APTX quirk for Dell Latitude 5495 (bsc#1142635) - drm/amdgpu: added support 2nd UVD instance (bsc#1143331). - drm/amdgpu: fix a potential information leaking bug (bsc#1111666). - drm/amdgpu:change VEGA booting with firmware loaded by PSP (bsc#1143331). - drm/amdkfd: Fix a potential memory leak (bsc#1111666). - drm/amdkfd: Fix sdma queue map issue (bsc#1111666). - drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m (bsc#1111666). - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: Also sprinkle irqrestore over early exits (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/edid: parse CEA blocks embedded in DisplayID (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/exynos: fix missing decrement of retry counter (bsc#1111666). - drm/i915/gvt: fix incorrect cache entry for guest page mapping (bsc#1111666). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1051510). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/perf: fix ICL perf register offsets (bsc#1111666). - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix GEN8_MCR_SELECTOR programming (bsc#1111666). - drm/i915: Fix HW readout for crtc_clock in HDMI mode (bsc#1111666). - drm/i915: Fix the TBT AUX power well enabling (bsc#1111666). - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1051510). - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/i915: Revert i915 userptr page lock patch (bsc#1145051) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1111666). - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1111666). - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - edac, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - edac/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - edac/amd64: Adjust printed chip select sizes when interleaved (bsc#1131489). - edac/amd64: Cache secondary Chip Select registers (bsc#1131489). - edac/amd64: Decode syndrome before translating address (bsc#1131489). - edac/amd64: Find Chip Select memory size using Address Mask (bsc#1131489). - edac/amd64: Initialize DIMM info for systems with more than two channels (bsc#1131489). - edac/amd64: Recognize DRAM device type ECC capability (bsc#1131489). - edac/amd64: Recognize x16 symbol size (bsc#1131489). - edac/amd64: Set maximum channel layer size depending on family (bsc#1131489). - edac/amd64: Support asymmetric dual-rank DIMMs (bsc#1131489). - edac/amd64: Support more than two Unified Memory Controllers (bsc#1131489). - edac/amd64: Support more than two controllers for chip selects handling (bsc#1131489). - edac/amd64: Use a macro for iterating over Unified Memory Controllers (bsc#1131489). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - floppy: fix invalid pointer dereference in drive_name (bsc#1111666). - floppy: fix out-of-bounds read in next_valid_format (bsc#1111666). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ia64: Get rid of iommu_pass_through (bsc#1136039). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/amd: Request passthrough mode from IOMMU core (bsc#1136039). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Remove stale cached32_node (bsc#1145018). - iommu/vt-d: Request passthrough mode from IOMMU core (bsc#1136039). - iommu: Add helpers to set/get default domain type (bsc#1136039). - iommu: Disable passthrough mode when SME is active (bsc#1136039). - iommu: Print default domain type on boot (bsc#1136039). - iommu: Remember when default domain type was set on kernel command line (bsc#1136039). - iommu: Set default domain type at runtime (bsc#1136039). - iommu: Use Functions to set default domain type in iommu_set_def_domain_type() (bsc#1136039). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v2m: Add support for Amazon Graviton variant of GICv3+GICv2m (SLE-9332). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iversion: add a routine to update a raw value with a larger one (bsc#1148133). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - ixgbe: fix possible deadlock in ixgbe_service_task() (bsc#1113994). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kABI: Fix kABI for x86 pci-dma code (bsc#1136039). - kabi/severities: Exclude drivers/crypto/ccp/* - kabi/severities: match SLE15 entry ordering. - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: s390: add MSA9 to cpumodel (jsc#SLE-6240). - kvm: s390: add debug logging for cpu model subfunctions (jsc#SLE-6240). - kvm: s390: add deflate conversion facilty to cpu model (jsc#SLE-6240). - kvm: s390: add enhanced sort facilty to cpu model (jsc#SLE-6240 ). - kvm: s390: add vector BCD enhancements facility to cpumodel (jsc#SLE-6240). - kvm: s390: add vector enhancements facility 2 to cpumodel (jsc#SLE-6240). - kvm: s390: enable MSA9 keywrapping functions depending on cpu model (jsc#SLE-6240). - kvm: s390: implement subfunction processor calls (jsc#SLE-6240 ). - kvm: s390: provide query function for instructions returning 32 byte (jsc#SLE-6240). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: ADDR2 support for monmap (bsc#1148133 bsc#1136682). - libceph: add ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: correctly decode ADDR2 addresses in incremental OSD maps (bsc#1148133 bsc#1136682). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: fix sa_family just after reading address (bsc#1148133 bsc#1136682). - libceph: fix unaligned accesses in ceph_entity_addr handling (bsc#1136682). - libceph: fix watch_item_t decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: make ceph_pr_addr take an struct ceph_entity_addr pointer (bsc#1136682). - libceph: preallocate message data items (bsc#1135897). - libceph: rename ceph_encode_addr to ceph_encode_banner_addr (bsc#1148133 bsc#1136682). - libceph: switch osdmap decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: turn on CEPH_FEATURE_MSG_ADDR2 (bsc#1148133 bsc#1136682). - libceph: use TYPE_LEGACY for entity addrs instead of TYPE_NONE (bsc#1148133 bsc#1136682). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - lpfc: fix 12.4.0.0 GPF at boot (bsc#1148308). - mac80211: Correctly set noencrypt for PAE frames (bsc#1111666). - mac80211: Do not memset RXCB prior to PAE intercept (bsc#1111666). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211_hwsim: Fix possible null-pointer dereferences in hwsim_dump_radio_nl() (bsc#1111666). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md: fix invalid stored role for a disk try2 (bsc#1143765). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mlxsw: spectrum: Fix error path in mlxsw_sp_module_init() (bsc#1112374). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm, vmscan: do not special-case slab reclaim when watermarks are boosted (git fixes (mm/vmscan)). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: move MAP_SYNC to asm-generic/mman-common.h (bsc#1148297). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - mmc: sdhci-pci: Fix BYT OCP setting (bsc#1051510). - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5: Fix modify_cq_in alignment (bsc#1103990). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5e: always initialize frag->last_in_page (bsc#1103990 ). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1139020 bsc#1139021). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fix bpf_xdp_adjust_head regression for generic-XDP (bsc#1109837). - net: hns3: Add missing newline at end of file (bsc#1104353 ). - net: hns3: add Asym Pause support to fix autoneg problem (bsc#1104353). - net: hns3: add a check to pointer in error_detected and slot_reset (bsc#1104353). - net: hns3: add aRFS support for PF (bsc#1104353). - net: hns3: add all IMP return code (bsc#1104353). - net: hns3: add check to number of buffer descriptors (bsc#1104353). - net: hns3: add default value for tc_size and tc_offset (bsc#1104353). - net: hns3: add exception handling when enable NIC HW error interrupts (bsc#1104353). - net: hns3: add handling of two bits in MAC tunnel interrupts (bsc#1104353). - net: hns3: add handshake with hardware while doing reset (bsc#1104353). - net: hns3: add opcode about query and clear RAS & MSI-X to special opcode (bsc#1104353). - net: hns3: add recovery for the H/W errors occurred before the HNS dev initialization (bsc#1104353). - net: hns3: add some error checking in hclge_tm module (bsc#1104353). - net: hns3: add support for dump firmware statistics by debugfs (bsc#1104353). - net: hns3: adjust hns3_uninit_phy()'s location in the hns3_client_uninit() (bsc#1104353). - net: hns3: bitwise operator should use unsigned type (bsc#1104353). - net: hns3: change SSU's buffer allocation according to UM (bsc#1104353). - net: hns3: check msg_data before memcpy in hclgevf_send_mbx_msg (bsc#1104353). - net: hns3: clear restting state when initializing HW device (bsc#1104353). - net: hns3: code optimizaition of hclge_handle_hw_ras_error() (bsc#1104353). - net: hns3: delay and separate enabling of NIC and ROCE HW errors (bsc#1104353). - net: hns3: delay ring buffer clearing during reset (bsc#1104353 ). - net: hns3: delay setting of reset level for hw errors until slot_reset is called (bsc#1104353). - net: hns3: delete the redundant user NIC codes (bsc#1104353 ). - net: hns3: do not configure new VLAN ID into VF VLAN table when it's full (bsc#1104353). - net: hns3: enable DCB when TC num is one and pfc_en is non-zero (bsc#1104353). - net: hns3: enable broadcast promisc mode when initializing VF (bsc#1104353). - net: hns3: extract handling of mpf/pf msi-x errors into functions (bsc#1104353). - net: hns3: fix VLAN filter restore issue after reset (bsc#1104353). - net: hns3: fix __QUEUE_STATE_STACK_XOFF not cleared issue (bsc#1104353). - net: hns3: fix a -Wformat-nonliteral compile warning (bsc#1104353). - net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector (bsc#1104353). - net: hns3: fix a statistics issue about l3l4 checksum error (bsc#1104353). - net: hns3: fix avoid unnecessary resetting for the H/W errors which do not require reset (bsc#1104353). - net: hns3: fix compile warning without CONFIG_RFS_ACCEL (bsc#1104353). - net: hns3: fix dereference of ae_dev before it is null checked (bsc#1104353). - net: hns3: fix flow control configure issue for fibre port (bsc#1104353). - net: hns3: fix for dereferencing before null checking (bsc#1104353). - net: hns3: fix for skb leak when doing selftest (bsc#1104353 ). - net: hns3: fix race conditions between reset and module loading & unloading (bsc#1104353). - net: hns3: fix some coding style issues (bsc#1104353 ). - net: hns3: fix wrong size of mailbox responding data (bsc#1104353). - net: hns3: fixes wrong place enabling ROCE HW error when loading (bsc#1104353). - net: hns3: free irq when exit from abnormal branch (bsc#1104353 ). - net: hns3: handle empty unknown interrupt (bsc#1104353 ). - net: hns3: initialize CPU reverse mapping (bsc#1104353 ). - net: hns3: log detail error info of ROCEE ECC and AXI errors (bsc#1104353). - net: hns3: make HW GRO handling compliant with SW GRO (bsc#1104353). - net: hns3: modify handling of out of memory in hclge_err.c (bsc#1104353). - net: hns3: modify hclge_init_client_instance() (bsc#1104353 ). - net: hns3: modify hclgevf_init_client_instance() (bsc#1104353 ). - net: hns3: optimize the CSQ cmd error handling (bsc#1104353 ). - net: hns3: process H/W errors occurred before HNS dev initialization (bsc#1104353). - net: hns3: re-schedule reset task while VF reset fail (bsc#1104353). - net: hns3: refactor PF/VF RSS hash key configuration (bsc#1104353). - net: hns3: refactor hns3_get_new_int_gl function (bsc#1104353 ). - net: hns3: refine the flow director handle (bsc#1104353 ). - net: hns3: remove RXD_VLD check in hns3_handle_bdinfo (bsc#1104353). - net: hns3: remove VF VLAN filter entry inexistent warning print (bsc#1104353). - net: hns3: remove override_pci_need_reset (bsc#1104353 ). - net: hns3: remove redundant core reset (bsc#1104353 ). - net: hns3: remove setting bit of reset_requests when handling mac tunnel interrupts (bsc#1104353). - net: hns3: remove unused linkmode definition (bsc#1104353 ). - net: hns3: replace numa_node_id with numa_mem_id for buffer reusing (bsc#1104353). - net: hns3: set default value for param "type" in hclgevf_bind_ring_to_vector (bsc#1104353). - net: hns3: set maximum length to resp_data_len for exceptional case (bsc#1104353). - net: hns3: set ops to null when unregister ad_dev (bsc#1104353 ). - net: hns3: set the port shaper according to MAC speed (bsc#1104353). - net: hns3: small changes for magic numbers (bsc#1104353 ). - net: hns3: some changes of MSI-X bits in PPU(RCB) (bsc#1104353 ). - net: hns3: some modifications to simplify and optimize code (bsc#1104353). - net: hns3: some variable modification (bsc#1104353). - net: hns3: stop schedule reset service while unloading driver (bsc#1104353). - net: hns3: sync VLAN filter entries when kill VLAN ID failed (bsc#1104353). - net: hns3: trigger VF reset if a VF has an over_8bd_nfe_err (bsc#1104353). - net: hns3: typo in the name of a constant (bsc#1104353 ). - net: hns3: use HCLGEVF_STATE_NIC_REGISTERED to indicate VF NIC client has registered (bsc#1104353). - net: hns3: use HCLGE_STATE_NIC_REGISTERED to indicate PF NIC client has registered (bsc#1104353). - net: hns3: use HCLGE_STATE_ROCE_REGISTERED to indicate PF ROCE client has registered (bsc#1104353). - net: hns3: use macros instead of magic numbers (bsc#1104353 ). - net: hns: add support for vlan TSO (bsc#1104353). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: mvpp2: Do not check for 3 consecutive Idle frames for 10G links (bsc#1119113). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: phylink: Fix flow control for fixed-link (bsc#1119113 ). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500) - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/acpi: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: al: Add Amazon Annapurna Labs PCIe host controller driver (SLE-9332). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/nvdimm: Add an informative message if we fail to allocate altmap block (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/nvdimm: Add support for multibyte read/write for metadata (bsc#1142685 LTC#179509). - powerpc/nvdimm: Pick nearby online node if the device node is not online (bsc#1142685 ltc#179509). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries/scm: Mark the region volatile if cache flush not required (bsc#1142685 LTC#179509). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during Lpm (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bcs#1082635 bcs#1141340 bcs#1143706). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - raid5-cache: Need to do start() part job after adding journal device (git fixes). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - rdma/hns: Add mtr support for mixed multihop addressing (bsc#1104427). - rdma/hns: Bugfix for calculating qp buffer size (bsc#1104427 ). - rdma/hns: Bugfix for filling the sge of srq (bsc#1104427 ). - rdma/hns: Do not stuck in endless timeout loop (bsc#1104427 ). - rdma/hns: Fix an error code in hns_roce_set_user_sq_size() (bsc#1104427). - rdma/hns: Fixs hw access invalid dma memory error (bsc#1104427 ). - rdma/hns: Fixup qp release bug (bsc#1104427). - rdma/hns: Modify ba page size for cqe (bsc#1104427). - rdma/hns: Remove set but not used variable 'fclr_write_fail_flag' (bsc#1104427). - rdma/hns: Remove unnecessary print message in aeq (bsc#1104427 ). - rdma/hns: Replace magic numbers with #defines (bsc#1104427 ). - rdma/hns: Set reset flag when hw resetting (bsc#1104427 ). - rdma/hns: Use %pK format pointer print (bsc#1104427 ). - rdma/hns: fix inverted logic of readl read and shift (bsc#1104427). - rdma/hns: reset function when removing module (bsc#1104427 ). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rtc: pcf8563: Clear event flags and disable interrupts before requesting irq (bsc#1051510). - rtc: pcf8563: Fix interrupt trigger method (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: Avoid implicit enum conversion in bfad_im_post_vendor_event (bsc#1136496 jsc#SLE-4698). - scsi: bfa: Remove unused functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_lport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_rport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_ioc: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: clean up a couple of indentation issues (bsc#1136496 jsc#SLE-4698). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bfa: fix calls to dma_set_mask_and_coherent() (bsc#1136496 jsc#SLE-4698). - scsi: bfa: no need to check return value of debugfs_create functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: remove ScsiResult macro (bsc#1136496 jsc#SLE-4698). - scsi: bfa: use dma_set_mask_and_coherent (bsc#1136496 jsc#SLE-4698). - scsi: bnx2fc: Do not allow both a cleanup completion and abort completion for the same request (bsc#1144582). - scsi: bnx2fc: Fix NULL dereference in error handling (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: Fix error handling in probe() (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Limit the IO size according to the FW capability (bsc#1144582). - scsi: bnx2fc: Only put reference to io_req in bnx2fc_abts_cleanup if cleanup times out (bsc#1144582). - scsi: bnx2fc: Redo setting source FCoE MAC (bsc#1144582). - scsi: bnx2fc: Remove set but not used variable 'oxid' (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Separate out completion flags and variables for abort and cleanup (bsc#1144582). - scsi: bnx2fc: Update the driver version to 2.12.10 (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_rec (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_srr (bsc#1144582). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: bnx2fc: remove unneeded variable (bsc#1136502 jsc#SLE-4703). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue pm status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxgb4i: fix incorrect spelling "reveive" -> "receive" (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: get pf number from lldi->pf (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: validate tcp sequence number only if chip version <= T5 (bsc#1136346 jsc#SLE-4682). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: hisi_sas: Add support for DIX feature for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Change SERDES_CFG init value to increase reliability of HiLink (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Disable stash for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Fix losing directly attached disk when hot-plug (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Ignore the error code between phy down to phy up (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Issue internal abort on all relevant queues (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reduce HISI_SAS_SGE_PAGE_CNT in size (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Use pci_irq_get_affinity() for v3 hw as experimental (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: change queue depth from 512 to 4096 (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: kabi fixes (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: print PHY RX errors count for later revision of v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: send primitive NOTIFY to SSP situation only (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libcxgbi: find cxgbi device by MAC address (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: remove uninitialized variable len (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: update route finding logic (bsc#1136352 jsc#SLE-4687) - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: libsas: kABI protect struct sas_task_slow (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: libsas: only clear phy->in_shutdown after shutdown event done (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: lpfc: Add MDS driver loopback diagnostics support (bsc#1146215). - scsi: lpfc: Add NVMe sequence level error recovery support (bsc#1146215). - scsi: lpfc: Add first and second level hardware revisions to sysfs (bsc#1146215). - scsi: lpfc: Add simple unlikely optimizations to reduce NVME latency (bsc#1146215). - scsi: lpfc: Avoid unused function warnings (bsc#1148308). - scsi: lpfc: Convert timers to use timer_setup() (bsc#1148308). - scsi: lpfc: Default fdmi_on to on (bsc#1148308). - scsi: lpfc: Fix ADISC reception terminating login state if a NVME (bsc#1146215). - scsi: lpfc: Fix BlockGuard enablement on FCoE adapters (bsc#1146215). - scsi: lpfc: Fix ELS field alignments (bsc#1146215). - scsi: lpfc: Fix FLOGI handling across multiple link up/down (bsc#1146215). - scsi: lpfc: Fix Max Frame Size value shown in fdmishow output (bsc#1146215). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1146215). - scsi: lpfc: Fix PLOGI failure with high remoteport count (bsc#1146215). - scsi: lpfc: Fix coverity warnings (bsc#1146215). - scsi: lpfc: Fix crash due to port reset racing vs adapter error (bsc#1146215). - scsi: lpfc: Fix crash on driver unload in wq free (bsc#1146215). - scsi: lpfc: Fix crash when cpu count is 1 and null irq affinity mask (bsc#1146215). - scsi: lpfc: Fix deadlock on host_lock during cable pulls (bsc#1146215). - scsi: lpfc: Fix devices that do not return after devloss followed by (bsc#1146215). - scsi: lpfc: Fix discovery when target has no GID_FT information (bsc#1146215). - scsi: lpfc: Fix error in remote port address change (bsc#1146215). - scsi: lpfc: Fix failure to clear non-zero eq_delay after io rate (bsc#1146215). - scsi: lpfc: Fix hang when downloading fw on port enabled for nvme (bsc#1146215). - scsi: lpfc: Fix irq raising in lpfc_sli_hba_down (bsc#1146215). - scsi: lpfc: Fix issuing init_vpi mbox on SLI-3 card (bsc#1146215). - scsi: lpfc: Fix leak of ELS completions on adapter reset (bsc#1146215). - scsi: lpfc: Fix loss of remote port after devloss due to lack of RPIs (bsc#1146215). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs (bsc#1146215). - scsi: lpfc: Fix nvme first burst module parameter description (bsc#1146215). - scsi: lpfc: Fix nvme sg_seg_cnt display if HBA does not support NVME (bsc#1146215). - scsi: lpfc: Fix nvme target mode ABTSing a received ABTS (bsc#1146215). - scsi: lpfc: Fix oops when fewer hdwqs than cpus (bsc#1146215). - scsi: lpfc: Fix port relogin failure due to GID_FT interaction (bsc#1146215). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1146215). - scsi: lpfc: Fix reported physical link speed on a disabled trunked (bsc#1146215). - scsi: lpfc: Fix reset recovery paths that are not recovering (bsc#1144375). - scsi: lpfc: Fix sg_seg_cnt for HBAs that do not support NVME (bsc#1146215). - scsi: lpfc: Fix sli4 adapter initialization with MSI (bsc#1146215). - scsi: lpfc: Fix too many sg segments spamming in kernel log (bsc#1146215). - scsi: lpfc: Fix upcall to bsg done in non-success cases (bsc#1146215). - scsi: lpfc: Limit xri count for kdump environment (bsc#1146215). - scsi: lpfc: Make some symbols static (bsc#1148308). - scsi: lpfc: Merge per-protocol WQ/CQ pairs into single per-cpu pair (bsc#1146215). - scsi: lpfc: Merge per-protocol WQ/CQ pairs into single per-cpu pair (bsc#1146215). - scsi: lpfc: Migrate to %px and %pf in kernel print calls (bsc#1146215). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: lpfc: Remove set but not used variable 'psli' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'fc_hdr' and 'hw_page_size' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'qp' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'tgtp' (bsc#1148308). - scsi: lpfc: Resolve checker warning for lpfc_new_io_buf() (bsc#1144375). - scsi: lpfc: Support dynamic unbounded SGL lists on G7 hardware (bsc#1146215). - scsi: lpfc: Update lpfc version to 12.4.0.0 (bsc#1146215). - scsi: lpfc: Use dma_zalloc_coherent (bsc#1148308). - scsi: lpfc: add check for loss of ndlp when sending RRQ (bsc#1148308). - scsi: lpfc: change snprintf to scnprintf for possible overflow (bsc#1146215). - scsi: lpfc: correct rcu unlock issue in lpfc_nvme_info_show (bsc#1148308). - scsi: lpfc: lpfc_sli: Mark expected switch fall-throughs (bsc#1148308). - scsi: lpfc: no need to check return value of debugfs_create functions (bsc#1148308). - scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport (bsc#1148308). - scsi: lpfc: nvmet: avoid hang / use-after-free when destroying targetport (bsc#1148308). - scsi: lpfc: remove NULL check before some freeing functions (bsc#1146215). - scsi: lpfc: remove ScsiResult macro (bsc#1148308). - scsi: lpfc: remove a bogus pci_dma_sync_single_for_device call (bsc#1148308). - scsi: lpfc: remove null check on nvmebuf (bsc#1148308). - scsi: lpfc: resolve lockdep warnings (bsc#1148308). - scsi: lpfc: use sg helper to iterate over scatterlist (bsc#1148308). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (bsc#1143962). - scsi: megaraid_sas: Release Mutex lock before OCR in case of DCMD timeout (bsc#1143962). - scsi: mpt3sas: Determine smp affinity on per HBA basis (bsc#1143738). - scsi: mpt3sas: Fix msix load balance on and off settings (bsc#1143738). - scsi: mpt3sas: Mark expected switch fall-through (bsc#1143738). - scsi: mpt3sas: Remove CPU arch check to determine perf_mode (bsc#1143738). - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA (bsc#1143738). - scsi: mpt3sas: Use configured PCIe link speed, not max (bsc#1143738). - scsi: mpt3sas: make driver options visible in sys (bsc#1143738). - scsi: mpt3sas: use DEVICE_ATTR_{RO, RW} (bsc#1143738). - scsi: pmcraid: do not allocate a dma coherent buffer for sense data (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: simplify pmcraid_cancel_all a bit (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use generic DMA API (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use sg helper to iterate over scatterlist (bsc#1135990 jsc#SLE-4709). - scsi: prefix header search paths with $(srctree)/ (bsc#1136346 jsc#SLE-4682). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1143706). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Change a stack variable into a static const variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change data_dsd into an array (bsc#1143706). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1143706). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1143706). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1143706). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1143706). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1143706). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1143706). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1143706). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1143706). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1143706). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1143706). - scsi: qla2xxx: Declare local symbols static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1143706). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1143706). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1143706). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1143706). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1143706). - scsi: qla2xxx: Fix a format specifier (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1143706). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix device staying in blocked state (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1143706). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1143706). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix fw dump corruption (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1143706). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix premature timer expiration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1143706). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1143706). - scsi: qla2xxx: Fix stale session (bsc#1143706). - scsi: qla2xxx: Fix stuck login session (bsc#1143706). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1143706). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1143706). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1143706). - scsi: qla2xxx: Insert spaces where required (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1143706). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1143706). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1143706). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1143706). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1143706). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1143706). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1143706). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1143706). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1143706). - scsi: qla2xxx: Modify NVMe include directives (bsc#1143706). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1143706). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1143706). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1143706). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1143706). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1143706). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1143706). - scsi: qla2xxx: Remove dead code (bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1143706). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove two superfluous casts (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1143706). - scsi: qla2xxx: Remove two superfluous tests (bsc#1143706). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unnecessary null check (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1143706). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1143706). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1143706). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1143706). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1143706). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Simplify a debug statement (bsc#1143706). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1143706). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1143706). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1143706). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister chrdev if module initialization fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1143706). - scsi: qla2xxx: Update two source code comments (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1143706). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1143706). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1143706). - scsi: qla2xxx: Use tabs to indent code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1143706). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1134476). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1134476). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: sas: Convert timers to use timer_setup() (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: target: iscsi: cxgbit: add missing spin_lock_init() (bsc#1136349 jsc#SLE-4685). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sdhci-fujitsu: add support for setting the CMD_DAT_DELAY attribute (bsc#1145256). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - smb: Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - smb: Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - smb: Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - smb: Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - smb: Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - smb: Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - smb: Fix warning messages when mounting to older servers (bsc#1144333). - smb: SMB3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - smb: SMB3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb: SMB311: Fix reconnect (bsc#1051510, bsc#1144333). - smb: SMB311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb: Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - staging: fsl-dpaa2/ethsw: fix memory leak of switchdev_work (bsc#1111666). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Remove duplicate entries - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tools: bpftool: close prog FD before exit on showing a single program (bsc#1109837). - tools: bpftool: fix error message (prog -> object) (bsc#1109837). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix Tpm 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - tracing: store path instead of inode (bsc#1120046, bsc#1146141). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: mark small packets as owned by the tap sock (bsc#1109837). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for Lpm enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: typec: tcpm: Ignore unsupported/unknown alternate mode requests (bsc#1111666). - usb: typec: tcpm: free log buf memory when remove debug file (bsc#1111666). - usb: typec: tcpm: remove tcpm dir if no children (bsc#1111666). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - virtio/s390: fix race on airq_areas (bsc#1145357). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/asm: Remove dead __GNUC__ conditionals (bsc#1112178). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/dma: Get rid of iommu_pass_through (bsc#1136039). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/resctrl: Prevent NULL pointer dereference when local MBM is disabled (bsc#1112178). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xdp: unpin xdp umem pages in error path (bsc#1109837). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). - {nl,mac}80211: fix interface combinations on crypto controlled devices (bsc#1111666). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2424=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2424=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2424=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2424=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2424=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2424=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.18.1 kernel-default-debugsource-4.12.14-197.18.1 kernel-default-extra-4.12.14-197.18.1 kernel-default-extra-debuginfo-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.18.1 kernel-default-debugsource-4.12.14-197.18.1 kernel-obs-qa-4.12.14-197.18.1 kernel-vanilla-4.12.14-197.18.1 kernel-vanilla-base-4.12.14-197.18.1 kernel-vanilla-base-debuginfo-4.12.14-197.18.1 kernel-vanilla-debuginfo-4.12.14-197.18.1 kernel-vanilla-debugsource-4.12.14-197.18.1 kernel-vanilla-devel-4.12.14-197.18.1 kernel-vanilla-devel-debuginfo-4.12.14-197.18.1 kernel-vanilla-livepatch-devel-4.12.14-197.18.1 kselftests-kmp-default-4.12.14-197.18.1 kselftests-kmp-default-debuginfo-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.18.1 kernel-debug-base-4.12.14-197.18.1 kernel-debug-base-debuginfo-4.12.14-197.18.1 kernel-debug-debuginfo-4.12.14-197.18.1 kernel-debug-debugsource-4.12.14-197.18.1 kernel-debug-devel-4.12.14-197.18.1 kernel-debug-devel-debuginfo-4.12.14-197.18.1 kernel-debug-livepatch-devel-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.18.1 dtb-allwinner-4.12.14-197.18.1 dtb-altera-4.12.14-197.18.1 dtb-amd-4.12.14-197.18.1 dtb-amlogic-4.12.14-197.18.1 dtb-apm-4.12.14-197.18.1 dtb-arm-4.12.14-197.18.1 dtb-broadcom-4.12.14-197.18.1 dtb-cavium-4.12.14-197.18.1 dtb-exynos-4.12.14-197.18.1 dtb-freescale-4.12.14-197.18.1 dtb-hisilicon-4.12.14-197.18.1 dtb-lg-4.12.14-197.18.1 dtb-marvell-4.12.14-197.18.1 dtb-mediatek-4.12.14-197.18.1 dtb-nvidia-4.12.14-197.18.1 dtb-qcom-4.12.14-197.18.1 dtb-renesas-4.12.14-197.18.1 dtb-rockchip-4.12.14-197.18.1 dtb-socionext-4.12.14-197.18.1 dtb-sprd-4.12.14-197.18.1 dtb-xilinx-4.12.14-197.18.1 dtb-zte-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.18.1 kernel-source-vanilla-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.18.1 kernel-kvmsmall-base-4.12.14-197.18.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.18.1 kernel-kvmsmall-debuginfo-4.12.14-197.18.1 kernel-kvmsmall-debugsource-4.12.14-197.18.1 kernel-kvmsmall-devel-4.12.14-197.18.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.18.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.18.1 kernel-zfcpdump-debugsource-4.12.14-197.18.1 kernel-zfcpdump-man-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.18.1 kernel-default-debugsource-4.12.14-197.18.1 reiserfs-kmp-default-4.12.14-197.18.1 reiserfs-kmp-default-debuginfo-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.18.1 kernel-obs-build-debugsource-4.12.14-197.18.1 kernel-syms-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.18.1 kernel-source-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.18.1 kernel-default-base-4.12.14-197.18.1 kernel-default-base-debuginfo-4.12.14-197.18.1 kernel-default-debuginfo-4.12.14-197.18.1 kernel-default-debugsource-4.12.14-197.18.1 kernel-default-devel-4.12.14-197.18.1 kernel-default-devel-debuginfo-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.18.1 kernel-macros-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.18.1 kernel-zfcpdump-4.12.14-197.18.1 kernel-zfcpdump-debuginfo-4.12.14-197.18.1 kernel-zfcpdump-debugsource-4.12.14-197.18.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.18.1 cluster-md-kmp-default-debuginfo-4.12.14-197.18.1 dlm-kmp-default-4.12.14-197.18.1 dlm-kmp-default-debuginfo-4.12.14-197.18.1 gfs2-kmp-default-4.12.14-197.18.1 gfs2-kmp-default-debuginfo-4.12.14-197.18.1 kernel-default-debuginfo-4.12.14-197.18.1 kernel-default-debugsource-4.12.14-197.18.1 ocfs2-kmp-default-4.12.14-197.18.1 ocfs2-kmp-default-debuginfo-4.12.14-197.18.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2018-20976.html https://www.suse.com/security/cve/CVE-2018-21008.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-15030.html https://www.suse.com/security/cve/CVE-2019-15031.html https://www.suse.com/security/cve/CVE-2019-15090.html https://www.suse.com/security/cve/CVE-2019-15098.html https://www.suse.com/security/cve/CVE-2019-15099.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-15211.html https://www.suse.com/security/cve/CVE-2019-15212.html https://www.suse.com/security/cve/CVE-2019-15214.html https://www.suse.com/security/cve/CVE-2019-15215.html https://www.suse.com/security/cve/CVE-2019-15216.html https://www.suse.com/security/cve/CVE-2019-15217.html https://www.suse.com/security/cve/CVE-2019-15218.html https://www.suse.com/security/cve/CVE-2019-15219.html https://www.suse.com/security/cve/CVE-2019-15220.html https://www.suse.com/security/cve/CVE-2019-15221.html https://www.suse.com/security/cve/CVE-2019-15222.html https://www.suse.com/security/cve/CVE-2019-15239.html https://www.suse.com/security/cve/CVE-2019-15290.html https://www.suse.com/security/cve/CVE-2019-15292.html https://www.suse.com/security/cve/CVE-2019-15538.html https://www.suse.com/security/cve/CVE-2019-15666.html https://www.suse.com/security/cve/CVE-2019-15902.html https://www.suse.com/security/cve/CVE-2019-15917.html https://www.suse.com/security/cve/CVE-2019-15919.html https://www.suse.com/security/cve/CVE-2019-15920.html https://www.suse.com/security/cve/CVE-2019-15921.html https://www.suse.com/security/cve/CVE-2019-15924.html https://www.suse.com/security/cve/CVE-2019-15926.html https://www.suse.com/security/cve/CVE-2019-15927.html https://www.suse.com/security/cve/CVE-2019-9456.html https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1050911 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1060662 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1061843 https://bugzilla.suse.com/1064597 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066369 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082635 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086103 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113994 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1118689 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120876 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1123959 https://bugzilla.suse.com/1124370 https://bugzilla.suse.com/1129424 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131281 https://bugzilla.suse.com/1131489 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134291 https://bugzilla.suse.com/1134476 https://bugzilla.suse.com/1134881 https://bugzilla.suse.com/1134882 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1135990 https://bugzilla.suse.com/1136039 https://bugzilla.suse.com/1136261 https://bugzilla.suse.com/1136346 https://bugzilla.suse.com/1136349 https://bugzilla.suse.com/1136352 https://bugzilla.suse.com/1136496 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1136502 https://bugzilla.suse.com/1136682 https://bugzilla.suse.com/1137322 https://bugzilla.suse.com/1137323 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1138099 https://bugzilla.suse.com/1138100 https://bugzilla.suse.com/1138539 https://bugzilla.suse.com/1139020 https://bugzilla.suse.com/1139021 https://bugzilla.suse.com/1139101 https://bugzilla.suse.com/1139500 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140426 https://bugzilla.suse.com/1140487 https://bugzilla.suse.com/1141340 https://bugzilla.suse.com/1141450 https://bugzilla.suse.com/1141543 https://bugzilla.suse.com/1141554 https://bugzilla.suse.com/1142019 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142109 https://bugzilla.suse.com/1142117 https://bugzilla.suse.com/1142118 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142496 https://bugzilla.suse.com/1142541 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1143300 https://bugzilla.suse.com/1143331 https://bugzilla.suse.com/1143466 https://bugzilla.suse.com/1143706 https://bugzilla.suse.com/1143738 https://bugzilla.suse.com/1143765 https://bugzilla.suse.com/1143841 https://bugzilla.suse.com/1143843 https://bugzilla.suse.com/1143962 https://bugzilla.suse.com/1144123 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1144375 https://bugzilla.suse.com/1144474 https://bugzilla.suse.com/1144518 https://bugzilla.suse.com/1144582 https://bugzilla.suse.com/1144718 https://bugzilla.suse.com/1144813 https://bugzilla.suse.com/1144880 https://bugzilla.suse.com/1144886 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1144979 https://bugzilla.suse.com/1145010 https://bugzilla.suse.com/1145018 https://bugzilla.suse.com/1145051 https://bugzilla.suse.com/1145059 https://bugzilla.suse.com/1145189 https://bugzilla.suse.com/1145235 https://bugzilla.suse.com/1145256 https://bugzilla.suse.com/1145300 https://bugzilla.suse.com/1145302 https://bugzilla.suse.com/1145357 https://bugzilla.suse.com/1145388 https://bugzilla.suse.com/1145389 https://bugzilla.suse.com/1145390 https://bugzilla.suse.com/1145391 https://bugzilla.suse.com/1145392 https://bugzilla.suse.com/1145393 https://bugzilla.suse.com/1145394 https://bugzilla.suse.com/1145395 https://bugzilla.suse.com/1145396 https://bugzilla.suse.com/1145397 https://bugzilla.suse.com/1145408 https://bugzilla.suse.com/1145409 https://bugzilla.suse.com/1145446 https://bugzilla.suse.com/1145661 https://bugzilla.suse.com/1145678 https://bugzilla.suse.com/1145687 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1145934 https://bugzilla.suse.com/1145937 https://bugzilla.suse.com/1145940 https://bugzilla.suse.com/1145941 https://bugzilla.suse.com/1145942 https://bugzilla.suse.com/1145946 https://bugzilla.suse.com/1146074 https://bugzilla.suse.com/1146084 https://bugzilla.suse.com/1146141 https://bugzilla.suse.com/1146163 https://bugzilla.suse.com/1146215 https://bugzilla.suse.com/1146285 https://bugzilla.suse.com/1146346 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1146352 https://bugzilla.suse.com/1146361 https://bugzilla.suse.com/1146368 https://bugzilla.suse.com/1146376 https://bugzilla.suse.com/1146378 https://bugzilla.suse.com/1146381 https://bugzilla.suse.com/1146391 https://bugzilla.suse.com/1146399 https://bugzilla.suse.com/1146413 https://bugzilla.suse.com/1146425 https://bugzilla.suse.com/1146516 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146524 https://bugzilla.suse.com/1146526 https://bugzilla.suse.com/1146529 https://bugzilla.suse.com/1146531 https://bugzilla.suse.com/1146543 https://bugzilla.suse.com/1146547 https://bugzilla.suse.com/1146550 https://bugzilla.suse.com/1146575 https://bugzilla.suse.com/1146589 https://bugzilla.suse.com/1146678 https://bugzilla.suse.com/1146938 https://bugzilla.suse.com/1148031 https://bugzilla.suse.com/1148032 https://bugzilla.suse.com/1148033 https://bugzilla.suse.com/1148034 https://bugzilla.suse.com/1148035 https://bugzilla.suse.com/1148093 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148192 https://bugzilla.suse.com/1148196 https://bugzilla.suse.com/1148198 https://bugzilla.suse.com/1148202 https://bugzilla.suse.com/1148219 https://bugzilla.suse.com/1148297 https://bugzilla.suse.com/1148303 https://bugzilla.suse.com/1148308 https://bugzilla.suse.com/1148363 https://bugzilla.suse.com/1148379 https://bugzilla.suse.com/1148394 https://bugzilla.suse.com/1148527 https://bugzilla.suse.com/1148570 https://bugzilla.suse.com/1148574 https://bugzilla.suse.com/1148616 https://bugzilla.suse.com/1148617 https://bugzilla.suse.com/1148619 https://bugzilla.suse.com/1148698 https://bugzilla.suse.com/1148859 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149053 https://bugzilla.suse.com/1149083 https://bugzilla.suse.com/1149104 https://bugzilla.suse.com/1149105 https://bugzilla.suse.com/1149106 https://bugzilla.suse.com/1149197 https://bugzilla.suse.com/1149214 https://bugzilla.suse.com/1149224 https://bugzilla.suse.com/1149325 https://bugzilla.suse.com/1149376 https://bugzilla.suse.com/1149413 https://bugzilla.suse.com/1149418 https://bugzilla.suse.com/1149424 https://bugzilla.suse.com/1149522 https://bugzilla.suse.com/1149527 https://bugzilla.suse.com/1149539 https://bugzilla.suse.com/1149552 https://bugzilla.suse.com/1149591 https://bugzilla.suse.com/1149602 https://bugzilla.suse.com/1149612 https://bugzilla.suse.com/1149626 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1149713 https://bugzilla.suse.com/1149940 https://bugzilla.suse.com/1149976 https://bugzilla.suse.com/1150025 https://bugzilla.suse.com/1150033 https://bugzilla.suse.com/1150112 https://bugzilla.suse.com/1150562 https://bugzilla.suse.com/1150727 https://bugzilla.suse.com/1150860 https://bugzilla.suse.com/1150861 https://bugzilla.suse.com/1150933 From sle-updates at lists.suse.com Fri Sep 20 13:42:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 20 Sep 2019 21:42:32 +0200 (CEST) Subject: SUSE-SU-2019:2424-1: important: Security update for the Linux Kernel Message-ID: <20190920194232.7E723F7B3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2424-1 Rating: important References: #1047238 #1050911 #1051510 #1054914 #1055117 #1056686 #1060662 #1061840 #1061843 #1064597 #1064701 #1065600 #1065729 #1066369 #1071009 #1071306 #1078248 #1082555 #1082635 #1085030 #1085536 #1085539 #1086103 #1087092 #1090734 #1091171 #1093205 #1102097 #1103990 #1104353 #1104427 #1104745 #1104902 #1106061 #1106284 #1106434 #1108382 #1109837 #1111666 #1112178 #1112374 #1112894 #1112899 #1112902 #1112903 #1112905 #1112906 #1112907 #1113722 #1113994 #1114279 #1114542 #1118689 #1119086 #1119113 #1120046 #1120876 #1120902 #1123105 #1123959 #1124370 #1129424 #1129519 #1129664 #1131107 #1131281 #1131489 #1131565 #1133021 #1134291 #1134476 #1134881 #1134882 #1135219 #1135642 #1135897 #1135990 #1136039 #1136261 #1136346 #1136349 #1136352 #1136496 #1136498 #1136502 #1136682 #1137322 #1137323 #1137884 #1138099 #1138100 #1138539 #1139020 #1139021 #1139101 #1139500 #1140012 #1140426 #1140487 #1141340 #1141450 #1141543 #1141554 #1142019 #1142076 #1142109 #1142117 #1142118 #1142119 #1142496 #1142541 #1142635 #1142685 #1142701 #1142857 #1143300 #1143331 #1143466 #1143706 #1143738 #1143765 #1143841 #1143843 #1143962 #1144123 #1144333 #1144375 #1144474 #1144518 #1144582 #1144718 #1144813 #1144880 #1144886 #1144912 #1144920 #1144979 #1145010 #1145018 #1145051 #1145059 #1145189 #1145235 #1145256 #1145300 #1145302 #1145357 #1145388 #1145389 #1145390 #1145391 #1145392 #1145393 #1145394 #1145395 #1145396 #1145397 #1145408 #1145409 #1145446 #1145661 #1145678 #1145687 #1145920 #1145922 #1145934 #1145937 #1145940 #1145941 #1145942 #1145946 #1146074 #1146084 #1146141 #1146163 #1146215 #1146285 #1146346 #1146351 #1146352 #1146361 #1146368 #1146376 #1146378 #1146381 #1146391 #1146399 #1146413 #1146425 #1146516 #1146519 #1146524 #1146526 #1146529 #1146531 #1146543 #1146547 #1146550 #1146575 #1146589 #1146678 #1146938 #1148031 #1148032 #1148033 #1148034 #1148035 #1148093 #1148133 #1148192 #1148196 #1148198 #1148202 #1148219 #1148297 #1148303 #1148308 #1148363 #1148379 #1148394 #1148527 #1148570 #1148574 #1148616 #1148617 #1148619 #1148698 #1148859 #1148868 #1149053 #1149083 #1149104 #1149105 #1149106 #1149197 #1149214 #1149224 #1149325 #1149376 #1149413 #1149418 #1149424 #1149522 #1149527 #1149539 #1149552 #1149591 #1149602 #1149612 #1149626 #1149652 #1149713 #1149940 #1149976 #1150025 #1150033 #1150112 #1150562 #1150727 #1150860 #1150861 #1150933 Cross-References: CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 40 vulnerabilities and has 222 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#326869: perf: pmu mem_load/store event support - fate#327380: KVM: Add hardware CPU Model - kernel part - fate#327377: KVM: Support for configurable virtio-crypto - fate#327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times - fate#326472: Marvell Armada 7K/8K Ethernet (incl. 10G) kernel enablement - fate#326416: Hi1620 (Vendor: Huawei): RDMA kernel enablement - fate#326415: Hi1620 (Vendor: Huawei): HNS3 (100G) network kernel enablement The following security bugs were fixed: - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Fixes inverted Conexant GPIO mic mute led (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/ca0132 - Add new SBZ quirk (bsc#1051510). - alsa: hda/realtek - Add quirk for HP Envy x360 (bsc#1051510). - alsa: hda/realtek - Add quirk for HP Pavilion 15 (bsc#1051510). - alsa: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: Fix 1-minute detection delay when i915 module is not available (bsc#1111666). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Add implicit fb quirk for Behringer UFX1604 (bsc#1051510). - alsa: usb-audio: Check mixer unit bitmap yet more strictly (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - alsa: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate() (bsc#1051510). - alsa: usb-audio: fix a memory leak bug (bsc#1111666). - arch: integrate XIVE support (bsc#1085030, bsc#1144518, LTC#178833). - arm64/kernel: enable A53 erratum #8434319 handling at runtime (bsc#1148219). - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1148219). - arm64: fix undefined reference to 'printk' (bsc#1148219). - arm64: kvm: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1148219). - arm64: pci: Preserve firmware configuration when desired (SLE-9332). - arm: (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y - arm: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: kvm: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoc: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoc: dapm: Fix handling of custom_stop_condition on DApm graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath10k: Change the warning message string (bsc#1051510). - ath10k: Drop WARN_ON()s that always trigger during system resume (bsc#1111666). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: Revert "bcache: use sysfs_match_string() instead of __sysfs_match_string()" (git fixes). - bcache: bsc#1144979: kernel oops on reading sysfs cache_mode file - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2fc_fcoe: Use skb_queue_walk_safe() (bsc#1136502 jsc#SLE-4703). - bnx2x: Disable multi-cos feature (bsc#1136498 jsc#SLE-4699). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bnxt_en: Fix VNIC clearing logic for 57500 chips (bsc#1104745 ). - bnxt_en: Fix to include flow direction in L2 key (bsc#1104745 ). - bnxt_en: Improve RX doorbell sequence (bsc#1104745). - bnxt_en: Use correct src_fid to determine direction of the flow (bsc#1104745). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - bpf: sockmap, only create entry if ulp is not already enabled (bsc#1109837). - bpf: sockmap, sock_map_delete needs to use xchg (bsc#1109837). - bpf: sockmap, synchronize_rcu before free'ing map (bsc#1109837). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata "Needless activation of MRAF irq" (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: add btime field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: add ceph.snap.btime vxattr (bsc#1148133 bsc#1148570). - ceph: add change_attr field to ceph_inode_info (bsc#1148133 bsc#1136682). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: carry snapshot creation time with inodes (bsc#1148133 bsc#1148570). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: clear page dirty before invalidate page (bsc#1148133). - ceph: decode feature bits in session message (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix "ceph.dir.rctime" vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix decode_locker to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix infinite loop in get_quota_realm() (bsc#1148133). - ceph: fix invalid opcode (bsc#1148133 bsc#1138539). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: fix listxattr vxattr buffer length calculation (bsc#1148133 bsc#1148570). - ceph: handle btime in cap messages (bsc#1148133 bsc#1136682). - ceph: handle change_attr in cap messages (bsc#1148133 bsc#1136682). - ceph: have MDS map decoding use entity_addr_t decoder (bsc#1148133 bsc#1136682). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: increment change_attribute on local changes (bsc#1148133 bsc#1136682). - ceph: initialize superblock s_time_gran to 1 (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: remove unused vxattr length helpers (bsc#1148133 bsc#1148570). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - config: arm64: Remove CONFIG_ARM64_MODULE_CMODEL_LARGE Option removed by patches in bsc#1148219 - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - crypto: virtio - Read crypto services and algorithm masks (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307). - crypto: virtio - Register an algo only if it's supported (jsc#SLE-5844 jsc#SLE-6331 bsc#1145446 LTC#175307). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: correctly calculate the size of metadata area (git fixes). - dm integrity: fix a crash due to BUG_ON in __journal_read_write() (git fixes). - dm integrity: fix deadlock with overlapping I/O (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - documentation: Update Documentation for iommu.passthrough (bsc#1136039). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amd/display: Always allocate initial connector state state (bsc#1111666). - drm/amd/display: Disable ABM before destroy ABM struct (bsc#1111666). - drm/amd/display: Fill prescale_params->scale for RGB565 (bsc#1111666). - drm/amd/display: Fix dc_create failure handling and 666 color depths (bsc#1111666). - drm/amd/display: Increase size of audios array (bsc#1111666). - drm/amd/display: Only enable audio if speaker allocation exists (bsc#1111666). - drm/amd/display: Remove redundant non-zero and overflow check (bsc#1145946). - drm/amd/display: Wait for backlight programming completion in set backlight level (bsc#1111666). - drm/amd/display: fix compilation error (bsc#1111666). - drm/amd/display: num of sw i2c/aux engines less than num of connectors (bsc#1145946). - drm/amd/display: use encoder's engine id to find matched free audio device (bsc#1111666). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE (bsc#1111666). - drm/amdgpu: Add APTX quirk for Dell Latitude 5495 (bsc#1142635) - drm/amdgpu: added support 2nd UVD instance (bsc#1143331). - drm/amdgpu: fix a potential information leaking bug (bsc#1111666). - drm/amdgpu:change VEGA booting with firmware loaded by PSP (bsc#1143331). - drm/amdkfd: Fix a potential memory leak (bsc#1111666). - drm/amdkfd: Fix sdma queue map issue (bsc#1111666). - drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m (bsc#1111666). - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: Also sprinkle irqrestore over early exits (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/edid: parse CEA blocks embedded in DisplayID (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/exynos: fix missing decrement of retry counter (bsc#1111666). - drm/i915/gvt: fix incorrect cache entry for guest page mapping (bsc#1111666). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1051510). - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/perf: fix ICL perf register offsets (bsc#1111666). - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix GEN8_MCR_SELECTOR programming (bsc#1111666). - drm/i915: Fix HW readout for crtc_clock in HDMI mode (bsc#1111666). - drm/i915: Fix the TBT AUX power well enabling (bsc#1111666). - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1051510). - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/i915: Revert i915 userptr page lock patch (bsc#1145051) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1111666). - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1111666). - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - edac, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - edac/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - edac/amd64: Adjust printed chip select sizes when interleaved (bsc#1131489). - edac/amd64: Cache secondary Chip Select registers (bsc#1131489). - edac/amd64: Decode syndrome before translating address (bsc#1131489). - edac/amd64: Find Chip Select memory size using Address Mask (bsc#1131489). - edac/amd64: Initialize DIMM info for systems with more than two channels (bsc#1131489). - edac/amd64: Recognize DRAM device type ECC capability (bsc#1131489). - edac/amd64: Recognize x16 symbol size (bsc#1131489). - edac/amd64: Set maximum channel layer size depending on family (bsc#1131489). - edac/amd64: Support asymmetric dual-rank DIMMs (bsc#1131489). - edac/amd64: Support more than two Unified Memory Controllers (bsc#1131489). - edac/amd64: Support more than two controllers for chip selects handling (bsc#1131489). - edac/amd64: Use a macro for iterating over Unified Memory Controllers (bsc#1131489). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - floppy: fix invalid pointer dereference in drive_name (bsc#1111666). - floppy: fix out-of-bounds read in next_valid_format (bsc#1111666). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ia64: Get rid of iommu_pass_through (bsc#1136039). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/amd: Request passthrough mode from IOMMU core (bsc#1136039). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Remove stale cached32_node (bsc#1145018). - iommu/vt-d: Request passthrough mode from IOMMU core (bsc#1136039). - iommu: Add helpers to set/get default domain type (bsc#1136039). - iommu: Disable passthrough mode when SME is active (bsc#1136039). - iommu: Print default domain type on boot (bsc#1136039). - iommu: Remember when default domain type was set on kernel command line (bsc#1136039). - iommu: Set default domain type at runtime (bsc#1136039). - iommu: Use Functions to set default domain type in iommu_set_def_domain_type() (bsc#1136039). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v2m: Add support for Amazon Graviton variant of GICv3+GICv2m (SLE-9332). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iversion: add a routine to update a raw value with a larger one (bsc#1148133). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - ixgbe: fix possible deadlock in ixgbe_service_task() (bsc#1113994). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kABI: Fix kABI for x86 pci-dma code (bsc#1136039). - kabi/severities: Exclude drivers/crypto/ccp/* - kabi/severities: match SLE15 entry ordering. - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: s390: add MSA9 to cpumodel (jsc#SLE-6240). - kvm: s390: add debug logging for cpu model subfunctions (jsc#SLE-6240). - kvm: s390: add deflate conversion facilty to cpu model (jsc#SLE-6240). - kvm: s390: add enhanced sort facilty to cpu model (jsc#SLE-6240 ). - kvm: s390: add vector BCD enhancements facility to cpumodel (jsc#SLE-6240). - kvm: s390: add vector enhancements facility 2 to cpumodel (jsc#SLE-6240). - kvm: s390: enable MSA9 keywrapping functions depending on cpu model (jsc#SLE-6240). - kvm: s390: implement subfunction processor calls (jsc#SLE-6240 ). - kvm: s390: provide query function for instructions returning 32 byte (jsc#SLE-6240). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: ADDR2 support for monmap (bsc#1148133 bsc#1136682). - libceph: add ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: correctly decode ADDR2 addresses in incremental OSD maps (bsc#1148133 bsc#1136682). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: fix sa_family just after reading address (bsc#1148133 bsc#1136682). - libceph: fix unaligned accesses in ceph_entity_addr handling (bsc#1136682). - libceph: fix watch_item_t decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: make ceph_pr_addr take an struct ceph_entity_addr pointer (bsc#1136682). - libceph: preallocate message data items (bsc#1135897). - libceph: rename ceph_encode_addr to ceph_encode_banner_addr (bsc#1148133 bsc#1136682). - libceph: switch osdmap decoding to use ceph_decode_entity_addr (bsc#1148133 bsc#1136682). - libceph: turn on CEPH_FEATURE_MSG_ADDR2 (bsc#1148133 bsc#1136682). - libceph: use TYPE_LEGACY for entity addrs instead of TYPE_NONE (bsc#1148133 bsc#1136682). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - lpfc: fix 12.4.0.0 GPF at boot (bsc#1148308). - mac80211: Correctly set noencrypt for PAE frames (bsc#1111666). - mac80211: Do not memset RXCB prior to PAE intercept (bsc#1111666). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211_hwsim: Fix possible null-pointer dereferences in hwsim_dump_radio_nl() (bsc#1111666). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md: fix invalid stored role for a disk try2 (bsc#1143765). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mlxsw: spectrum: Fix error path in mlxsw_sp_module_init() (bsc#1112374). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm, vmscan: do not special-case slab reclaim when watermarks are boosted (git fixes (mm/vmscan)). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: move MAP_SYNC to asm-generic/mman-common.h (bsc#1148297). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - mmc: sdhci-pci: Fix BYT OCP setting (bsc#1051510). - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5: Fix modify_cq_in alignment (bsc#1103990). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5e: always initialize frag->last_in_page (bsc#1103990 ). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1139020 bsc#1139021). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fix bpf_xdp_adjust_head regression for generic-XDP (bsc#1109837). - net: hns3: Add missing newline at end of file (bsc#1104353 ). - net: hns3: add Asym Pause support to fix autoneg problem (bsc#1104353). - net: hns3: add a check to pointer in error_detected and slot_reset (bsc#1104353). - net: hns3: add aRFS support for PF (bsc#1104353). - net: hns3: add all IMP return code (bsc#1104353). - net: hns3: add check to number of buffer descriptors (bsc#1104353). - net: hns3: add default value for tc_size and tc_offset (bsc#1104353). - net: hns3: add exception handling when enable NIC HW error interrupts (bsc#1104353). - net: hns3: add handling of two bits in MAC tunnel interrupts (bsc#1104353). - net: hns3: add handshake with hardware while doing reset (bsc#1104353). - net: hns3: add opcode about query and clear RAS & MSI-X to special opcode (bsc#1104353). - net: hns3: add recovery for the H/W errors occurred before the HNS dev initialization (bsc#1104353). - net: hns3: add some error checking in hclge_tm module (bsc#1104353). - net: hns3: add support for dump firmware statistics by debugfs (bsc#1104353). - net: hns3: adjust hns3_uninit_phy()'s location in the hns3_client_uninit() (bsc#1104353). - net: hns3: bitwise operator should use unsigned type (bsc#1104353). - net: hns3: change SSU's buffer allocation according to UM (bsc#1104353). - net: hns3: check msg_data before memcpy in hclgevf_send_mbx_msg (bsc#1104353). - net: hns3: clear restting state when initializing HW device (bsc#1104353). - net: hns3: code optimizaition of hclge_handle_hw_ras_error() (bsc#1104353). - net: hns3: delay and separate enabling of NIC and ROCE HW errors (bsc#1104353). - net: hns3: delay ring buffer clearing during reset (bsc#1104353 ). - net: hns3: delay setting of reset level for hw errors until slot_reset is called (bsc#1104353). - net: hns3: delete the redundant user NIC codes (bsc#1104353 ). - net: hns3: do not configure new VLAN ID into VF VLAN table when it's full (bsc#1104353). - net: hns3: enable DCB when TC num is one and pfc_en is non-zero (bsc#1104353). - net: hns3: enable broadcast promisc mode when initializing VF (bsc#1104353). - net: hns3: extract handling of mpf/pf msi-x errors into functions (bsc#1104353). - net: hns3: fix VLAN filter restore issue after reset (bsc#1104353). - net: hns3: fix __QUEUE_STATE_STACK_XOFF not cleared issue (bsc#1104353). - net: hns3: fix a -Wformat-nonliteral compile warning (bsc#1104353). - net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector (bsc#1104353). - net: hns3: fix a statistics issue about l3l4 checksum error (bsc#1104353). - net: hns3: fix avoid unnecessary resetting for the H/W errors which do not require reset (bsc#1104353). - net: hns3: fix compile warning without CONFIG_RFS_ACCEL (bsc#1104353). - net: hns3: fix dereference of ae_dev before it is null checked (bsc#1104353). - net: hns3: fix flow control configure issue for fibre port (bsc#1104353). - net: hns3: fix for dereferencing before null checking (bsc#1104353). - net: hns3: fix for skb leak when doing selftest (bsc#1104353 ). - net: hns3: fix race conditions between reset and module loading & unloading (bsc#1104353). - net: hns3: fix some coding style issues (bsc#1104353 ). - net: hns3: fix wrong size of mailbox responding data (bsc#1104353). - net: hns3: fixes wrong place enabling ROCE HW error when loading (bsc#1104353). - net: hns3: free irq when exit from abnormal branch (bsc#1104353 ). - net: hns3: handle empty unknown interrupt (bsc#1104353 ). - net: hns3: initialize CPU reverse mapping (bsc#1104353 ). - net: hns3: log detail error info of ROCEE ECC and AXI errors (bsc#1104353). - net: hns3: make HW GRO handling compliant with SW GRO (bsc#1104353). - net: hns3: modify handling of out of memory in hclge_err.c (bsc#1104353). - net: hns3: modify hclge_init_client_instance() (bsc#1104353 ). - net: hns3: modify hclgevf_init_client_instance() (bsc#1104353 ). - net: hns3: optimize the CSQ cmd error handling (bsc#1104353 ). - net: hns3: process H/W errors occurred before HNS dev initialization (bsc#1104353). - net: hns3: re-schedule reset task while VF reset fail (bsc#1104353). - net: hns3: refactor PF/VF RSS hash key configuration (bsc#1104353). - net: hns3: refactor hns3_get_new_int_gl function (bsc#1104353 ). - net: hns3: refine the flow director handle (bsc#1104353 ). - net: hns3: remove RXD_VLD check in hns3_handle_bdinfo (bsc#1104353). - net: hns3: remove VF VLAN filter entry inexistent warning print (bsc#1104353). - net: hns3: remove override_pci_need_reset (bsc#1104353 ). - net: hns3: remove redundant core reset (bsc#1104353 ). - net: hns3: remove setting bit of reset_requests when handling mac tunnel interrupts (bsc#1104353). - net: hns3: remove unused linkmode definition (bsc#1104353 ). - net: hns3: replace numa_node_id with numa_mem_id for buffer reusing (bsc#1104353). - net: hns3: set default value for param "type" in hclgevf_bind_ring_to_vector (bsc#1104353). - net: hns3: set maximum length to resp_data_len for exceptional case (bsc#1104353). - net: hns3: set ops to null when unregister ad_dev (bsc#1104353 ). - net: hns3: set the port shaper according to MAC speed (bsc#1104353). - net: hns3: small changes for magic numbers (bsc#1104353 ). - net: hns3: some changes of MSI-X bits in PPU(RCB) (bsc#1104353 ). - net: hns3: some modifications to simplify and optimize code (bsc#1104353). - net: hns3: some variable modification (bsc#1104353). - net: hns3: stop schedule reset service while unloading driver (bsc#1104353). - net: hns3: sync VLAN filter entries when kill VLAN ID failed (bsc#1104353). - net: hns3: trigger VF reset if a VF has an over_8bd_nfe_err (bsc#1104353). - net: hns3: typo in the name of a constant (bsc#1104353 ). - net: hns3: use HCLGEVF_STATE_NIC_REGISTERED to indicate VF NIC client has registered (bsc#1104353). - net: hns3: use HCLGE_STATE_NIC_REGISTERED to indicate PF NIC client has registered (bsc#1104353). - net: hns3: use HCLGE_STATE_ROCE_REGISTERED to indicate PF ROCE client has registered (bsc#1104353). - net: hns3: use macros instead of magic numbers (bsc#1104353 ). - net: hns: add support for vlan TSO (bsc#1104353). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: mvpp2: Do not check for 3 consecutive Idle frames for 10G links (bsc#1119113). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: phylink: Fix flow control for fixed-link (bsc#1119113 ). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500) - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/acpi: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: al: Add Amazon Annapurna Labs PCIe host controller driver (SLE-9332). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/nvdimm: Add an informative message if we fail to allocate altmap block (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/nvdimm: Add support for multibyte read/write for metadata (bsc#1142685 LTC#179509). - powerpc/nvdimm: Pick nearby online node if the device node is not online (bsc#1142685 ltc#179509). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries/scm: Mark the region volatile if cache flush not required (bsc#1142685 LTC#179509). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during Lpm (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bcs#1082635 bcs#1141340 bcs#1143706). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - raid5-cache: Need to do start() part job after adding journal device (git fixes). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - rdma/hns: Add mtr support for mixed multihop addressing (bsc#1104427). - rdma/hns: Bugfix for calculating qp buffer size (bsc#1104427 ). - rdma/hns: Bugfix for filling the sge of srq (bsc#1104427 ). - rdma/hns: Do not stuck in endless timeout loop (bsc#1104427 ). - rdma/hns: Fix an error code in hns_roce_set_user_sq_size() (bsc#1104427). - rdma/hns: Fixs hw access invalid dma memory error (bsc#1104427 ). - rdma/hns: Fixup qp release bug (bsc#1104427). - rdma/hns: Modify ba page size for cqe (bsc#1104427). - rdma/hns: Remove set but not used variable 'fclr_write_fail_flag' (bsc#1104427). - rdma/hns: Remove unnecessary print message in aeq (bsc#1104427 ). - rdma/hns: Replace magic numbers with #defines (bsc#1104427 ). - rdma/hns: Set reset flag when hw resetting (bsc#1104427 ). - rdma/hns: Use %pK format pointer print (bsc#1104427 ). - rdma/hns: fix inverted logic of readl read and shift (bsc#1104427). - rdma/hns: reset function when removing module (bsc#1104427 ). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rtc: pcf8563: Clear event flags and disable interrupts before requesting irq (bsc#1051510). - rtc: pcf8563: Fix interrupt trigger method (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: Avoid implicit enum conversion in bfad_im_post_vendor_event (bsc#1136496 jsc#SLE-4698). - scsi: bfa: Remove unused functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_lport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_fcs_rport: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: bfa_ioc: Mark expected switch fall-throughs (bsc#1136496 jsc#SLE-4698). - scsi: bfa: clean up a couple of indentation issues (bsc#1136496 jsc#SLE-4698). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bfa: fix calls to dma_set_mask_and_coherent() (bsc#1136496 jsc#SLE-4698). - scsi: bfa: no need to check return value of debugfs_create functions (bsc#1136496 jsc#SLE-4698). - scsi: bfa: remove ScsiResult macro (bsc#1136496 jsc#SLE-4698). - scsi: bfa: use dma_set_mask_and_coherent (bsc#1136496 jsc#SLE-4698). - scsi: bnx2fc: Do not allow both a cleanup completion and abort completion for the same request (bsc#1144582). - scsi: bnx2fc: Fix NULL dereference in error handling (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: Fix error handling in probe() (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Limit the IO size according to the FW capability (bsc#1144582). - scsi: bnx2fc: Only put reference to io_req in bnx2fc_abts_cleanup if cleanup times out (bsc#1144582). - scsi: bnx2fc: Redo setting source FCoE MAC (bsc#1144582). - scsi: bnx2fc: Remove set but not used variable 'oxid' (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: Separate out completion flags and variables for abort and cleanup (bsc#1144582). - scsi: bnx2fc: Update the driver version to 2.12.10 (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_rec (bsc#1144582). - scsi: bnx2fc: fix bnx2fc_cmd refcount imbalance in send_srr (bsc#1144582). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (bsc#1136502 jsc#SLE-4703). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: bnx2fc: remove unneeded variable (bsc#1136502 jsc#SLE-4703). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue pm status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxgb4i: fix incorrect spelling "reveive" -> "receive" (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: get pf number from lldi->pf (bsc#1136346 jsc#SLE-4682). - scsi: cxgb4i: validate tcp sequence number only if chip version <= T5 (bsc#1136346 jsc#SLE-4682). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: hisi_sas: Add support for DIX feature for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Change SERDES_CFG init value to increase reliability of HiLink (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Disable stash for v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Fix losing directly attached disk when hot-plug (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Ignore the error code between phy down to phy up (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Issue internal abort on all relevant queues (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reduce HISI_SAS_SGE_PAGE_CNT in size (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: Use pci_irq_get_affinity() for v3 hw as experimental (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: change queue depth from 512 to 4096 (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: kabi fixes (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: print PHY RX errors count for later revision of v3 hw (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: send primitive NOTIFY to SSP situation only (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libcxgbi: find cxgbi device by MAC address (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: remove uninitialized variable len (bsc#1136352 jsc#SLE-4687). - scsi: libcxgbi: update route finding logic (bsc#1136352 jsc#SLE-4687) - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: libsas: kABI protect struct sas_task_slow (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: libsas: only clear phy->in_shutdown after shutdown event done (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: lpfc: Add MDS driver loopback diagnostics support (bsc#1146215). - scsi: lpfc: Add NVMe sequence level error recovery support (bsc#1146215). - scsi: lpfc: Add first and second level hardware revisions to sysfs (bsc#1146215). - scsi: lpfc: Add simple unlikely optimizations to reduce NVME latency (bsc#1146215). - scsi: lpfc: Avoid unused function warnings (bsc#1148308). - scsi: lpfc: Convert timers to use timer_setup() (bsc#1148308). - scsi: lpfc: Default fdmi_on to on (bsc#1148308). - scsi: lpfc: Fix ADISC reception terminating login state if a NVME (bsc#1146215). - scsi: lpfc: Fix BlockGuard enablement on FCoE adapters (bsc#1146215). - scsi: lpfc: Fix ELS field alignments (bsc#1146215). - scsi: lpfc: Fix FLOGI handling across multiple link up/down (bsc#1146215). - scsi: lpfc: Fix Max Frame Size value shown in fdmishow output (bsc#1146215). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1146215). - scsi: lpfc: Fix PLOGI failure with high remoteport count (bsc#1146215). - scsi: lpfc: Fix coverity warnings (bsc#1146215). - scsi: lpfc: Fix crash due to port reset racing vs adapter error (bsc#1146215). - scsi: lpfc: Fix crash on driver unload in wq free (bsc#1146215). - scsi: lpfc: Fix crash when cpu count is 1 and null irq affinity mask (bsc#1146215). - scsi: lpfc: Fix deadlock on host_lock during cable pulls (bsc#1146215). - scsi: lpfc: Fix devices that do not return after devloss followed by (bsc#1146215). - scsi: lpfc: Fix discovery when target has no GID_FT information (bsc#1146215). - scsi: lpfc: Fix error in remote port address change (bsc#1146215). - scsi: lpfc: Fix failure to clear non-zero eq_delay after io rate (bsc#1146215). - scsi: lpfc: Fix hang when downloading fw on port enabled for nvme (bsc#1146215). - scsi: lpfc: Fix irq raising in lpfc_sli_hba_down (bsc#1146215). - scsi: lpfc: Fix issuing init_vpi mbox on SLI-3 card (bsc#1146215). - scsi: lpfc: Fix leak of ELS completions on adapter reset (bsc#1146215). - scsi: lpfc: Fix loss of remote port after devloss due to lack of RPIs (bsc#1146215). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs (bsc#1146215). - scsi: lpfc: Fix nvme first burst module parameter description (bsc#1146215). - scsi: lpfc: Fix nvme sg_seg_cnt display if HBA does not support NVME (bsc#1146215). - scsi: lpfc: Fix nvme target mode ABTSing a received ABTS (bsc#1146215). - scsi: lpfc: Fix oops when fewer hdwqs than cpus (bsc#1146215). - scsi: lpfc: Fix port relogin failure due to GID_FT interaction (bsc#1146215). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1146215). - scsi: lpfc: Fix reported physical link speed on a disabled trunked (bsc#1146215). - scsi: lpfc: Fix reset recovery paths that are not recovering (bsc#1144375). - scsi: lpfc: Fix sg_seg_cnt for HBAs that do not support NVME (bsc#1146215). - scsi: lpfc: Fix sli4 adapter initialization with MSI (bsc#1146215). - scsi: lpfc: Fix too many sg segments spamming in kernel log (bsc#1146215). - scsi: lpfc: Fix upcall to bsg done in non-success cases (bsc#1146215). - scsi: lpfc: Limit xri count for kdump environment (bsc#1146215). - scsi: lpfc: Make some symbols static (bsc#1148308). - scsi: lpfc: Merge per-protocol WQ/CQ pairs into single per-cpu pair (bsc#1146215). - scsi: lpfc: Merge per-protocol WQ/CQ pairs into single per-cpu pair (bsc#1146215). - scsi: lpfc: Migrate to %px and %pf in kernel print calls (bsc#1146215). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: lpfc: Remove set but not used variable 'psli' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'fc_hdr' and 'hw_page_size' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'qp' (bsc#1148308). - scsi: lpfc: Remove set but not used variables 'tgtp' (bsc#1148308). - scsi: lpfc: Resolve checker warning for lpfc_new_io_buf() (bsc#1144375). - scsi: lpfc: Support dynamic unbounded SGL lists on G7 hardware (bsc#1146215). - scsi: lpfc: Update lpfc version to 12.4.0.0 (bsc#1146215). - scsi: lpfc: Use dma_zalloc_coherent (bsc#1148308). - scsi: lpfc: add check for loss of ndlp when sending RRQ (bsc#1148308). - scsi: lpfc: change snprintf to scnprintf for possible overflow (bsc#1146215). - scsi: lpfc: correct rcu unlock issue in lpfc_nvme_info_show (bsc#1148308). - scsi: lpfc: lpfc_sli: Mark expected switch fall-throughs (bsc#1148308). - scsi: lpfc: no need to check return value of debugfs_create functions (bsc#1148308). - scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport (bsc#1148308). - scsi: lpfc: nvmet: avoid hang / use-after-free when destroying targetport (bsc#1148308). - scsi: lpfc: remove NULL check before some freeing functions (bsc#1146215). - scsi: lpfc: remove ScsiResult macro (bsc#1148308). - scsi: lpfc: remove a bogus pci_dma_sync_single_for_device call (bsc#1148308). - scsi: lpfc: remove null check on nvmebuf (bsc#1148308). - scsi: lpfc: resolve lockdep warnings (bsc#1148308). - scsi: lpfc: use sg helper to iterate over scatterlist (bsc#1148308). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (bsc#1143962). - scsi: megaraid_sas: Release Mutex lock before OCR in case of DCMD timeout (bsc#1143962). - scsi: mpt3sas: Determine smp affinity on per HBA basis (bsc#1143738). - scsi: mpt3sas: Fix msix load balance on and off settings (bsc#1143738). - scsi: mpt3sas: Mark expected switch fall-through (bsc#1143738). - scsi: mpt3sas: Remove CPU arch check to determine perf_mode (bsc#1143738). - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA (bsc#1143738). - scsi: mpt3sas: Use configured PCIe link speed, not max (bsc#1143738). - scsi: mpt3sas: make driver options visible in sys (bsc#1143738). - scsi: mpt3sas: use DEVICE_ATTR_{RO, RW} (bsc#1143738). - scsi: pmcraid: do not allocate a dma coherent buffer for sense data (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: simplify pmcraid_cancel_all a bit (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use generic DMA API (bsc#1135990 jsc#SLE-4709). - scsi: pmcraid: use sg helper to iterate over scatterlist (bsc#1135990 jsc#SLE-4709). - scsi: prefix header search paths with $(srctree)/ (bsc#1136346 jsc#SLE-4682). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1143706). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Change a stack variable into a static const variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Change data_dsd into an array (bsc#1143706). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1143706). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1143706). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1143706). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1143706). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1143706). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1143706). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1143706). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1143706). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1143706). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1143706). - scsi: qla2xxx: Declare local symbols static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1143706). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1143706). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1143706). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1143706). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1143706). - scsi: qla2xxx: Fix a format specifier (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1143706). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix device staying in blocked state (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1143706). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1143706). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix fw dump corruption (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1143706). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix premature timer expiration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1143706). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1143706). - scsi: qla2xxx: Fix stale session (bsc#1143706). - scsi: qla2xxx: Fix stuck login session (bsc#1143706). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1143706). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1143706). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1143706). - scsi: qla2xxx: Insert spaces where required (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1143706). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1143706). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1143706). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1143706). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1143706). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1143706). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1143706). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1143706). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1143706). - scsi: qla2xxx: Modify NVMe include directives (bsc#1143706). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1143706). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1143706). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1143706). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1143706). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1143706). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1143706). - scsi: qla2xxx: Remove dead code (bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1143706). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove two superfluous casts (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1143706). - scsi: qla2xxx: Remove two superfluous tests (bsc#1143706). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unnecessary null check (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1143706). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1143706). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1143706). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1143706). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1143706). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Simplify a debug statement (bsc#1143706). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1143706). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1143706). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1143706). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1143706). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister chrdev if module initialization fails (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1143706). - scsi: qla2xxx: Update two source code comments (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1143706). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1143706). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1143706). - scsi: qla2xxx: Use tabs to indent code (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1143706). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1134476). - scsi: qla2xxx: fix spelling mistake "alredy" -> "already" (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1134476). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: sas: Convert timers to use timer_setup() (bsc#1137322 bsc#1137323 bsc#1138099 bsc#1138100). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: target: iscsi: cxgbit: add missing spin_lock_init() (bsc#1136349 jsc#SLE-4685). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1082635 bsc#1141340 bsc#1143706). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sdhci-fujitsu: add support for setting the CMD_DAT_DELAY attribute (bsc#1145256). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - smb: Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - smb: Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - smb: Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - smb: Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - smb: Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - smb: Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - smb: Fix warning messages when mounting to older servers (bsc#1144333). - smb: SMB3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - smb: SMB3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb: SMB311: Fix reconnect (bsc#1051510, bsc#1144333). - smb: SMB311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb: Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - staging: fsl-dpaa2/ethsw: fix memory leak of switchdev_work (bsc#1111666). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Remove duplicate entries - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tools: bpftool: close prog FD before exit on showing a single program (bsc#1109837). - tools: bpftool: fix error message (prog -> object) (bsc#1109837). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix Tpm 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - tracing: store path instead of inode (bsc#1120046, bsc#1146141). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: mark small packets as owned by the tap sock (bsc#1109837). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for Lpm enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear "suspended" on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: typec: tcpm: Ignore unsupported/unknown alternate mode requests (bsc#1111666). - usb: typec: tcpm: free log buf memory when remove debug file (bsc#1111666). - usb: typec: tcpm: remove tcpm dir if no children (bsc#1111666). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - virtio/s390: fix race on airq_areas (bsc#1145357). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/asm: Remove dead __GNUC__ conditionals (bsc#1112178). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/dma: Get rid of iommu_pass_through (bsc#1136039). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/resctrl: Prevent NULL pointer dereference when local MBM is disabled (bsc#1112178). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xdp: unpin xdp umem pages in error path (bsc#1109837). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). - {nl,mac}80211: fix interface combinations on crypto controlled devices (bsc#1111666). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2424=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2424=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2424=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2424=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2424=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2424=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-2424=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.18.1 kernel-default-debugsource-4.12.14-197.18.1 kernel-default-extra-4.12.14-197.18.1 kernel-default-extra-debuginfo-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.18.1 kernel-default-debugsource-4.12.14-197.18.1 kernel-obs-qa-4.12.14-197.18.1 kernel-vanilla-4.12.14-197.18.1 kernel-vanilla-base-4.12.14-197.18.1 kernel-vanilla-base-debuginfo-4.12.14-197.18.1 kernel-vanilla-debuginfo-4.12.14-197.18.1 kernel-vanilla-debugsource-4.12.14-197.18.1 kernel-vanilla-devel-4.12.14-197.18.1 kernel-vanilla-devel-debuginfo-4.12.14-197.18.1 kernel-vanilla-livepatch-devel-4.12.14-197.18.1 kselftests-kmp-default-4.12.14-197.18.1 kselftests-kmp-default-debuginfo-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64): kernel-debug-4.12.14-197.18.1 kernel-debug-base-4.12.14-197.18.1 kernel-debug-base-debuginfo-4.12.14-197.18.1 kernel-debug-debuginfo-4.12.14-197.18.1 kernel-debug-debugsource-4.12.14-197.18.1 kernel-debug-devel-4.12.14-197.18.1 kernel-debug-devel-debuginfo-4.12.14-197.18.1 kernel-debug-livepatch-devel-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x): kernel-default-livepatch-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): dtb-al-4.12.14-197.18.1 dtb-allwinner-4.12.14-197.18.1 dtb-altera-4.12.14-197.18.1 dtb-amd-4.12.14-197.18.1 dtb-amlogic-4.12.14-197.18.1 dtb-apm-4.12.14-197.18.1 dtb-arm-4.12.14-197.18.1 dtb-broadcom-4.12.14-197.18.1 dtb-cavium-4.12.14-197.18.1 dtb-exynos-4.12.14-197.18.1 dtb-freescale-4.12.14-197.18.1 dtb-hisilicon-4.12.14-197.18.1 dtb-lg-4.12.14-197.18.1 dtb-marvell-4.12.14-197.18.1 dtb-mediatek-4.12.14-197.18.1 dtb-nvidia-4.12.14-197.18.1 dtb-qcom-4.12.14-197.18.1 dtb-renesas-4.12.14-197.18.1 dtb-rockchip-4.12.14-197.18.1 dtb-socionext-4.12.14-197.18.1 dtb-sprd-4.12.14-197.18.1 dtb-xilinx-4.12.14-197.18.1 dtb-zte-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): kernel-docs-html-4.12.14-197.18.1 kernel-source-vanilla-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): kernel-kvmsmall-4.12.14-197.18.1 kernel-kvmsmall-base-4.12.14-197.18.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.18.1 kernel-kvmsmall-debuginfo-4.12.14-197.18.1 kernel-kvmsmall-debugsource-4.12.14-197.18.1 kernel-kvmsmall-devel-4.12.14-197.18.1 kernel-kvmsmall-devel-debuginfo-4.12.14-197.18.1 kernel-kvmsmall-livepatch-devel-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): kernel-zfcpdump-debuginfo-4.12.14-197.18.1 kernel-zfcpdump-debugsource-4.12.14-197.18.1 kernel-zfcpdump-man-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.18.1 kernel-default-debugsource-4.12.14-197.18.1 kernel-default-livepatch-4.12.14-197.18.1 kernel-default-livepatch-devel-4.12.14-197.18.1 kernel-livepatch-4_12_14-197_18-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.18.1 kernel-default-debugsource-4.12.14-197.18.1 reiserfs-kmp-default-4.12.14-197.18.1 reiserfs-kmp-default-debuginfo-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.18.1 kernel-obs-build-debugsource-4.12.14-197.18.1 kernel-syms-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.18.1 kernel-source-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.18.1 kernel-default-base-4.12.14-197.18.1 kernel-default-base-debuginfo-4.12.14-197.18.1 kernel-default-debuginfo-4.12.14-197.18.1 kernel-default-debugsource-4.12.14-197.18.1 kernel-default-devel-4.12.14-197.18.1 kernel-default-devel-debuginfo-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.18.1 kernel-macros-4.12.14-197.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.18.1 kernel-zfcpdump-4.12.14-197.18.1 kernel-zfcpdump-debuginfo-4.12.14-197.18.1 kernel-zfcpdump-debugsource-4.12.14-197.18.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.18.1 cluster-md-kmp-default-debuginfo-4.12.14-197.18.1 dlm-kmp-default-4.12.14-197.18.1 dlm-kmp-default-debuginfo-4.12.14-197.18.1 gfs2-kmp-default-4.12.14-197.18.1 gfs2-kmp-default-debuginfo-4.12.14-197.18.1 kernel-default-debuginfo-4.12.14-197.18.1 kernel-default-debugsource-4.12.14-197.18.1 ocfs2-kmp-default-4.12.14-197.18.1 ocfs2-kmp-default-debuginfo-4.12.14-197.18.1 References: https://www.suse.com/security/cve/CVE-2017-18551.html https://www.suse.com/security/cve/CVE-2018-20976.html https://www.suse.com/security/cve/CVE-2018-21008.html https://www.suse.com/security/cve/CVE-2019-10207.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14835.html https://www.suse.com/security/cve/CVE-2019-15030.html https://www.suse.com/security/cve/CVE-2019-15031.html https://www.suse.com/security/cve/CVE-2019-15090.html https://www.suse.com/security/cve/CVE-2019-15098.html https://www.suse.com/security/cve/CVE-2019-15099.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-15118.html https://www.suse.com/security/cve/CVE-2019-15211.html https://www.suse.com/security/cve/CVE-2019-15212.html https://www.suse.com/security/cve/CVE-2019-15214.html https://www.suse.com/security/cve/CVE-2019-15215.html https://www.suse.com/security/cve/CVE-2019-15216.html https://www.suse.com/security/cve/CVE-2019-15217.html https://www.suse.com/security/cve/CVE-2019-15218.html https://www.suse.com/security/cve/CVE-2019-15219.html https://www.suse.com/security/cve/CVE-2019-15220.html https://www.suse.com/security/cve/CVE-2019-15221.html https://www.suse.com/security/cve/CVE-2019-15222.html https://www.suse.com/security/cve/CVE-2019-15239.html https://www.suse.com/security/cve/CVE-2019-15290.html https://www.suse.com/security/cve/CVE-2019-15292.html https://www.suse.com/security/cve/CVE-2019-15538.html https://www.suse.com/security/cve/CVE-2019-15666.html https://www.suse.com/security/cve/CVE-2019-15902.html https://www.suse.com/security/cve/CVE-2019-15917.html https://www.suse.com/security/cve/CVE-2019-15919.html https://www.suse.com/security/cve/CVE-2019-15920.html https://www.suse.com/security/cve/CVE-2019-15921.html https://www.suse.com/security/cve/CVE-2019-15924.html https://www.suse.com/security/cve/CVE-2019-15926.html https://www.suse.com/security/cve/CVE-2019-15927.html https://www.suse.com/security/cve/CVE-2019-9456.html https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1050911 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1054914 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1060662 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1061843 https://bugzilla.suse.com/1064597 https://bugzilla.suse.com/1064701 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066369 https://bugzilla.suse.com/1071009 https://bugzilla.suse.com/1071306 https://bugzilla.suse.com/1078248 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1082635 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1085539 https://bugzilla.suse.com/1086103 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090734 https://bugzilla.suse.com/1091171 https://bugzilla.suse.com/1093205 https://bugzilla.suse.com/1102097 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1104353 https://bugzilla.suse.com/1104427 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1104902 https://bugzilla.suse.com/1106061 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106434 https://bugzilla.suse.com/1108382 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1112894 https://bugzilla.suse.com/1112899 https://bugzilla.suse.com/1112902 https://bugzilla.suse.com/1112903 https://bugzilla.suse.com/1112905 https://bugzilla.suse.com/1112906 https://bugzilla.suse.com/1112907 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113994 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1118689 https://bugzilla.suse.com/1119086 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1120046 https://bugzilla.suse.com/1120876 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1123105 https://bugzilla.suse.com/1123959 https://bugzilla.suse.com/1124370 https://bugzilla.suse.com/1129424 https://bugzilla.suse.com/1129519 https://bugzilla.suse.com/1129664 https://bugzilla.suse.com/1131107 https://bugzilla.suse.com/1131281 https://bugzilla.suse.com/1131489 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1134291 https://bugzilla.suse.com/1134476 https://bugzilla.suse.com/1134881 https://bugzilla.suse.com/1134882 https://bugzilla.suse.com/1135219 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1135990 https://bugzilla.suse.com/1136039 https://bugzilla.suse.com/1136261 https://bugzilla.suse.com/1136346 https://bugzilla.suse.com/1136349 https://bugzilla.suse.com/1136352 https://bugzilla.suse.com/1136496 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1136502 https://bugzilla.suse.com/1136682 https://bugzilla.suse.com/1137322 https://bugzilla.suse.com/1137323 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1138099 https://bugzilla.suse.com/1138100 https://bugzilla.suse.com/1138539 https://bugzilla.suse.com/1139020 https://bugzilla.suse.com/1139021 https://bugzilla.suse.com/1139101 https://bugzilla.suse.com/1139500 https://bugzilla.suse.com/1140012 https://bugzilla.suse.com/1140426 https://bugzilla.suse.com/1140487 https://bugzilla.suse.com/1141340 https://bugzilla.suse.com/1141450 https://bugzilla.suse.com/1141543 https://bugzilla.suse.com/1141554 https://bugzilla.suse.com/1142019 https://bugzilla.suse.com/1142076 https://bugzilla.suse.com/1142109 https://bugzilla.suse.com/1142117 https://bugzilla.suse.com/1142118 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142496 https://bugzilla.suse.com/1142541 https://bugzilla.suse.com/1142635 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142857 https://bugzilla.suse.com/1143300 https://bugzilla.suse.com/1143331 https://bugzilla.suse.com/1143466 https://bugzilla.suse.com/1143706 https://bugzilla.suse.com/1143738 https://bugzilla.suse.com/1143765 https://bugzilla.suse.com/1143841 https://bugzilla.suse.com/1143843 https://bugzilla.suse.com/1143962 https://bugzilla.suse.com/1144123 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1144375 https://bugzilla.suse.com/1144474 https://bugzilla.suse.com/1144518 https://bugzilla.suse.com/1144582 https://bugzilla.suse.com/1144718 https://bugzilla.suse.com/1144813 https://bugzilla.suse.com/1144880 https://bugzilla.suse.com/1144886 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1144920 https://bugzilla.suse.com/1144979 https://bugzilla.suse.com/1145010 https://bugzilla.suse.com/1145018 https://bugzilla.suse.com/1145051 https://bugzilla.suse.com/1145059 https://bugzilla.suse.com/1145189 https://bugzilla.suse.com/1145235 https://bugzilla.suse.com/1145256 https://bugzilla.suse.com/1145300 https://bugzilla.suse.com/1145302 https://bugzilla.suse.com/1145357 https://bugzilla.suse.com/1145388 https://bugzilla.suse.com/1145389 https://bugzilla.suse.com/1145390 https://bugzilla.suse.com/1145391 https://bugzilla.suse.com/1145392 https://bugzilla.suse.com/1145393 https://bugzilla.suse.com/1145394 https://bugzilla.suse.com/1145395 https://bugzilla.suse.com/1145396 https://bugzilla.suse.com/1145397 https://bugzilla.suse.com/1145408 https://bugzilla.suse.com/1145409 https://bugzilla.suse.com/1145446 https://bugzilla.suse.com/1145661 https://bugzilla.suse.com/1145678 https://bugzilla.suse.com/1145687 https://bugzilla.suse.com/1145920 https://bugzilla.suse.com/1145922 https://bugzilla.suse.com/1145934 https://bugzilla.suse.com/1145937 https://bugzilla.suse.com/1145940 https://bugzilla.suse.com/1145941 https://bugzilla.suse.com/1145942 https://bugzilla.suse.com/1145946 https://bugzilla.suse.com/1146074 https://bugzilla.suse.com/1146084 https://bugzilla.suse.com/1146141 https://bugzilla.suse.com/1146163 https://bugzilla.suse.com/1146215 https://bugzilla.suse.com/1146285 https://bugzilla.suse.com/1146346 https://bugzilla.suse.com/1146351 https://bugzilla.suse.com/1146352 https://bugzilla.suse.com/1146361 https://bugzilla.suse.com/1146368 https://bugzilla.suse.com/1146376 https://bugzilla.suse.com/1146378 https://bugzilla.suse.com/1146381 https://bugzilla.suse.com/1146391 https://bugzilla.suse.com/1146399 https://bugzilla.suse.com/1146413 https://bugzilla.suse.com/1146425 https://bugzilla.suse.com/1146516 https://bugzilla.suse.com/1146519 https://bugzilla.suse.com/1146524 https://bugzilla.suse.com/1146526 https://bugzilla.suse.com/1146529 https://bugzilla.suse.com/1146531 https://bugzilla.suse.com/1146543 https://bugzilla.suse.com/1146547 https://bugzilla.suse.com/1146550 https://bugzilla.suse.com/1146575 https://bugzilla.suse.com/1146589 https://bugzilla.suse.com/1146678 https://bugzilla.suse.com/1146938 https://bugzilla.suse.com/1148031 https://bugzilla.suse.com/1148032 https://bugzilla.suse.com/1148033 https://bugzilla.suse.com/1148034 https://bugzilla.suse.com/1148035 https://bugzilla.suse.com/1148093 https://bugzilla.suse.com/1148133 https://bugzilla.suse.com/1148192 https://bugzilla.suse.com/1148196 https://bugzilla.suse.com/1148198 https://bugzilla.suse.com/1148202 https://bugzilla.suse.com/1148219 https://bugzilla.suse.com/1148297 https://bugzilla.suse.com/1148303 https://bugzilla.suse.com/1148308 https://bugzilla.suse.com/1148363 https://bugzilla.suse.com/1148379 https://bugzilla.suse.com/1148394 https://bugzilla.suse.com/1148527 https://bugzilla.suse.com/1148570 https://bugzilla.suse.com/1148574 https://bugzilla.suse.com/1148616 https://bugzilla.suse.com/1148617 https://bugzilla.suse.com/1148619 https://bugzilla.suse.com/1148698 https://bugzilla.suse.com/1148859 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1149053 https://bugzilla.suse.com/1149083 https://bugzilla.suse.com/1149104 https://bugzilla.suse.com/1149105 https://bugzilla.suse.com/1149106 https://bugzilla.suse.com/1149197 https://bugzilla.suse.com/1149214 https://bugzilla.suse.com/1149224 https://bugzilla.suse.com/1149325 https://bugzilla.suse.com/1149376 https://bugzilla.suse.com/1149413 https://bugzilla.suse.com/1149418 https://bugzilla.suse.com/1149424 https://bugzilla.suse.com/1149522 https://bugzilla.suse.com/1149527 https://bugzilla.suse.com/1149539 https://bugzilla.suse.com/1149552 https://bugzilla.suse.com/1149591 https://bugzilla.suse.com/1149602 https://bugzilla.suse.com/1149612 https://bugzilla.suse.com/1149626 https://bugzilla.suse.com/1149652 https://bugzilla.suse.com/1149713 https://bugzilla.suse.com/1149940 https://bugzilla.suse.com/1149976 https://bugzilla.suse.com/1150025 https://bugzilla.suse.com/1150033 https://bugzilla.suse.com/1150112 https://bugzilla.suse.com/1150562 https://bugzilla.suse.com/1150727 https://bugzilla.suse.com/1150860 https://bugzilla.suse.com/1150861 https://bugzilla.suse.com/1150933 From sle-updates at lists.suse.com Fri Sep 20 16:10:47 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Sep 2019 00:10:47 +0200 (CEST) Subject: SUSE-SU-2019:2425-1: important: Security update for nmap Message-ID: <20190920221048.02FDFF7B3@maintenance.suse.de> SUSE Security Update: Security update for nmap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2425-1 Rating: important References: #1135350 #1148742 Cross-References: CVE-2017-18594 CVE-2018-15173 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nmap fixes the following issues: Security issue fixed: - CVE-2017-18594: Fixed a denial of service condition due to a double free when an SSH connection fails. (bsc#1148742) Non-security issue fixed: - Fixed a regression in the version scanner caused, by the fix for CVE-2018-15173. (bsc#1135350) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2425=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2425=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2425=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2425=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2425=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): nmap-debuginfo-7.70-3.12.1 nmap-debugsource-7.70-3.12.1 nping-7.70-3.12.1 nping-debuginfo-7.70-3.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ncat-7.70-3.12.1 ncat-debuginfo-7.70-3.12.1 ndiff-7.70-3.12.1 nmap-debuginfo-7.70-3.12.1 nmap-debugsource-7.70-3.12.1 nping-7.70-3.12.1 nping-debuginfo-7.70-3.12.1 zenmap-7.70-3.12.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ncat-7.70-3.12.1 ncat-debuginfo-7.70-3.12.1 ndiff-7.70-3.12.1 nmap-debuginfo-7.70-3.12.1 nmap-debugsource-7.70-3.12.1 nping-7.70-3.12.1 nping-debuginfo-7.70-3.12.1 zenmap-7.70-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nmap-7.70-3.12.1 nmap-debuginfo-7.70-3.12.1 nmap-debugsource-7.70-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): nmap-7.70-3.12.1 nmap-debuginfo-7.70-3.12.1 nmap-debugsource-7.70-3.12.1 References: https://www.suse.com/security/cve/CVE-2017-18594.html https://www.suse.com/security/cve/CVE-2018-15173.html https://bugzilla.suse.com/1135350 https://bugzilla.suse.com/1148742 From sle-updates at lists.suse.com Fri Sep 20 16:11:44 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Sep 2019 00:11:44 +0200 (CEST) Subject: SUSE-SU-2019:2427-1: important: Security update for ibus Message-ID: <20190920221144.06F6BF7B3@maintenance.suse.de> SUSE Security Update: Security update for ibus ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2427-1 Rating: important References: #1150011 Cross-References: CVE-2019-14822 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ibus fixes the following issues: - CVE-2019-14822: Fixed misconfiguration of the DBus server allows to unprivileged user could monitor and send method calls to the ibus bus of another user (bsc#1150011). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2427=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2427=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python-ibus-1.5.19-8.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): ibus-debugsource-1.5.19-8.3.1 ibus-gtk-32bit-1.5.19-8.3.1 ibus-gtk-32bit-debuginfo-1.5.19-8.3.1 ibus-gtk3-32bit-1.5.19-8.3.1 ibus-gtk3-32bit-debuginfo-1.5.19-8.3.1 libibus-1_0-5-32bit-1.5.19-8.3.1 libibus-1_0-5-32bit-debuginfo-1.5.19-8.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): ibus-1.5.19-8.3.1 ibus-debuginfo-1.5.19-8.3.1 ibus-debugsource-1.5.19-8.3.1 ibus-devel-1.5.19-8.3.1 ibus-gtk-1.5.19-8.3.1 ibus-gtk-debuginfo-1.5.19-8.3.1 ibus-gtk3-1.5.19-8.3.1 ibus-gtk3-debuginfo-1.5.19-8.3.1 libibus-1_0-5-1.5.19-8.3.1 libibus-1_0-5-debuginfo-1.5.19-8.3.1 typelib-1_0-IBus-1_0-1.5.19-8.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): ibus-lang-1.5.19-8.3.1 References: https://www.suse.com/security/cve/CVE-2019-14822.html https://bugzilla.suse.com/1150011 From sle-updates at lists.suse.com Fri Sep 20 16:12:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Sep 2019 00:12:33 +0200 (CEST) Subject: SUSE-RU-2019:2423-1: moderate: Recommended update for aaa_base Message-ID: <20190920221233.543D2F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2423-1 Rating: moderate References: #1146866 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2423=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2423=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2423=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2423=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2423=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2423=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.15.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.15.1 aaa_base-wsl-84.87+git20180409.04c9dae-3.15.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.15.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.15.1 aaa_base-wsl-84.87+git20180409.04c9dae-3.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.15.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.15.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.15.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.15.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.15.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.15.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.15.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.15.1 aaa_base-extras-84.87+git20180409.04c9dae-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.15.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.15.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.15.1 aaa_base-extras-84.87+git20180409.04c9dae-3.15.1 References: https://bugzilla.suse.com/1146866 From sle-updates at lists.suse.com Fri Sep 20 16:13:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Sep 2019 00:13:17 +0200 (CEST) Subject: SUSE-RU-2019:2421-1: moderate: Recommended update for python-urllib3 Message-ID: <20190920221317.EF2E9F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2421-1 Rating: moderate References: #1150895 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-urllib3 fixes the following issues: - Add missing dependency on python-six (bsc#1150895) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2421=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): python2-urllib3-1.22-6.7.1 python3-urllib3-1.22-6.7.1 References: https://bugzilla.suse.com/1150895 From sle-updates at lists.suse.com Fri Sep 20 16:13:58 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 21 Sep 2019 00:13:58 +0200 (CEST) Subject: SUSE-SU-2019:2426-1: important: Security update for nmap Message-ID: <20190920221358.77D30F7B3@maintenance.suse.de> SUSE Security Update: Security update for nmap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2426-1 Rating: important References: #1135350 Cross-References: CVE-2018-15173 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nmap fixes the following issues: - Fixed a regression in the version scanner, caused by the fix for CVE-2018-15173. (bsc#1135350) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2426=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): nmap-6.46-3.6.1 nmap-debuginfo-6.46-3.6.1 nmap-debugsource-6.46-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-15173.html https://bugzilla.suse.com/1135350 From sle-updates at lists.suse.com Mon Sep 23 07:12:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Sep 2019 15:12:17 +0200 (CEST) Subject: SUSE-RU-2019:2434-1: moderate: Recommended update for sbd Message-ID: <20190923131217.AFD01F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2434-1 Rating: moderate References: #1128059 #1134496 #1140065 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - sbd-cluster: Fix 100% CPU usage when CMAP connection is lost. (bsc#1140065, SOC-8774) - Update to version 1.4.0+20190514.e9be8d9: - sbd-inquisitor: Avoid flooding logs with messages that hint the default/configured timeout action. (bsc#1134496) - Update to version 1.4.0+20190416.5e3283c: - sbd-inquisitor: Overhaul device-list-parser. - sbd-inquisitor: Free timeout action on bail out. - sbd-md: Prevent unrealistic overflow on sector io calc. - Update to version 1.4.0+20190326.c38c5e6: - sbd-pacemaker: Bail out of status earlier. - sbd-pacemaker: Make handling of cib-connection loss more robust. - Update to version 1.4.0+20190311.0159a3c: - sbd-cluster: Finalize CMAP connection if disconnected from cluster. (bsc#1128059) - Update from 1.4.0+20190123.1829c40 to version 1.4.0+20190201.f949aa8: - Fail earlier on invalid servants. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-2434=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): sbd-1.4.0+20190514.e9be8d9-3.6.1 sbd-debuginfo-1.4.0+20190514.e9be8d9-3.6.1 sbd-debugsource-1.4.0+20190514.e9be8d9-3.6.1 References: https://bugzilla.suse.com/1128059 https://bugzilla.suse.com/1134496 https://bugzilla.suse.com/1140065 From sle-updates at lists.suse.com Mon Sep 23 07:13:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Sep 2019 15:13:43 +0200 (CEST) Subject: SUSE-SU-2019:2429-1: moderate: Security update for expat Message-ID: <20190923131343.E6FE0F7B3@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2429-1 Rating: moderate References: #1149429 Cross-References: CVE-2019-15903 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2429=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2429=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2429=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-3.6.1 expat-debugsource-2.2.5-3.6.1 libexpat-devel-32bit-2.2.5-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.6.1 expat-debuginfo-2.2.5-3.6.1 expat-debugsource-2.2.5-3.6.1 libexpat-devel-2.2.5-3.6.1 libexpat1-2.2.5-3.6.1 libexpat1-debuginfo-2.2.5-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-3.6.1 libexpat1-32bit-2.2.5-3.6.1 libexpat1-32bit-debuginfo-2.2.5-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): expat-2.2.5-3.6.1 expat-debuginfo-2.2.5-3.6.1 expat-debugsource-2.2.5-3.6.1 libexpat-devel-2.2.5-3.6.1 libexpat1-2.2.5-3.6.1 libexpat1-debuginfo-2.2.5-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): expat-32bit-debuginfo-2.2.5-3.6.1 libexpat1-32bit-2.2.5-3.6.1 libexpat1-32bit-debuginfo-2.2.5-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-15903.html https://bugzilla.suse.com/1149429 From sle-updates at lists.suse.com Mon Sep 23 07:14:29 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Sep 2019 15:14:29 +0200 (CEST) Subject: SUSE-SU-2019:2428-1: important: Security update for webkit2gtk3 Message-ID: <20190923131429.7B640F7B3@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2428-1 Rating: important References: #1148931 Cross-References: CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Security issues fixed: - CVE-2019-8673, CVE-2019-8678, CVE-2019-8686, CVE-2019-8683, CVE-2019-8671, CVE-2019-8595, CVE-2019-8684, CVE-2019-8681, CVE-2019-8615, CVE-2019-8689, CVE-2019-8680, CVE-2019-8672, CVE-2019-8676, CVE-2019-8666, CVE-2019-8644, CVE-2019-8658, CVE-2019-8690, CVE-2019-8688, CVE-2019-8649, CVE-2019-8679, CVE-2019-8687, CVE-2019-8669, CVE-2019-8677, CVE-2019-8607 (bsc#1148931). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2428=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2428=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2428=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2428=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2428=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2428=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): webkit-jsc-4-2.24.4-3.31.1 webkit-jsc-4-debuginfo-2.24.4-3.31.1 webkit2gtk3-debugsource-2.24.4-3.31.1 webkit2gtk3-minibrowser-2.24.4-3.31.1 webkit2gtk3-minibrowser-debuginfo-2.24.4-3.31.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.24.4-3.31.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.24.4-3.31.1 libwebkit2gtk-4_0-37-32bit-2.24.4-3.31.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.24.4-3.31.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): webkit-jsc-4-2.24.4-3.31.1 webkit-jsc-4-debuginfo-2.24.4-3.31.1 webkit2gtk3-debugsource-2.24.4-3.31.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.24.4-3.31.1 typelib-1_0-WebKit2-4_0-2.24.4-3.31.1 typelib-1_0-WebKit2WebExtension-4_0-2.24.4-3.31.1 webkit2gtk3-debugsource-2.24.4-3.31.1 webkit2gtk3-devel-2.24.4-3.31.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.24.4-3.31.1 typelib-1_0-WebKit2-4_0-2.24.4-3.31.1 typelib-1_0-WebKit2WebExtension-4_0-2.24.4-3.31.1 webkit2gtk3-debugsource-2.24.4-3.31.1 webkit2gtk3-devel-2.24.4-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.4-3.31.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-3.31.1 libwebkit2gtk-4_0-37-2.24.4-3.31.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-3.31.1 webkit2gtk-4_0-injected-bundles-2.24.4-3.31.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-3.31.1 webkit2gtk3-debugsource-2.24.4-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libwebkit2gtk3-lang-2.24.4-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.24.4-3.31.1 libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-3.31.1 libwebkit2gtk-4_0-37-2.24.4-3.31.1 libwebkit2gtk-4_0-37-debuginfo-2.24.4-3.31.1 webkit2gtk-4_0-injected-bundles-2.24.4-3.31.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-3.31.1 webkit2gtk3-debugsource-2.24.4-3.31.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): libwebkit2gtk3-lang-2.24.4-3.31.1 References: https://www.suse.com/security/cve/CVE-2019-8595.html https://www.suse.com/security/cve/CVE-2019-8607.html https://www.suse.com/security/cve/CVE-2019-8615.html https://www.suse.com/security/cve/CVE-2019-8644.html https://www.suse.com/security/cve/CVE-2019-8649.html https://www.suse.com/security/cve/CVE-2019-8658.html https://www.suse.com/security/cve/CVE-2019-8666.html https://www.suse.com/security/cve/CVE-2019-8669.html https://www.suse.com/security/cve/CVE-2019-8671.html https://www.suse.com/security/cve/CVE-2019-8672.html https://www.suse.com/security/cve/CVE-2019-8673.html https://www.suse.com/security/cve/CVE-2019-8676.html https://www.suse.com/security/cve/CVE-2019-8677.html https://www.suse.com/security/cve/CVE-2019-8678.html https://www.suse.com/security/cve/CVE-2019-8679.html https://www.suse.com/security/cve/CVE-2019-8680.html https://www.suse.com/security/cve/CVE-2019-8681.html https://www.suse.com/security/cve/CVE-2019-8683.html https://www.suse.com/security/cve/CVE-2019-8684.html https://www.suse.com/security/cve/CVE-2019-8686.html https://www.suse.com/security/cve/CVE-2019-8687.html https://www.suse.com/security/cve/CVE-2019-8688.html https://www.suse.com/security/cve/CVE-2019-8689.html https://www.suse.com/security/cve/CVE-2019-8690.html https://bugzilla.suse.com/1148931 From sle-updates at lists.suse.com Mon Sep 23 07:15:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Sep 2019 15:15:13 +0200 (CEST) Subject: SUSE-RU-2019:2433-1: moderate: Recommended update for crmsh Message-ID: <20190923131513.7C72FF7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2433-1 Rating: moderate References: #1093564 #1116559 #1120554 #1120555 #1120587 #1123187 #1129380 #1129383 #1129719 #1130715 #1135696 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for crmsh contains the following fixes: Specific hb_report issues fixed: - Collect output of "sbd dump" and "sbd list". (bsc#1129383) - Using Tempfile class to manage tempfiles. - Handle UnicodeDecodeError on special position. (bsc#1130715) - Analysis.txt includes warning, error, critical messages. (bsc#1135696) Update from 4.0.0+git.1542103310.dd114188 to version 4.0.0+git.1553262403.5da14dfa5 includes: * Add timestamp for DEBUG messages. (bsc#1129380) * Check if command and related files exists. (bsc#1129719) * Add "promotable", "promoted-max" and "promoted-node-max" constants in clone meta attributes. * Fix #425 The ID attribute is not required for select and select_attributes. * Set kind for order constraints, not score. (bsc#1123187) * low: utils: add support for dpkg. * low: utils: add support for apt-get. * low: utils: convert string contstants to bytes. * Warning messages start with like "WARNING:" instead of "!". (bsc#1120587, bsc#1120586) * crmsh crashed when using configure->template->apply. (bsc#1120554, bsc#1120555) * Increase log level for verification. (bsc#1116559) * Fix UnicodeEncodeError while print. (bsc#1093564) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2433=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-2433=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): crmsh-test-4.0.0+git.1553262403.5da14df5-3.11.1 - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.0.0+git.1553262403.5da14df5-3.11.1 crmsh-scripts-4.0.0+git.1553262403.5da14df5-3.11.1 References: https://bugzilla.suse.com/1093564 https://bugzilla.suse.com/1116559 https://bugzilla.suse.com/1120554 https://bugzilla.suse.com/1120555 https://bugzilla.suse.com/1120587 https://bugzilla.suse.com/1123187 https://bugzilla.suse.com/1129380 https://bugzilla.suse.com/1129383 https://bugzilla.suse.com/1129719 https://bugzilla.suse.com/1130715 https://bugzilla.suse.com/1135696 From sle-updates at lists.suse.com Mon Sep 23 07:17:26 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Sep 2019 15:17:26 +0200 (CEST) Subject: SUSE-SU-2019:2430-1: important: Security update for kernel-source-rt Message-ID: <20190923131726.B4014F7B3@maintenance.suse.de> SUSE Security Update: Security update for kernel-source-rt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2430-1 Rating: important References: #1050242 #1050549 #1051510 #1052904 #1053043 #1055117 #1055121 #1055186 #1056787 #1058115 #1061840 #1064802 #1065600 #1065729 #1066129 #1070872 #1071995 #1075020 #1082387 #1082555 #1083647 #1083710 #1085535 #1085536 #1088047 #1088804 #1093389 #1094555 #1096003 #1098633 #1099658 #1102247 #1103186 #1103259 #1103990 #1103991 #1103992 #1104745 #1106011 #1106284 #1106383 #1106751 #1108193 #1108838 #1108937 #1109837 #1110946 #1111331 #1111666 #1111696 #1112063 #1112128 #1112178 #1112374 #1113722 #1113956 #1114279 #1114427 #1114542 #1114638 #1114685 #1115688 #1117114 #1117158 #1117561 #1118139 #1119113 #1119222 #1119532 #1119680 #1120091 #1120318 #1120423 #1120566 #1120843 #1120902 #1122767 #1122776 #1123080 #1123454 #1123663 #1124503 #1124839 #1125703 #1126206 #1126356 #1126704 #1127034 #1127175 #1127315 #1127371 #1127374 #1127611 #1127616 #1128052 #1128415 #1128432 #1128544 #1128902 #1128904 #1128971 #1128979 #1129138 #1129273 #1129693 #1129770 #1129845 #1130195 #1130425 #1130527 #1130567 #1130579 #1130699 #1130836 #1130937 #1130972 #1131326 #1131427 #1131438 #1131451 #1131467 #1131488 #1131530 #1131565 #1131574 #1131587 #1131645 #1131659 #1131673 #1131847 #1131848 #1131851 #1131900 #1131934 #1131935 #1132044 #1132219 #1132226 #1132227 #1132365 #1132368 #1132369 #1132370 #1132372 #1132373 #1132384 #1132390 #1132397 #1132402 #1132403 #1132404 #1132405 #1132407 #1132411 #1132412 #1132413 #1132414 #1132426 #1132527 #1132531 #1132555 #1132558 #1132561 #1132562 #1132563 #1132564 #1132570 #1132571 #1132572 #1132589 #1132618 #1132673 #1132681 #1132726 #1132828 #1132894 #1132943 #1132982 #1133005 #1133016 #1133021 #1133094 #1133095 #1133115 #1133149 #1133176 #1133188 #1133190 #1133311 #1133320 #1133401 #1133486 #1133529 #1133547 #1133584 #1133593 #1133612 #1133616 #1133667 #1133668 #1133672 #1133674 #1133675 #1133698 #1133702 #1133731 #1133738 #1133769 #1133772 #1133774 #1133778 #1133779 #1133780 #1133825 #1133850 #1133851 #1133852 #1133897 #1134090 #1134097 #1134160 #1134162 #1134199 #1134200 #1134201 #1134202 #1134203 #1134204 #1134205 #1134223 #1134303 #1134354 #1134390 #1134393 #1134395 #1134397 #1134399 #1134459 #1134460 #1134461 #1134597 #1134600 #1134607 #1134618 #1134651 #1134671 #1134730 #1134738 #1134743 #1134760 #1134806 #1134810 #1134813 #1134848 #1134936 #1134945 #1134946 #1134947 #1134948 #1134949 #1134950 #1134951 #1134952 #1134953 #1134972 #1134974 #1134975 #1134980 #1134981 #1134983 #1134987 #1134989 #1134990 #1134994 #1134995 #1134998 #1134999 #1135006 #1135007 #1135008 #1135018 #1135021 #1135024 #1135026 #1135027 #1135028 #1135029 #1135031 #1135033 #1135034 #1135035 #1135036 #1135037 #1135038 #1135039 #1135041 #1135042 #1135044 #1135045 #1135046 #1135047 #1135049 #1135051 #1135052 #1135053 #1135055 #1135056 #1135058 #1135100 #1135120 #1135153 #1135278 #1135281 #1135296 #1135309 #1135312 #1135314 #1135315 #1135316 #1135320 #1135323 #1135330 #1135335 #1135492 #1135542 #1135556 #1135603 #1135642 #1135661 #1135758 #1135897 #1136156 #1136157 #1136161 #1136188 #1136206 #1136215 #1136217 #1136264 #1136271 #1136333 #1136342 #1136343 #1136345 #1136347 #1136348 #1136353 #1136424 #1136428 #1136430 #1136432 #1136434 #1136435 #1136438 #1136439 #1136456 #1136460 #1136461 #1136462 #1136467 #1136469 #1136477 #1136478 #1136498 #1136573 #1136586 #1136598 #1136881 #1136922 #1136935 #1136978 #1136990 #1137103 #1137151 #1137152 #1137153 #1137162 #1137194 #1137201 #1137224 #1137232 #1137233 #1137236 #1137366 #1137372 #1137429 #1137444 #1137458 #1137534 #1137535 #1137584 #1137586 #1137609 #1137625 #1137728 #1137739 #1137752 #1137811 #1137827 #1137884 #1137985 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138263 #1138291 #1138293 #1138336 #1138374 #1138375 #1138589 #1138681 #1138719 #1138732 #1138874 #1138879 #1139358 #1139619 #1139712 #1139751 #1139771 #1139865 #1140133 #1140139 #1140228 #1140322 #1140328 #1140405 #1140424 #1140428 #1140454 #1140463 #1140559 #1140575 #1140577 #1140637 #1140652 #1140658 #1140676 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140887 #1140888 #1140889 #1140891 #1140893 #1140903 #1140945 #1140948 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 #1141312 #1141401 #1141402 #1141452 #1141453 #1141454 #1141478 #1141558 #1142023 #1142052 #1142083 #1142112 #1142115 #1142119 #1142220 #1142221 #1142254 #1142350 #1142351 #1142354 #1142359 #1142450 #1142623 #1142673 #1142701 #1142868 #1143003 #1143045 #1143105 #1143185 #1143189 #1143191 #1143209 #1143507 Cross-References: CVE-2017-5753 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16871 CVE-2018-16880 CVE-2018-20836 CVE-2018-20855 CVE-2018-7191 CVE-2019-10124 CVE-2019-10638 CVE-2019-10639 CVE-2019-11085 CVE-2019-11091 CVE-2019-1125 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11599 CVE-2019-11810 CVE-2019-11811 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12380 CVE-2019-12382 CVE-2019-12456 CVE-2019-12614 CVE-2019-12817 CVE-2019-12818 CVE-2019-12819 CVE-2019-13233 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 CVE-2019-3846 CVE-2019-3882 CVE-2019-5489 CVE-2019-8564 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that solves 45 vulnerabilities and has 474 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1103186) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1111331) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586) - CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bsc#1133188) - CVE-2019-11811: An issue was discovered in the Linux kernel There was a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module was removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (bsc#1134397) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests. (bsc#1133190) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bsc#1134848) - CVE-2019-9500: An issue was discovered that lead to brcmfmac heap buffer overflow. (bsc#1132681) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bsc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bsc#1135278) - CVE-2018-16880: A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may have lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bsc#1122767) - CVE-2019-12819: The function __mdiobus_register() called put_device(), which triggered a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291) - CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permitted violation of the user's locked memory limit. If a device was bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may have caused a system memory exhaustion and thus a denial of service (DoS). (bsc#1131427) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bsc#1136424) - CVE-2019-8564: An issue was discoved which meant that brcmfmac frame validation could be bypassed. (bsc#1132673) - CVE-2019-9503: An issue was discoved which meant that brcmfmac frame validation could be bypassed. (bsc#1132828) - CVE-2019-9003: In the Linux kernel, attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. (bsc#1126704) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103). - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577). - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577). - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738). - CVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454). - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. (bnc#1143189) - CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used. (bsc#1136922) - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. (bsc#1136598) The following non-security bugs were fixed: - 6lowpan: Off by one handling nexthdr (bsc#1051510). - 9p locks: add mount option for lock retry interval (bsc#1051510). - 9p: do not trust pdu content for stat item size (bsc#1051510). - ARM: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - ARM: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - ARM: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - ARM: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - ARM: iop: don't use using 64-bit DMA masks (bsc#1051510). - ARM: orion: don't use using 64-bit DMA masks (bsc#1051510). - ARM: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - ASoC : cs4265 : readable register too low (bsc#1051510). - ASoC: Intel: avoid Oops if DMA setup fails (bsc#1051510). - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - ASoC: cs4270: Set auto-increment bit for register writes (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: fix valid stream condition (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - ASoC: fsl_esai: Fix missing break in switch statement (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510). - ASoC: max98090: Fix restore of DAPM Muxes (bsc#1051510). - ASoC: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - ASoC: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - ASoC: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - ASoC: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ASoC: stm32: fix sai driver name initialisation (bsc#1051510). - ASoC: tlv320aic32x4: Fix Common Pins (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - Abort file_remove_privs() for non-reg. files (bsc#1140888). - Add back sibling paca poiter to paca (bsc#1055117). - Backporting hwpoison fixes - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - Bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - Bluetooth: hidp: fix buffer overflow (bsc#1051510). - CIFS: Do not count -ENODATA as failure for query directory (bsc#1051510). - CIFS: Do not hide EINTR after sending network packets (bsc#1051510). - CIFS: Do not reconnect TCP session in add_credits() (bsc#1051510). - CIFS: Do not reset lease state to NONE on lease break (bsc#1051510). - CIFS: Fix adjustment of credits for MTU requests (bsc#1051510). - CIFS: Fix credit calculation for encrypted reads with errors (bsc#1051510). - CIFS: Fix credits calculations for reads with errors (bsc#1051510). - CIFS: Fix possible hang during async MTU reads and writes (bsc#1051510). - CIFS: Fix read after write for files with read caching (bsc#1051510). - CIFS: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - CIFS: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - Correct iwlwifi 22000 series ucode file name (bsc#1142673) - Correct the buggy backport about AER / DPC pcie stuff (bsc#1142623) - Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948). - Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751). - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751). - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - Fix cpu online check (bsc#1051510). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: core: move Usage Page concatenation to Main item (bsc#1093389). - HID: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - HID: input: add mapping for "Toggle Display" key (bsc#1051510). - HID: input: add mapping for Assistant key (bsc#1051510). - HID: input: add mapping for Expose/Overview key (bsc#1051510). - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - HID: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - HID: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Don't report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Don't set tool type until we're in range (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: correct touch resolution x/y typo (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: Correct pad syncing (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510). - HID: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685 FATE#325854). - IB/hfi1: Create inline to get extended headers (bsc#1114685 FATE#325854). - IB/hfi1: Validate fault injection opcode user input (bsc#1114685 FATE#325854). - IB/ipoib: Add child to parent list only if device initialized (bsc#1103992 FATE#326009). - IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bsc#1103991 FATE#326007). - IB/mlx5: Verify DEVX general object type correctly (bsc#1103991 FATE#326007). - Improve the headset mic for Acer Aspire laptops" (bsc#1051510). - Input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - Input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - Input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - Input: introduce KEY_ASSISTANT (bsc#1051510). - Input: psmouse - fix build error of multiple definition (bsc#1051510). - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - Input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - Input: synaptics-rmi4 - fix possible double free (bsc#1051510). - Input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - Input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - KEYS: always initialize keyring_index_key::desc_len (bsc#1051510). - KEYS: user: Align the payload buffer (bsc#1051510). - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - KVM: PPC: Remove redundand permission bits removal (bsc#1061840). - KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - KVM: PPC: Validate all tces before updating tables (bsc#1061840). - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - MD: fix invalid stored role for a disk (bsc#1051510). - NFC: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - PCI/P2PDMA: fix the gen_pool_add_virt() failure path (bsc#1103992 FATE#326009). - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - PCI: Always allow probing with driver_override (bsc#1051510). - PCI: Do not poll for PME if the device is in D3cold (bsc#1051510). - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - PCI: Return error if cannot probe VF (bsc#1051510). - PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - PM / core: Propagate dev power.wakeup_path when no callbacks (bsc#1051510). - RAS/CEC: Check the correct variable in the debugfs error handling (bsc#1085535). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - RDMA/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992 FATE#326009). - RDMA/mlx5: Do not allow the user to write to the clock page (bsc#1103991 FATE#326007). - RDMA/mlx5: Initialize roce port info before multiport master init (bsc#1103991 FATE#326007). - RDMA/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992 FATE#326009). - RDMA/odp: Fix missed unlock in non-blocking invalidate_start (bsc#1103992 FATE#326009). - RDMA/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992, FATE#326009). - RDMA/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992, FATE#326009). - RDMA/srp: Accept again source addresses that do not have a port number (bsc#1103992 FATE#326009). - RDMA/srp: Document srp_parse_in() arguments (bsc#1103992 FATE#326009). - RDMA/uverbs: check for allocation failure in uapi_add_elm() (bsc#1103992 FATE#326009). - Re-export snd_cards for kABI compatibility (bsc#1051510). - Revert "Sign non-x86 kernels when possible (boo#1134303)" - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()" (bsc#1140652). - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" (bsc#1138879). - Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)." This broke the build with older gcc instead. - Revert "svm: Fix AVIC incomplete IPI emulation" (bsc#1140133). - Revert "svm: Fix AVIC incomplete IPI emulation" (bsc#1140133). - SMB3: Fix endian warning (bsc#1137884). - UAS: fix alignment of scatter/gather segments (bsc#1129770). - USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - USB: cdc-acm: fix unthrottle races (bsc#1051510). - USB: core: Don't unbind interfaces following device reset failure (bsc#1051510). - USB: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - USB: core: Fix unterminated string returned by usb_string() (bsc#1051510). - USB: rio500: fix memory leak in close after disconnect (bsc#1051510). - USB: rio500: refuse more than one device at a time (bsc#1051510). - USB: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - USB: serial: f81232: fix interrupt worker not stop (bsc#1051510). - USB: serial: fix unthrottle races (bsc#1051510). - USB: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - USB: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - USB: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - USB: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - USB: usb-storage: Add new ID to ums-realtek (bsc#1051510). - USB: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - USB: yurex: Fix protection fault after device removal (bsc#1051510). - VMCI: Fix integer overflow in VMCI handle arrays (bsc#1051510). - acpi / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426). - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - acpi: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle (bsc#1111666). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpi: property: restore _DSD data subnodes GUID comment (bsc#1111666). - acpiCA: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpiCA: Clear status of GPEs on first direct enable (bsc#1111666). - acpiCA: Namespace: remove address node from global list after method termination (bsc#1051510). - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Don't allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: core: Don't refer to snd_cards array directly (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Don't resume forcibly i915 HDMI/DP codec (bsc#1111666). - alsa: hda - Fix intermittent CORB/RIRB stall on Intel chips (bsc#1111666). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda - Optimize resume for codecs without jack detection (bsc#1111666). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Fix i915 reverse port/pin mapping (bsc#1111666). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/hdmi - Remove duplicated define (bsc#1111666). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Enable micmute LED for Huawei laptops (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hda/realtek - Move to ACT_INIT state (bsc#1111666). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Support low power consumption for ALC256 (bsc#1051510). - alsa: hda/realtek - Support low power consumption for ALC295 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233 (bsc#1111666). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - alsa: usb-audio: fix Line6 Helix audio format rates (bsc#1111666). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: do not override dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - arm64: fix acpi dependencies (bsc#1117158). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - at76c50x-usb: Don't register led_trigger if usb_register_driver failed (bsc#1051510). - ath10k: Do not send probe response template for mesh (bsc#1111666). - ath10k: Fix encoding for protected management frames (bsc#1111666). - ath10k: add missing error handling (bsc#1111666). - ath10k: add peer id check in ath10k_peer_find_by_id (bsc#1111666). - ath10k: avoid possible string overflow (bsc#1051510). - ath10k: destroy sdio workqueue while remove sdio module (bsc#1111666). - ath10k: fix PCIE device wake up failed (bsc#1111666). - ath10k: fix incorrect multicast/broadcast rate setting (bsc#1111666). - ath10k: snoc: fix unbalanced clock error handling (bsc#1111666). - ath6kl: add some bounds checking (bsc#1051510). - ath9k: Check for errors when reading SREV register (bsc#1111666). - ath9k: correctly handle short radar pulses (bsc#1111666). - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection (bsc#1111666). - audit: fix a memleak caused by auditing load module (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set flush_btree in bch_journal_free" (bsc#1140652). - bcache: account size of buckets used in uuid write to ca meta_sectors_written (bsc#1130972). - bcache: account size of buckets used in uuid write to ca meta_sectors_written (bsc#1130972). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: add comment for cache_set fill_iter (bsc#1130972). - bcache: add comment for cache_set fill_iter (bsc#1130972). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(b write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add missing SPDX header (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: correct dirty data statistics (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: destroy dc writeback_write_wq if failed to create dc writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix code comments style (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: never writeback a discard operation (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: set largest seq to ja seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnx2x: Add support for detection of P2P event packets (bsc#1136498 jsc#SLE-4699). - bnx2x: Bump up driver version to 1.713.36 (bsc#1136498 jsc#SLE-4699). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnx2x: Remove set but not used variable 'mfw_vn' (bsc#1136498 jsc#SLE-4699). - bnx2x: Replace magic numbers with macro definitions (bsc#1136498 jsc#SLE-4699). - bnx2x: Use struct_size() in kzalloc() (bsc#1136498 jsc#SLE-4699). - bnx2x: Utilize FW 7.13.11.0 (bsc#1136498 jsc#SLE-4699). - bnx2x: fix spelling mistake "dicline" "decline" (bsc#1136498 jsc#SLE-4699). - bnx2x: fix various indentation issues (bsc#1136498 jsc#SLE-4699). - bnxt_en: Add device IDs 0x1806 and 0x1752 for 57500 devices (bsc#1137224). - bnxt_en: Add support for BCM957504 (bsc#1137224). - bnxt_en: Disable bus master during PCI shutdown and driver unload (bsc#1104745 FATE#325918). - bnxt_en: Fix aggregation buffer leak under OOM condition (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix aggregation buffer leak under OOM condition (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix possible BUG() condition when calling pci_disable_msix() (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix possible BUG() condition when calling pci_disable_msix() (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix possible crash in bnxt_hwrm_ring_free() under error conditions (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix possible crash in bnxt_hwrm_ring_free() under error conditions (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix statistics context reservation logic (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix statistics context reservation logic (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix statistics context reservation logic for RDMA driver (bsc#1104745 FATE#325918). - bnxt_en: Fix uninitialized variable usage in bnxt_rx_pkt() (bsc#1134090 jsc#SLE-5954). - bnxt_en: Fix uninitialized variable usage in bnxt_rx_pkt() (bsc#1134090 jsc#SLE-5954). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242 FATE#322914). - bnxt_en: Improve NQ reservations (bsc#1134090 jsc#SLE-5954). - bnxt_en: Improve NQ reservations (bsc#1134090 jsc#SLE-5954). - bnxt_en: Improve multicast address setup logic (bsc#1134090 jsc#SLE-5954). - bnxt_en: Improve multicast address setup logic (bsc#1134090 jsc#SLE-5954). - bnxt_en: Pass correct extended TX port statistics size to firmware (bsc#1134090 jsc#SLE-5954). - bnxt_en: Pass correct extended TX port statistics size to firmware (bsc#1134090 jsc#SLE-5954). - bnxt_en: Reduce memory usage when running in kdump kernel (bsc#1134090 jsc#SLE-5954). - bnxt_en: Reduce memory usage when running in kdump kernel (bsc#1134090 jsc#SLE-5954). - bnxt_en: Suppress error messages when querying DSCP DCB capabilities (bsc#1104745 FATE#325918). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, devmap: Add missing RCU read lock on flush (bsc#1109837). - bpf, devmap: Add missing bulk queue free (bsc#1109837). - bpf, devmap: Fix premature entry free on destroying map (bsc#1109837). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - bpf: btf: fix the brackets of BTF_INT_OFFSET() (bsc#1083647). - bpf: devmap: fix use-after-free Read in __dev_map_entry_free (bsc#1109837). - bpf: fix callees pruning callers (bsc#1109837). - bpf: fix nested bpf tracepoints with per-cpu data (bsc#1083647). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837). - bpf: sockmap fix msg sg.size account on ingress skb (bsc#1109837). - bpf: sockmap remove duplicate queue free (bsc#1109837). - bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix NULL pointer derefence during USB disconnect (bsc#1111666). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix leak of mypkt on error return path (bsc#1111666). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - broadcom: Mark expected switch fall-throughs (bsc#1136498 jsc#SLE-4699). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1111666). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: factor out ceph_lookup_inode() (bsc#1138681). - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681). - ceph: fix ci i_head_snapc leak (bsc#1122776). - ceph: fix ci i_head_snapc leak (bsc#1122776). - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: flush dirty inodes before proceeding with remount (bsc#1138681). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - ceph: only use d_name directly when parent is locked (bsc#1134460). - ceph: only use d_name directly when parent is locked (bsc#1134460). - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681). - ceph: quota: fix quota subdir mounts (bsc#1138681). - ceph: remove duplicated filelock ref increase (bsc#1138681). - cfg80211: Handle WMM rules in regulatory domain intersection (bsc#1111666). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - cgroup: fix parsing empty mount option string (bsc#1133094). - chardev: add additional check for minor range overlap (bsc#1051510). - chelsio: use BUG() instead of BUG_ON(1) (bsc#1136345 jsc#SLE-4681). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: don't dereference smb_file_target before null check (bsc#1051510). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Don't yell about bad mmc phases when getting (bsc#1051510). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - config: arm64: enable CN99xx uncore pmu References: bsc#1117114 - configfs: Fix use-after-free when accessing sd s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: arm/aes-neonbs - don't access already-freed walk.iv (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: caam/qi2 - fix DMA mapping of stack memory (bsc#1111666). - crypto: caam/qi2 - fix zero-length buffer DMA mapping (bsc#1111666). - crypto: caam/qi2 - generate hash keys in-place (bsc#1111666). - crypto: ccm - fix incompatibility between "ccm" and "ccm_base" (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: chcr - ESN for Inline IPSec Tx (bsc#1136353 jsc#SLE-4688). - crypto: chcr - small packet Tx stalls the queue (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix NULL pointer dereference (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix passing zero to 'PTR_ERR' warning in chcr_aead_op (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix softlockup with heavy I/O (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fix wrong error counter increments (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Fixed Traffic Stall (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Handle pci shutdown event (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Inline single pdu only (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Reset counters on cxgb4 Detach (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Swap location of AAD and IV sent in WR (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - Use same value for both channel in single WR (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - avoid using sa_entry imm (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - check set_msg_len overflow in generate_b0 (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - clean up various indentation issues (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - cleanup:send addr as value in function argument (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - count incomplete block in IV (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - remove set but not used variable 'kctx_len' (bsc#1136353 jsc#SLE-4688). - crypto: chelsio - remove set but not used variables 'adap' (bsc#1136353 jsc#SLE-4688). - crypto: chtls - remove cdev_list_lock (bsc#1136353 jsc#SLE-4688). - crypto: chtls - remove set but not used variables 'err, adap, request, hws' (bsc#1136353 jsc#SLE-4688). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: prefix header search paths with $(srctree)/ (bsc#1136353 jsc#SLE-4688). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: skcipher - don't WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4/chtls: Prefix adapter flags with CXGB4 (bsc#1136345 jsc#SLE-4681). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Display advertised FEC in ethtool (bsc#1136345 jsc#SLE-4681). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Fix up netdev hw_features (bsc#1136345 jsc#SLE-4681). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4/cxgb4vf_main: Mark expected switch fall-through (bsc#1136345 jsc#SLE-4681). - cxgb4: Add VF Link state support (bsc#1136345 jsc#SLE-4681). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 pci device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 pci device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 pci device ids 0x608a (bsc#1127371). - cxgb4: Add new T6 pci device ids 0x608b (bsc#1136345 jsc#SLE-4681). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Delete all hash and TCAM filters before resource cleanup (bsc#1136345 jsc#SLE-4681). - cxgb4: Do not return EAGAIN when TCAM is full (bsc#1136345 jsc#SLE-4681). - cxgb4: Enable hash filter with offload (bsc#1136345 jsc#SLE-4681). - cxgb4: Enable outer UDP checksum offload for T6 (bsc#1136345 jsc#SLE-4681). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: Fix error path in cxgb4_init_module (bsc#1136345 jsc#SLE-4681). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: Revert "cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size" (bsc#1136345 jsc#SLE-4681). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: TLS record offload enable (bsc#1136345 jsc#SLE-4681). - cxgb4: Update 1.23.3.0 as the latest firmware supported (bsc#1136345 jsc#SLE-4681). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: add tcb flags and tcb rpl struct (bsc#1136345 jsc#SLE-4681). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: free mac_hlist properly (bsc#1136345 jsc#SLE-4681). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: kfree mhp after the debug print (bsc#1136345 jsc#SLE-4681). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1136345 jsc#SLE-4681). - cxgb4: remove DEFINE_SIMPLE_DEBUGFS_FILE() (bsc#1136345 jsc#SLE-4681). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: remove set but not used variables 'multitrc, speed' (bsc#1136345 jsc#SLE-4681). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use firmware API for validating filter spec (bsc#1136345 jsc#SLE-4681). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Call netif_carrier_off properly in pci_probe (bsc#1136347 jsc#SLE-4683). - cxgb4vf: Enter debugging mode if FW is inaccessible (bsc#1136347 jsc#SLE-4683). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: Prefix adapter flags with CXGB4VF (bsc#1136347 jsc#SLE-4683). - cxgb4vf: Revert force link up behaviour (bsc#1136347 jsc#SLE-4683). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: free mac_hlist properly (bsc#1136345 jsc#SLE-4681). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bsc#1111666). - dma-direct: add support for allocation from ZONE_DMA and ZONE_DMA32 (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: do not retry allocation for no-op GFP_DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: retry allocations using GFP_DMA for small masks (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: move dma_mark_clean to dma-direct.h (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: move swiotlb arch helpers to a new header (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: take dma_pfn_offset into account in dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - dmaengine: at_xdmac: remove BUG_ON macro in tasklet (bsc#1111666). - dmaengine: axi-dmac: Don't check the number of frames for alignment (bsc#1051510). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - dmaengine: pl330: _stop: clear interrupt status (bsc#1111666). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra210-adma: Fix crash during probe (bsc#1111666). - dmaengine: tegra210-adma: restore channel status (bsc#1111666). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - documentation: Add MDS vulnerability documentation (bsc#1135642). - documentation: Add MDS vulnerability documentation (bsc#1135642). - documentation: Add MDS vulnerability documentation (bsc#1135642). - documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base/devres: introduce devm_release_action() (bsc#1103992 FATE#326009). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994). - drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER (bsc#1051510). - drm/amd/display: Fix Divide by 0 in memory calculations (bsc#1111666). - drm/amd/display: If one stream full updates, full update all planes (bsc#1111666). - drm/amd/display: Make some functions static (bsc#1111666). - drm/amd/display: Set stream mode_changed when connectors change (bsc#1111666). - drm/amd/display: Use plane color_space for dpp if specified (bsc#1111666). - drm/amd/display: extending AUX SW Timeout (bsc#1111666). - drm/amd/display: fix cursor black issue (bsc#1111666). - drm/amd/display: fix releasing planes when exiting odm (bsc#1111666). - drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming (bsc#1111666). - drm/amdgpu/psp: move psp version specific function pointers to early_init (bsc#1111666). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when hotplug-in (bsc#1111666). - drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI) (bsc#1111666). - drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666). - drm/atmel-hlcdc: revert shift by 8 (bsc#1111666). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/doc: Drop "content type" from the legacy kms property table (bsc#1111666). - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/edid: abstract override/firmware EDID retrieval (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/exynos/mixer: fix MIXER shadow registry synchronisation code (bsc#1111666). - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/fb-helper: generic: Call drm_client_add() after setup is done (bsc#1111666). - drm/fb-helper: generic: Don't take module ref for fbcon (bsc#1111666). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113956) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Initialize intel_gvt_gtt_entry in stack (bsc#1111666). - drm/i915/gvt: Prevent use-after-free in ppgtt_free_all_spt() (bsc#1111666). - drm/i915/gvt: Roundup fb height into tile's height at calucation fb size (bsc#1111666). - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113956) - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915/icl: Add WaDisableBankHangMode (bsc#1111666). - drm/i915/icl: Whitelist GEN9_SLICE_COMMON_ECO_CHICKEN1 (bsc#1111666). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Disable tv output on i9x5gm (bsc#1086657, bsc#1133897). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled (bsc#1111666). - drm/i915: Maintain consistent documentation subsection ordering (bsc#1111666). - drm/imx: don't skip DP channel disable for background plane (bsc#1051510). - drm/imx: notify drm core before sending event during crtc disable (bsc#1111666). - drm/imx: only send event on crtc disable if kept disabled (bsc#1111666). - drm/lease: Make sure implicit planes are leased (bsc#1111666). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113956) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1111666). - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1111666). - drm/mediatek: clear num_pipes when unbind driver (bsc#1111666). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/mediatek: fix unbind functions (bsc#1111666). - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666). - drm/meson: Add support for XBGR8888 ABGR8888 formats (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1111666). - drm/msm: a5xx: fix possible object reference leak (bsc#1111666). - drm/msm: fix fb references in async update (bsc#1111666). - drm/nouveau/bar/nv50: ensure BAR is mapped (bsc#1111666). - drm/nouveau/bar/tu104: initial support (bsc#1133593). - drm/nouveau/bar/tu106: initial support (bsc#1133593). - drm/nouveau/bios/tu104: initial support (bsc#1133593). - drm/nouveau/bios/tu106: initial support (bsc#1133593). - drm/nouveau/bios: translate additional memory types (bsc#1133593). - drm/nouveau/bios: translate usb-C connector type (bsc#1133593). - drm/nouveau/bus/tu104: initial support (bsc#1133593). - drm/nouveau/bus/tu106: initial support (bsc#1133593). - drm/nouveau/ce/tu104: initial support (bsc#1133593). - drm/nouveau/ce/tu106: initial support (bsc#1133593). - drm/nouveau/core: increase maximum number of nvdec instances to 3 (bsc#1133593). - drm/nouveau/core: recognise TU102 (bsc#1133593). - drm/nouveau/core: recognise TU104 (bsc#1133593). - drm/nouveau/core: recognise TU106 (bsc#1133593). - drm/nouveau/core: support multiple nvdec instances (bsc#1133593). - drm/nouveau/devinit/gm200-: export function to upload+execute PMU/PRE_OS (bsc#1133593). - drm/nouveau/devinit/tu104: initial support (bsc#1133593). - drm/nouveau/devinit/tu106: initial support (bsc#1133593). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau/disp/gm200-: add scdc parameter setter (bsc#1133593). - drm/nouveau/disp/gv100: fix name of window channels in debug output (bsc#1133593). - drm/nouveau/disp/tu104: initial support (bsc#1133593). - drm/nouveau/disp/tu106: initial support (bsc#1133593). - drm/nouveau/disp: add a way to configure scrambling/tmds for hdmi 2.0 (bsc#1133593). - drm/nouveau/disp: add support for setting scdc parameters for high modes (bsc#1133593). - drm/nouveau/disp: keep track of high-speed state, program into clock (bsc#1133593). - drm/nouveau/disp: take sink support into account for exposing 594mhz (bsc#1133593). - drm/nouveau/dma/tu104: initial support (bsc#1133593). - drm/nouveau/dma/tu106: initial support (bsc#1133593). - drm/nouveau/drm/nouveau: Do not forget to label dp_aux devices (bsc#1133593). - drm/nouveau/drm/nouveau: s/nouveau_backlight_exit/nouveau_backlight_fini/ (bsc#1133593). - drm/nouveau/drm/nouveau: tegra: Call nouveau_drm_device_init() (bsc#1133593). - drm/nouveau/fault/tu104: initial support (bsc#1133593). - drm/nouveau/fault/tu106: initial support (bsc#1133593). - drm/nouveau/fault: add explicit control over fault buffer interrupts (bsc#1133593). - drm/nouveau/fault: remove manual mapping of fault buffers into BAR2 (bsc#1133593). - drm/nouveau/fault: store get/put pri address in nvkm_fault_buffer (bsc#1133593). - drm/nouveau/fb/tu104: initial support (bsc#1133593). - drm/nouveau/fb/tu106: initial support (bsc#1133593). - drm/nouveau/fifo/gf100-: call into BAR to reset BARs after MMU fault (bsc#1133593). - drm/nouveau/fifo/gk104-: group pbdma functions together (bsc#1133593). - drm/nouveau/fifo/gk104-: return channel instance in ctor args (bsc#1133593). - drm/nouveau/fifo/gk104-: separate runlist building from committing to hw (bsc#1133593). - drm/nouveau/fifo/gk104-: support enabling privileged ce functions (bsc#1133593). - drm/nouveau/fifo/gk104-: virtualise pbdma enable function (bsc#1133593). - drm/nouveau/fifo/gm200-: read pbdma count more directly (bsc#1133593). - drm/nouveau/fifo/gv100: allocate method buffer (bsc#1133593). - drm/nouveau/fifo/gv100: return work submission token in channel ctor args (bsc#1133593). - drm/nouveau/fifo/tu104: initial support (bsc#1133593). - drm/nouveau/fifo/tu106: initial support (bsc#1133593). - drm/nouveau/fuse/tu104: initial support (bsc#1133593). - drm/nouveau/fuse/tu106: initial support (bsc#1133593). - drm/nouveau/gpio/tu104: initial support (bsc#1133593). - drm/nouveau/gpio/tu106: initial support (bsc#1133593). - drm/nouveau/i2c/tu104: initial support (bsc#1133593). - drm/nouveau/i2c/tu106: initial support (bsc#1133593). - drm/nouveau/i2c: Disable i2c bus access after fini() (bsc#1113722) - drm/nouveau/i2c: Enable i2c pads busses during preinit (bsc#1051510). - drm/nouveau/ibus/tu104: initial support (bsc#1133593). - drm/nouveau/ibus/tu106: initial support (bsc#1133593). - drm/nouveau/imem/nv50: support pinning objects in BAR2 and returning address (bsc#1133593). - drm/nouveau/imem/tu104: initial support (bsc#1133593). - drm/nouveau/imem/tu106: initial support (bsc#1133593). - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bsc#1111666). - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bsc#1111666). - drm/nouveau/kms/nv50-: allow more flexibility with lut formats (bsc#1133593). - drm/nouveau/kms/tu104: initial support (bsc#1133593). - drm/nouveau/ltc/tu104: initial support (bsc#1133593). - drm/nouveau/ltc/tu106: initial support (bsc#1133593). - drm/nouveau/mc/tu104: initial support (bsc#1133593). - drm/nouveau/mc/tu106: initial support (bsc#1133593). - drm/nouveau/mmu/tu104: initial support (bsc#1133593). - drm/nouveau/mmu/tu106: initial support (bsc#1133593). - drm/nouveau/mmu: add more general vmm free/node handling functions (bsc#1133593). - drm/nouveau/pci/tu104: initial support (bsc#1133593). - drm/nouveau/pci/tu106: initial support (bsc#1133593). - drm/nouveau/pmu/tu104: initial support (bsc#1133593). - drm/nouveau/pmu/tu106: initial support (bsc#1133593). - drm/nouveau/therm/tu104: initial support (bsc#1133593). - drm/nouveau/therm/tu106: initial support (bsc#1133593). - drm/nouveau/tmr/tu104: initial support (bsc#1133593). - drm/nouveau/tmr/tu106: initial support (bsc#1133593). - drm/nouveau/top/tu104: initial support (bsc#1133593). - drm/nouveau/top/tu106: initial support (bsc#1133593). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/nouveau: Add NV_PRINTK_ONCE and variants (bsc#1133593). - drm/nouveau: Add size to vbios.rom file in debugfs (bsc#1133593). - drm/nouveau: Add strap_peek to debugfs (bsc#1133593). - drm/nouveau: Cleanup indenting in nouveau_backlight.c (bsc#1133593). - drm/nouveau: Fix potential memory leak in nouveau_drm_load() (bsc#1133593). - drm/nouveau: Move backlight device into nouveau_connector (bsc#1133593). - drm/nouveau: Refactor nvXX_backlight_init() (bsc#1133593). - drm/nouveau: Remove unecessary dma_fence_ops (bsc#1133593). - drm/nouveau: Start using new drm_dev initialization helpers (bsc#1133593). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau: add DisplayPort CEC-Tunneling-over-AUX support (bsc#1133593). - drm/nouveau: register backlight on pascal and newer (bsc#1133593). - drm/nouveau: remove left-over struct member (bsc#1133593). - drm/omap: dsi: Fix PM for display blank with paired dss_pll calls (bsc#1111666). - drm/omap: hdmi4_cec: Fix CEC clock handling for PM (bsc#1111666). - drm/panel: otm8009a: Add delay at the end of initialization (bsc#1111666). - drm/panel: panel-innolux: set display off in innolux_panel_unprepare (bsc#1111666). - drm/pl111: Initialize clock spinlock early (bsc#1111666). - drm/pl111: fix possible object reference leak (bsc#1111666). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: fix for mailbox read validation (bsc#1111666). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Fix sun8i HDMI PHY clock initialization (bsc#1111666). - drm/sun4i: Fix sun8i HDMI PHY configuration for 148.5 MHz (bsc#1111666). - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/sun4i: dsi: Change the start delay calculation (bsc#1111666). - drm/sun4i: dsi: Enforce boundaries on the start delay (bsc#1111666). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in sun8i_tcon_top_un/bind (bsc#1111666). - drm/tegra: gem: Fix CPU-cache maintenance for BO's allocated using get_pages() (bsc#1111666). - drm/tegra: hub: Fix dereference before check (bsc#1111666). - drm/ttm: Fix bo_global and mem_global kfree error (bsc#1111666). - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 (bsc#1111666). - drm/udl: Replace drm_dev_unref with drm_dev_put (bsc#1111666). - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/udl: introduce a macro to convert dev to udl (bsc#1111666). - drm/udl: move to embedding drm device inside udl device (bsc#1111666). - drm/v3d: Handle errors from IRQ setup (bsc#1111666). - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - drm/vc4: fix fb references in async update (bsc#1141312). - drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: Honor the sg list segment size limitation (bsc#1111666). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: Remove set but not used variable 'restart' (bsc#1111666). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666). - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: Fix drm_release() and device unplug (bsc#1111666). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - drm: add fallback override/firmware EDID modes workaround (bsc#1111666). - drm: add non-desktop quirk for Valve HMDs (bsc#1111666). - drm: add non-desktop quirks to Sensics and OSVR headsets (bsc#1111666). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm: don't block fb changes for async plane updates (bsc#1111666). - drm: etnaviv: avoid DMA API warning when importing buffers (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666). - drm: rcar-du: Fix rcar_du_crtc structure documentation (bsc#1111666). - drm: return -EFAULT if copy_to_user() fails (bsc#1111666). - drm_dp_cec: add note about good MegaChips 2900 CEC support (bsc#1136978). - drm_dp_cec: check that aux has a transfer function (bsc#1136978). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert "Defer persistent reservations until after paging_init()" (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - failover: allow name change on IFF_UP slave interfaces (bsc#1109837). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712) - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995 fate#323487). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1111666). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hwmon: (core) add thermal sensors only if dev of_node is present (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwrng: omap - Set default quality (bsc#1051510). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1133311). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1133311). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: imx: correct the method of getting private data in notifier_call (bsc#1111666). - i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374). - i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374). - i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374). - i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374). - i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374). - i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374). - i2c: synquacer: fix enumeration of slave devices (bsc#1111666). - i2c: synquacer: fix synquacer_i2c_doxfer() return value (bsc#1111666). - ib/hw: Remove unneeded semicolons (bsc#1136456 jsc#SLE-4689). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - idr: fix overflow case for idr_for_each_entry_ul() (bsc#1109837). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - include/linux/bitops.h: introduce BITS_PER_TYPE (bsc#1136345 jsc#SLE-4681). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - infiniband/qedr: Potential null ptr dereference of qp (bsc#1136456 jsc#SLE-4689). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu-helper: mark iommu_is_span_boundary as inline (jsc#SLE-6197 bsc#1140559 LTC#173150). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi: Prevent use-after-free in deliver_response (bsc#1111666). - ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user release_barrier (bsc#1111666). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732). - ipvlan: Add the skb mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Don't clear eventid when freeing an MSI (bsc#1051510). - iw_cxgb*: kzalloc the iwcm verbs struct (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: Check for send WR also while posting write with completion WR (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: Fix qpid leak (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: Make function read_tcb() static (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: complete the cached SRQ buffers (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iw_cxgb4: fix srqidx leak during connection abort (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - iw_cxgb4: use listening ep tos when accepting new connections (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: use tos when finding ipv6 routes (bsc#1136348 jsc#SLE-4684). - iw_cxgb4: use tos when importing the endpoint (bsc#1136348 jsc#SLE-4684). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: Fix double-free problems in iwl_req_fw_callback() (bsc#1111666). - iwlwifi: correct one of the PCI struct names (bsc#1111666). - iwlwifi: don't WARN when calling iwl_get_shared_mem_conf with RF-Kill (bsc#1111666). - iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices (bsc#1111666). - iwlwifi: fix cfg structs for 22000 with different RF modules (bsc#1111666). - iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules (bsc#1111666). - iwlwifi: fix driver operation for 5350 (bsc#1111666). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: Drop large non sta frames (bsc#1111666). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: don't crash on invalid RX interrupt (bsc#1051510). - iwlwifi: pcie: don't service an interrupt that was masked (bsc#1111666). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1111666). - ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI fix for hda_codec.relaxed_resume flag (bsc#1111666). - kABI workaround for asus-wmi changes (bsc#1051510). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kABI: protect functions using struct net_generic (bsc#1129845 LTC#176252). - kABI: protect struct smc_ib_device (bsc#1129845 LTC#176252). - kABI: protect struct smcd_dev (bsc#1129845 LTC#176252). - kabi fixup blk_mq_register_dev() (bsc#1140637). - kabi protect struct iw_cm_id (bsc#1136348 jsc#SLE-4684). - kabi protect struct vf_info (bsc#1136347 jsc#SLE-4683). - kabi/severities: exclude hns3 symbols (bsc#1134948) - kabi/severities: exclude qed* symbols (bsc#1136461) - kabi/severities: exclude qed* symbols (bsc#1136461) - kabi: Fix lost iommu-helper symbols on arm64 (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: mask changes made by basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by use of DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kabi: remove unused hcall definition (bsc#1140322 LTC#176270). - kabi: s390: enum interruption_class (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730 LTC#173388). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995 fate#323487). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernel/padata.c: Make RT aware (SLE Realtime Extension (bnc#1135344)). - kernel/padata.c: Make RT aware (SLE Realtime Extension (bnc#1135344)). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kernfs: do not set dentry d_fsdata (boo#1133115). - keys: safe concurrent user {session,uid}_keyring access (bsc#1135642). - keys: safe concurrent user {session,uid}_keyring access (bsc#1135642). - keys: safe concurrent user {session,uid}_keyring access (bsc#1135642). - keys: safe concurrent user {session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132555). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_kvm_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_kvm_NO_POLL for bsc#1119222 - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - kvm: x86: Report STibP on GET_SUPPORTED_CPUID (bsc#1111331). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: revert "l2tp: fix missing print session offset info" (bsc#1051510). - leds: avoid flush_work in atomic context (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib/scatterlist: Fix mapping iterator when sg offset is greater than PAGE_SIZE (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libata: fix using DMA buffers on stack (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master. - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libcxgb: fix incorrect ppmax calculation (bsc#1136345 jsc#SLE-4681). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm/region: Register badblocks before namespaces (bsc#1143209). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995 fate#323487). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995 fate#323487). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode (bsc#1111666). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: do not start any work during reconfigure flow (bsc#1111666). - mac80211: don't attempt to rename ERR_PTR() debugfs dirs (bsc#1111666). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() (bsc#1111666). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac80211: free peer keys before vif down in mesh (bsc#1111666). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1111666). - mac80211: only warn once on chanctx_conf being NULL (bsc#1111666). - mac8390: Fix mmio access size probe (bsc#1051510). - md: batch flush requests (bsc#1119680). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format doesn't match (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - media: v4l2: Test type instead of cfg type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mips: fix an off-by-one in dma_capable (jsc#SLE-6197 bsc#1140559 LTC#173150). - mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374). - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374). - mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374). - mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374). - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374). - mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374). - mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374). - mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374). - mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374). - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed (bsc#1112374). - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm/debug.c: fix __dump_page when mapping host is not set (bsc#1131934). - mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992 FATE#326009). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: fix race on soft-offlining free huge pages (bsc#1139712). - mm: hugetlb: delete dequeue_hwpoisoned_huge_page() (bsc#1139712). - mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712). - mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712). - mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge (bsc#bsc#1139712). - mm: hugetlb: soft_offline: save compound page order before page migration (bsc#1139712) - mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712). - mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712). - mm: hwpoison: introduce idenfity_page_state (bsc#1139712). - mm: hwpoison: introduce memory_failure_hugetlb() (bsc#1139712). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mm: soft-offline: close the race against page allocation (bsc#1139712). - mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712). - mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails (bsc#1139712). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: bcm2835 MMC issues (bsc#1070872). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: Fix tag set memory leak (bsc#1111666). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: complete HS400 before checking status (bsc#1111666). - mmc: core: fix possible use after free of host (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: don't claim spurious interrupts (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mt7601u: bump supported EEPROM version (bsc#1051510). - mt7601u: do not schedule rx_tasklet when the device has been disconnected (bsc#1111666). - mt7601u: fix possible memory leak when the device is disconnected (bsc#1111666). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Make resume actually do something useful again on SDIO cards (bsc#1111666). - mwifiex: don't advertise IBSS features without FW support (bsc#1129770). - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - net/af_iucv: build proper skbs for HiperTransport (bsc#1142221 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142221 LTC#179332). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/mlx5: Avoid reloading already removed devices (bsc#1103990 FATE#326006). - net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990 FATE#326006). - net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 FATE#326006). - net/mlx5: Set completion EQs as shared resources (bsc#1103991 FATE#326007). - net/mlx5: Update pci error handler entries and command translation (bsc#1103991 FATE#326007). - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990 FATE#326006). - net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 FATE#326006). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990 FATE#326006). - net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 FATE#326006). - net/mlx5e: Rx, Fix checksum calculation for new hardware (bsc#1127611). - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837). - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 FATE#326006). - net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837). - net/sched: cbs: fix port_rate miscalculation (bsc#1109837). - net/sched: don't dereference a goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: don't dereference a goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/smc: add pnet table namespace support (bsc#1129845 LTC#176252). - net/smc: add smcd support to the pnet table (bsc#1129845 LTC#176252). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1129845 LTC#176252). - net/smc: allow pnetid-less configuration (bsc#1129845 LTC#176252). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1129845 LTC#176252). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: return booleans instead of integers (bsc#1096003, FATE#325023, LTC#164003). - net/smc: rework pnet table (bsc#1129845 LTC#176252). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net/tls: avoid NULL pointer deref on nskb sk in fallback (bsc#1109837). - net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837). - net/tls: don't copy negative amounts of data in reencrypt (bsc#1109837). - net/tls: don't ignore netdev notifications if no TLS features (bsc#1109837). - net/tls: don't leak IV and record seq when offload fails (bsc#1109837). - net/tls: don't leak partially sent record in device mode (bsc#1109837). - net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837). - net/tls: fix copy to fragments in reencrypt (bsc#1109837). - net/tls: fix page double free on TX cleanup (bsc#1109837). - net/tls: fix refcount adjustment in fallback (bsc#1109837). - net/tls: fix socket wmem accounting on fallback with netem (bsc#1109837). - net/tls: fix state removal with feature flags off (bsc#1109837). - net/tls: fix the IV leaks (bsc#1109837). - net/tls: free ctx in sock destruct (bsc#1136353 jsc#SLE-4688). - net/tls: make sure offload also gets the keys wiped (bsc#1109837). - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837). - net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837). - net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837). - net: Fix missing meta data in skb with vlan packet (bsc#1109837). - net: chelsio: Add a missing check on cudg_get_buffer (bsc#1136345 jsc#SLE-4681). - net: core: support XDP generic on stacked devices (bsc#1109837). - net: cxgb4: fix various indentation issues (bsc#1136345 jsc#SLE-4681). - net: don't clear sock sk early to avoid trouble in strparser (bsc#1103990 FATE#326006). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879). - net: ena: add ethtool function for changing io queue sizes (bsc#1138879). - net: ena: add good checksum counter (bsc#1138879). - net: ena: add handling of llq max tx burst size (bsc#1138879). - net: ena: add newline at the end of pr_err prints (bsc#1138879). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879). - net: ena: allow automatic fallback to polling mode (bsc#1138879). - net: ena: allow queue allocation backoff when low on memory (bsc#1138879). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879). - net: ena: enable negotiating larger Rx ring size (bsc#1138879). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879). - net: ena: fix incorrect test of supported hash function (bsc#1138879). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879). - net: ena: gcc 8: fix compilation warning (bsc#1138879). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879). - net: ena: make ethtool show correct current and max queue sizes (bsc#1138879). - net: ena: optimise calculations for CQ doorbell (bsc#1138879). - net: ena: remove inline keyword from functions in *.c (bsc#1138879). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879). - net: ena: use dev_info_once instead of static variable (bsc#1138879). - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836). - net: hns3: Add handling of MAC tunnel interruption (bsc#1104353 bsc#1134983). - net: hns3: Add support for netif message level settings (bsc#1104353 bsc#1134989). - net: hns3: Fix inconsistent indenting (bsc#1140676). - net: hns3: Make hclge_destroy_cmd_queue static (bsc#1104353 bsc#1137201). - net: hns3: Make hclgevf_update_link_mode static (bsc#1104353 bsc#1137201). - net: hns3: add counter for times RX pages gets allocated (bsc#1104353 bsc#1134947). - net: hns3: add error handler for initializing command queue (bsc#1104353 bsc#1135058). - net: hns3: add function type check for debugfs help information (bsc#1104353 bsc#1134980). - net: hns3: add hns3_gro_complete for HW GRO process (bsc#1104353 bsc#1135051). - net: hns3: add linearizing checking for TSO case (bsc#1104353 bsc#1134947). - net: hns3: add queue's statistics update to service task (bsc#1104353 bsc#1134981). - net: hns3: add reset statistics for VF (bsc#1104353 bsc#1134995). - net: hns3: add reset statistics info for PF (bsc#1104353 bsc#1134995). - net: hns3: add some debug info for hclgevf_get_mbx_resp() (bsc#1104353 bsc#1134994). - net: hns3: add some debug information for hclge_check_event_cause (bsc#1104353 bsc#1134994). - net: hns3: add support for dump ncl config by debugfs (bsc#1104353 bsc#1134987). - net: hns3: adjust the timing of hns3_client_stop when unloading (bsc#1104353 bsc#1137201). - net: hns3: always assume no drop TC for performance reason (bsc#1104353 bsc#1135049). - net: hns3: check 1000M half for hns3_ethtool_ops.set_link_ksettings (bsc#1104353 bsc#1137201). - net: hns3: check resetting status in hns3_get_stats() (bsc#1104353 bsc#1137201). - net: hns3: code optimization for command queue' spin lock (bsc#1104353 bsc#1135042). - net: hns3: combine len and checksum handling for inner and outer header (bsc#1104353 bsc#1134947). - net: hns3: deactive the reset timer when reset successfully (bsc#1104353 bsc#1137201). - net: hns3: divide shared buffer between TC (bsc#1104353 bsc#1135047). - net: hns3: do not initialize MDIO bus when PHY is inexistent (bsc#1104353 bsc#1135045). - net: hns3: do not request reset when hardware resetting (bsc#1104353 bsc#1137201). - net: hns3: dump more information when tx timeout happens (bsc#1104353 bsc#1134990). - net: hns3: fix VLAN offload handle for VLAN inserted by port (bsc#1104353 bsc#1135053). - net: hns3: fix data race between ring next_to_clean (bsc#1104353 bsc#1134975 bsc#1134945). - net: hns3: fix data race between ring next_to_clean (bsc#1104353 bsc#1134975 bsc#1134945). - net: hns3: fix for HNS3_RXD_GRO_SIZE_M macro (bsc#1104353 bsc#1137201). - net: hns3: fix for tunnel type handling in hns3_rx_checksum (bsc#1104353 bsc#1134946). - net: hns3: fix for vport bw_limit overflow problem (bsc#1104353 bsc#1134998). - net: hns3: fix keep_alive_timer not stop problem (bsc#1104353 bsc#1135055). - net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info() (bsc#1104353 bsc#1134990). - net: hns3: fix pause configure fail problem (bsc#1104353 bsc#1134951 bsc#1134951). - net: hns3: fix set port based VLAN for PF (bsc#1104353 bsc#1135053). - net: hns3: fix set port based VLAN issue for VF (bsc#1104353 bsc#1135053). - net: hns3: fix sparse: warning when calling hclge_set_vlan_filter_hw() (bsc#1104353 bsc#1134999). - net: hns3: free the pending skb when clean RX ring (bsc#1104353 bsc#1135044). - net: hns3: handle pending reset while reset fail (bsc#1104353 bsc#1135058). - net: hns3: handle the BD info on the last BD of the packet (bsc#1104353 bsc#1134974). - net: hns3: ignore lower-level new coming reset (bsc#1104353 bsc#1137201). - net: hns3: minor refactor for hns3_rx_checksum (bsc#1104353 bsc#1135052). - net: hns3: modify VLAN initialization to be compatible with port based VLAN (bsc#1104353 bsc#1135053). - net: hns3: modify the VF network port media type acquisition method (bsc#1104353 bsc#1137201). - net: hns3: not reset TQP in the DOWN while VF resetting (bsc#1104353 bsc#1134952). - net: hns3: not reset vport who not alive when PF reset (bsc#1104353 bsc#1137201). - net: hns3: optimize the barrier using when cleaning TX BD (bsc#1104353 bsc#1134945). - net: hns3: prevent change MTU when resetting (bsc#1104353 bsc#1137201). - net: hns3: prevent double free in hns3_put_ring_config() (bsc#1104353 bsc#1134950). - net: hns3: reduce resources use in kdump kernel (bsc#1104353 bsc#1137201). - net: hns3: refactor BD filling for l2l3l4 info (bsc#1104353 bsc#1134947). - net: hns3: refine tx timeout count handle (bsc#1104353 bsc#1134990). - net: hns3: remove reset after command send failed (bsc#1104353 bsc#1134949). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: hns3: return 0 and print warning when hit duplicate MAC (bsc#1104353 bsc#1137201). - net: hns3: set dividual reset level for all RAS and MSI-X errors (bsc#1104353 bsc#1135046). - net: hns3: set up the vport alive state while reinitializing (bsc#1104353 bsc#1137201). - net: hns3: set vport alive state to default while resetting (bsc#1104353 bsc#1137201). - net: hns3: some cleanup for struct hns3_enet_ring (bsc#1104353 bsc#1134947). - net: hns3: stop mailbox handling when command queue need re-init (bsc#1104353 bsc#1135058). - net: hns3: stop sending keep alive msg when VF command queue needs reinit (bsc#1104353 bsc#1134972). - net: hns3: unify maybe_stop_tx for TSO and non-TSO case (bsc#1104353 bsc#1134947). - net: hns3: unify the page reusing for page size 4K and 64K (bsc#1104353 bsc#1134947). - net: hns3: use atomic_t replace u32 for arq's count (bsc#1104353 bsc#1134953). - net: hns3: use devm_kcalloc when allocating desc_cb (bsc#1104353 bsc#1134947). - net: hns3: use napi_schedule_irqoff in hard interrupts handlers (bsc#1104353 bsc#1134947). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bsc#1140676). - net: hns: Fix loopback test failed at copper ports (bsc#1140676). - net: hns: Fix probabilistic memory overwrite when HNS driver initialized (bsc#1140676). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bsc#1140676). - net: hns: fix ICMP6 neighbor solicitation messages discard problem (bsc#1140676). - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() (bsc#1140676). - net: hns: fix unsigned comparison to less than zero (bsc#1140676). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113 FATE#326472). - net: phy: marvell: Enable interrupt function on LED2 pin (bsc#1135018). - net: phy: marvell: add new default led configure for m88e151x (bsc#1135018). - net: phy: marvell: change default m88e1510 LED configuration (bsc#1135018). - net: smc_close: mark expected switch fall-through (bsc#1096003, FATE#325023, LTC#164003). - net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837). - nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837). - nfs: Fix dentry revalidation on nfsv4 lookup (bsc#1132618). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nl80211: fix station_info pertid memory leak (bsc#1051510). - nvme-fc: use separate work queue to avoid warning (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1130937). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - overflow: Fix -Wtype-limits compilation warnings (bsc#1111666). - p54: drop device reference count if fails to enable device (bsc#1135642). - p54: drop device reference count if fails to enable device (bsc#1135642). - p54: drop device reference count if fails to enable device (bsc#1135642). - p54: drop device reference count if fails to enable device (bsc#1135642). - p54usb: Fix race between disconnect and firmware loading (bsc#1111666). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for PCIe ports (bsc#1142623). - pci/aer: Use cached AER Capability offset (bsc#1142623). - pci/p2pdma: Fix missing check for dma_virt_ops (bsc#1111666). - pci/portdrv: Add #defines for AER and DPC Interrupt Message Number masks (bsc#1142623). - pci/portdrv: Consolidate comments (bsc#1142623). - pci/portdrv: Disable port driver in compat mode (bsc#1142623). - pci/portdrv: Remove pcie_portdrv_err_handler.slot_reset (bsc#1142623). - pci/portdrv: Support PCIe services on subtractive decode bridges (bsc#1142623). - pci/portdrv: Use conventional Device ID table formatting (bsc#1142623). - pci: Init PCIe feature bits for managed host bridge alloc (bsc#1111666). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - pci: pciehp: Tolerate Presence Detect hardwired to zero (bsc#1133016). - pci: portdrv: Restore PCI config state on slot reset (bsc#1142623). - perf/x86/amd: Add event map for AMD Family 17h (bsc#1134223). - perf/x86/amd: Update generic hardware cache events for Family 17h (bsc#1134223). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pinctrl/amd: add get_direction handler (bsc#1140463). - pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463). - pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463). - pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994). - platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374). - platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow (bsc#1111666). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning" (bsc#1051510). - platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374). - platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374). - platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374). - platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374). - platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374). - platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374). - platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374). - platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374). - platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374). - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374). - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374). - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374). - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374). - platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374). - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374). - platform/x86: mlx-platform: Remove unused define (bsc#1112374). - platform/x86: mlx-platform: Rename new systems product names (bsc#1112374). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - platform_data/mlxreg: Add capability field to core platform data (bsc#1112374). - platform_data/mlxreg: Document fixes for core platform data (bsc#1112374). - platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374). - pm: acpi/PCI: Resume all devices during hibernation (bsc#1111666). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, FATE#323286, git-fixes). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/papr_scm: Force a scm-unbind if initial scm-bind fails (bsc#1140322 LTC#176270). - powerpc/papr_scm: Update drc_pmem_unbind() to use H_SCM_UNBIND_ALL (bsc#1140322 LTC#176270). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Don't reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries: Update SCM hcall op-codes in hvcall.h (bsc#1140322 LTC#176270). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - ppc: Convert mmu context allocation to new IDA API (bsc#1139619 LTC#178538). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - proc/kcore: don't bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Don't disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: stm32: Use 3 cells of_xlate() (bsc#1111666). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qed*: Add iWARP 100g support (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed*: Add iWARP 100g support (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed*: Add iWARP 100g support (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed*: Add iWARP 100g support (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed*: Change hwfn used for sb initialization (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed*: Change hwfn used for sb initialization (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed*: Change hwfn used for sb initialization (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed*: Change hwfn used for sb initialization (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add API for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add API for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add API for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add API for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add infrastructure for error detection and recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add infrastructure for error detection and recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add infrastructure for error detection and recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add infrastructure for error detection and recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add llh ppfid interface and 100g support for offload protocols (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add llh ppfid interface and 100g support for offload protocols (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add llh ppfid interface and 100g support for offload protocols (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add llh ppfid interface and 100g support for offload protocols (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add qed devlink parameters table (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add qed devlink parameters table (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add qed devlink parameters table (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Add qed devlink parameters table (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Define new MF bit for no_vlan config (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Define new MF bit for no_vlan config (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Define new MF bit for no_vlan config (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Define new MF bit for no_vlan config (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Delete redundant doorbell recovery types (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Delete redundant doorbell recovery types (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Delete redundant doorbell recovery types (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Delete redundant doorbell recovery types (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP buffer size provided for syn packet processing (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP buffer size provided for syn packet processing (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP buffer size provided for syn packet processing (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP buffer size provided for syn packet processing (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP syn packet mac address validation (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP syn packet mac address validation (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP syn packet mac address validation (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix iWARP syn packet mac address validation (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix missing DORQ attentions (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix missing DORQ attentions (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix missing DORQ attentions (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix missing DORQ attentions (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix static checker warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix static checker warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix static checker warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix static checker warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the DORQ's attentions handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the DORQ's attentions handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the DORQ's attentions handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the DORQ's attentions handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the doorbell address sanity check (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the doorbell address sanity check (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the doorbell address sanity check (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix the doorbell address sanity check (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Mark expected switch fall-through (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Mark expected switch fall-through (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Mark expected switch fall-through (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Mark expected switch fall-through (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify api for performing a dmae to another PF (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify api for performing a dmae to another PF (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify api for performing a dmae to another PF (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify api for performing a dmae to another PF (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify offload protocols to use the affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify offload protocols to use the affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify offload protocols to use the affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Modify offload protocols to use the affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Read device port count from the shmem (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Read device port count from the shmem (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Read device port count from the shmem (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Read device port count from the shmem (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Reduce the severity of ptp debug message (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Reduce the severity of ptp debug message (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Reduce the severity of ptp debug message (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Reduce the severity of ptp debug message (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Revise load sequence to avoid pci errors (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Revise load sequence to avoid pci errors (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Revise load sequence to avoid pci errors (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Revise load sequence to avoid pci errors (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Set the doorbell address correctly (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Set the doorbell address correctly (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Set the doorbell address correctly (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Set the doorbell address correctly (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix indentation issue with statements in an if-block (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix indentation issue with statements in an if-block (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix indentation issue with statements in an if-block (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix indentation issue with statements in an if-block (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake "faspath" "fastpath" (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake "faspath" "fastpath" (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake "faspath" "fastpath" (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake "faspath" "fastpath" (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake "inculde" "include" (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake "inculde" "include" (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake "inculde" "include" (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: fix spelling mistake "inculde" "include" (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove duplicated include from qed_if.h (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove duplicated include from qed_if.h (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove duplicated include from qed_if.h (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove duplicated include from qed_if.h (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove redundant assignment to rc (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove redundant assignment to rc (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove redundant assignment to rc (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: remove redundant assignment to rc (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Add ethtool interface for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Add ethtool interface for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Add ethtool interface for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Add ethtool interface for SmartAN query (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Error recovery process (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Error recovery process (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Error recovery process (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Error recovery process (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Fix internal loopback failure with jumbo mtu configuration (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Fix internal loopback failure with jumbo mtu configuration (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Fix internal loopback failure with jumbo mtu configuration (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Fix internal loopback failure with jumbo mtu configuration (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Handle infinite driver spinning for Tx timestamp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Handle infinite driver spinning for Tx timestamp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Handle infinite driver spinning for Tx timestamp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Handle infinite driver spinning for Tx timestamp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Populate mbi version in ethtool driver query data (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Populate mbi version in ethtool driver query data (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Populate mbi version in ethtool driver query data (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: Populate mbi version in ethtool driver query data (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: fix write to free'd pointer error and double free of ptp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: fix write to free'd pointer error and double free of ptp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: fix write to free'd pointer error and double free of ptp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: fix write to free'd pointer error and double free of ptp (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: place ethtool_rx_flow_spec after code after TC flower codebase (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: place ethtool_rx_flow_spec after code after TC flower codebase (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: place ethtool_rx_flow_spec after code after TC flower codebase (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qede: place ethtool_rx_flow_spec after code after TC flower codebase (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462). - qedr: Change the MSI-X vectors selection to be based on affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedr: Change the MSI-X vectors selection to be based on affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedr: Change the MSI-X vectors selection to be based on affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedr: Change the MSI-X vectors selection to be based on affined engine (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128971). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qla2xxx: kABI fixes for v10.00.00.14-k (bsc#1136215). - qla2xxx: kABI fixes for v10.01.00.15-k (bsc#1136215). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qlcnic: remove assumption that vlan_tci != 0 (bsc#1136469 jsc#SLE-4695). - qlcnic: remove set but not used variables 'cur_rings, max_hw_rings, tx_desc_info' (bsc#1136469 jsc#SLE-4695). - qlcnic: remove set but not used variables 'op, cmd_op' (bsc#1136469 jsc#SLE-4695). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - qmi_wwan: add Olicard 600 (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681). - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681). - rdma/cxbg: Use correct sizing on buffers holding page DMA addresses (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions and structs (bsc#1127371). - rdma/cxgb4: Don't expose DMA addresses (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: Fix null pointer dereference on alloc_skb failure (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: Fix spelling mistake "immedate" "immediate" (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/cxgb4: Remove kref accounting for sync operation (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: Use sizeof() notation (bsc#1136348 jsc#SLE-4684). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/hns: Add SCC context allocation support for hip08 (bsc#1104427 bsc#1126206). - rdma/hns: Add SCC context clr support for hip08 (bsc#1104427 bsc#1126206). - rdma/hns: Add constraint on the setting of local ACK timeout (bsc#1104427 bsc#1137233). - rdma/hns: Add the process of AEQ overflow for hip08 (bsc#1104427 bsc#1126206). - rdma/hns: Add timer allocation support for hip08 (bsc#1104427 bsc#1126206). - rdma/hns: Bugfix for SCC hem free (bsc#1104427 bsc#1137236). - rdma/hns: Bugfix for mapping user db (bsc#1104427 bsc#1137236). - rdma/hns: Bugfix for posting multiple srq work request (bsc#1104427 bsc#1137236). - rdma/hns: Bugfix for sending with invalidate (bsc#1104427 bsc#1137236). - rdma/hns: Bugfix for set hem of SCC (bsc#1104427 bsc#1137236). - rdma/hns: Bugfix for the scene without receiver queue (bsc#1104427 bsc#1137233). - rdma/hns: Configure capacity of hns device (bsc#1104427 bsc#1137236). - rdma/hns: Delete useful prints for aeq subtype event (bsc#1104427 bsc#1126206). - rdma/hns: Fix the Oops during rmmod or insmod ko when reset occurs (bsc#1104427 bsc#1137232). - rdma/hns: Fix the bug with updating rq head pointer when flush cqe (bsc#1104427 bsc#1137233). - rdma/hns: Fix the chip hanging caused by sending doorbell during reset (bsc#1104427 bsc#1137232). - rdma/hns: Fix the chip hanging caused by sending mailbox CMQ during reset (bsc#1104427 bsc#1137232). - rdma/hns: Fix the state of rereg mr (bsc#1104427 bsc#1137236). - rdma/hns: Hide error print information with roce vf device (bsc#1104427 bsc#1137236). - rdma/hns: Limit minimum ROCE CQ depth to 64 (bsc#1104427 bsc#1137236). - rdma/hns: Make some function static (bsc#1104427 bsc#1126206). - rdma/hns: Modify qp specification according to UM (bsc#1104427 bsc#1137233). - rdma/hns: Modify the pbl ba page size for hip08 (bsc#1104427 bsc#1137233). - rdma/hns: Move spin_lock_irqsave to the correct place (bsc#1104427 bsc#1137236). - rdma/hns: Remove jiffies operation in disable interrupt context (bsc#1104427 bsc#1137236). - rdma/hns: Remove set but not used variable 'rst' (bsc#1104427 bsc#1126206). - rdma/hns: Set allocated memory to zero for wrid (bsc#1104427 bsc#1137236). - rdma/hns: Update CQE specifications (bsc#1104427 bsc#1137236). - rdma/hns: rdma/hns: Assign rq head pointer when enable rq record db (bsc#1104427 bsc#1137236). - rdma/iw_cxgb4: Always disconnect when QP is transitioning to TERMINATE state (bsc#1136348 jsc#SLE-4684). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rdma/iwcm: add tos_set bool to iw_cm struct (bsc#1136348 jsc#SLE-4684). - rdma/qedr: Fix incorrect device rate (bsc#1136188). - rdma/qedr: Fix out of bounds index check in query pkey (bsc#1136456 jsc#SLE-4689). - rdma/smc: Replace ib_query_gid with rdma_get_gid_attr (bsc#1131530 LTC#176717). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rpm/post.sh: correct typo in err msg (bsc#1137625) - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: don't reference bogus function pointer in kdoc (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - rtlwifi: fix potential NULL pointer dereference (bsc#1111666). - rtlwifi: rtl8192cu: fix error handle when usb probe failed (bsc#1111666). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/airq: recognize directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/airq: use DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: add basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: introduce DMA pools to cio (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cpumf: Add extended counter set definitions for model 8561 and 8562 (bsc#1142052 LTC#179320). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/dma: provide proper ARCH_ZONE_DMA_BITS value (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/mm: force swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/pci: add parameter to disable usage of MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: add parameter to force floating irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: clarify interrupt vector usage (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: fix assignment of bus resources (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: fix struct definition for set PCI function (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: mark command line parser data __initdata (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: provide support for MIO instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390/pci: remove stale rc (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pci: remove unused define (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/protvirt: block kernel command line alteration (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142119 LTC#179331). - s390/qeth: be drop monitor friendly (bsc#1142115 LTC#179337). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/sclp: detect DIRQ facility (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - s390/setup: fix early warning messages (bsc#1051510). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 FATE#327003 bsc#1135153 LTC#173151). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - s390: enable processes for mio instructions (jsc#SLE-5802 FATE#327055 bsc#1134738 LTC#173387). - s390: remove the unused dma_capable helper (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390: show statistics for MSI IRQs (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#173388). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1136217,jsc#SLE-4722). - scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161). - scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: fix spelling mistake "Retreiving" "Retrieving" (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343). - scsi: cxgb4i: add wait_for_completion() (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: KABI: fix handle completion etc (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: remove redundant __kfree_skb call on skb and free cst atid (jsc#SLE-4678 bsc#1136342). - scsi: fc: add FPIN ELS definition (bsc#1136217,jsc#SLE-4722). - scsi: hisi: KABI ignore new symbols (bsc#1135038). - scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset() (bsc#1135033). - scsi: hisi_sas: Adjust the printk format of functions hisi_sas_init_device() (bsc#1135037). - scsi: hisi_sas: Do not fail IT nexus reset for Open Reject timeout (bsc#1135033). - scsi: hisi_sas: Do not hard reset disk during controller reset (bsc#1135034). - scsi: hisi_sas: Fix for setting the PHY linkrate when disconnected (bsc#1135038). - scsi: hisi_sas: Remedy inconsistent PHY down state in software (bsc#1135039). - scsi: hisi_sas: Send HARD RESET to clear the previous affiliation of STP target port (bsc#1135037). - scsi: hisi_sas: Set PHY linkrate when disconnected (bsc#1135038). - scsi: hisi_sas: Some misc tidy-up (bsc#1135031). - scsi: hisi_sas: Support all RAS events with MSI interrupts (bsc#1135035). - scsi: hisi_sas: add host reset interface for test (bsc#1135041). - scsi: hisi_sas: allocate different SAS address for directly attached situation (bsc#1135036). - scsi: hisi_sas: remove the check of sas_dev status in hisi_sas_I_T_nexus_reset() (bsc#1135037). - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156). - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: libsas: Do discovery on empty PHY to update PHY info (bsc#1135024). - scsi: libsas: Improve vague log in SAS rediscovery (bsc#1135027). - scsi: libsas: Inject revalidate event for root port event (bsc#1135026). - scsi: libsas: Print expander PHY indexes in decimal (bsc#1135021). - scsi: libsas: Stop hardcoding SAS address length (bsc#1135029). - scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery (bsc#1135028). - scsi: libsas: Try to retain programmed min linkrate for SATA min pathway unmatch fixing (bsc#1135028). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: lpfc: Add loopback testing to trunking mode (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Annotate switch/case fall-through (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Cancel queued work for an IO when processing a received ABTS (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Change smp_processor_id() into raw_smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Convert bootstrap mbx polling from msleep to udelay (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Coordinate adapter error handling with offline handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct boot bios information to FDMI registration (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct localport timeout duration error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct nvmet buffer free race condition (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Declare local functions static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Enhance 6072 log string (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix BFS crash with DIX enabled (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI fc4type for nvme support (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI manufacturer attribute value (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix HDMI2 registration string for symbolic name (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix PT2PT PLOGI collison stopping discovery (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix a recently introduced compiler warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix alloc context on oas lun creations (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix build error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix deadlock due to nested hbalock call (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix driver crash in target reset handler (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix duplicate log message numbers (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error code if kcalloc() fails (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fc4type information for FDMI (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fcp_rsp_len checking on lun reset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix handling of trunk links state reporting (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix hardlockup in scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix incorrect logical link speed on trunks when links down (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix indentation and balance braces (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix io lost on host resets (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix kernel warnings related to smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix link speed reporting for 4-link trunk (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix location of SCSI ktime counters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix lpfc_nvmet_mrq attribute handling when 0 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix mailbox hang on adapter init (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix memory leak in abnormal exit path from lpfc_eq_create (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix missing wakeups on abort threads (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet async receive buffer replenishment (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of first burst cmd (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of received ABTS for unmapped frames (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet target abort cmd matching (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix oops when driver is loaded with 1 interrupt vector (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix protocol support on G6 and G7 adapters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix use-after-free mailbox cmd completion (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fixup eq_clr_intr references (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Make lpfc_sli4_oas_verify static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Move trunk_errmsg[] from a header file into a .c file (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Prevent 'use after free' memory overwrite in nvmet LS handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Reduce memory footprint for lpfc_queue (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set but not used variable 'phys_id' (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set-but-not-used variables (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove unused functions (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revert message logging on unsupported topology (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revise message when stuck due to unresponsive adapter (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Rework misleading nvme not supported in firmware message (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Separate CQ processing for nvmet_fc upcalls (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Specify node affinity for queue memory allocation (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Stop adapter if pci errors detected (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update Copyright in driver version (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.1 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.3 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: add support for posting FC events on FPIN reception (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: avoid uninitialized variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix 32-bit format string warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix a handful of indentation issues (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix calls to dma_set_mask_and_coherent() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix unused variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: use dma_set_mask_and_coherent (bsc#1136217,jsc#SLE-4722). - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271). - scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271). - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271). - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271). - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271). - scsi: megaraid_sas: correct an info message (bsc#1136271). - scsi: megaraid_sas: driver version update (bsc#1136271). - scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717). - scsi: qedf: Add LBA to underrun debug messages (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add a flag to help debugging io_req which could not be cleaned (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add additional checks for io_req sc_cmd validity (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add comment to display logging levels (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add driver state to 'driver_stats' debugfs node (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_scsi_done() (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add port_id for fcport into initiate_cleanup debug message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add return value to log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Change MSI-X load error message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for fcoe_libfc_config failure (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for tm_flags instead of cmd_type during cleanup (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check the return value of start_xmit (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Cleanup rrq_work after QEDF_CMD_OUTSTANDING is cleared (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Correctly handle refcounting of rdata (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not queue anything if upload is in progress (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not send ABTS for under run scenario (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Fix lport may be used uninitialized warning (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify flush routine to handle all I/Os and TMF (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print fcport information on wait for upload timeout (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print scsi_cmd backpointer in good completion path if the command is still being used (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Remove set but not used variable 'fr_len' (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.19 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Wait for upload and link down processing during soft ctx reset (bsc#1136467 jsc#SLE-4694). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1136467 jsc#SLE-4694). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove set but not used variables (bsc#1136467 jsc#SLE-4694). - scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Fix spelling mistake "OUSTANDING" "OUTSTANDING" (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462). - scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462). - scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1136215). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1136215). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1136215). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1136215). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1136215). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1136215). - scsi: qla2xxx: Add protection mask module parameters (bsc#1136215). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1136215). - scsi: qla2xxx: Add support for setting port speed (bsc#1136215). - scsi: qla2xxx: Avoid pci IRQ affinity mapping when multiqueue is not supported (bsc#1136215). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1136215). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1136215). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1136215). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1136215). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1136215). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1136215). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1136215). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1136215). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1136215). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1136215). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1136215). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1136215). - scsi: qla2xxx: Move marker request behind QPair (bsc#1136215). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1136215). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1136215). - scsi: qla2xxx: Remove FW default template (bsc#1136215). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1136215). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1136215). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1136215). - scsi: qla2xxx: Simplify conditional check again (bsc#1136215). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1136215). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1136215). - scsi: qla2xxx: Update flash read/write routine (bsc#1136215). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: avoid printf format warning (bsc#1136215). - scsi: qla2xxx: check for kstrtol() failure (bsc#1136215). - scsi: qla2xxx: do not crash on uninitialized pool list (boo#1138874). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: "existant" - "existent" (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1136215). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1136215). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1136217,jsc#SLE-4722). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1136217,jsc#SLE-4722). - scsi: smartpqi: Add retries for device reset (bsc#1133547). - scsi: smartpqi: Reporting 'logical unit failure' (bsc#1133547). - scsi: smartpqi: add H3C controller IDs (bsc#1133547). - scsi: smartpqi: add h3c ssid (bsc#1133547). - scsi: smartpqi: add no_write_same for logical volumes (bsc#1133547). - scsi: smartpqi: add ofa support (bsc#1133547). - scsi: smartpqi: add smp_utils support (bsc#1133547). - scsi: smartpqi: add spdx (bsc#1133547). - scsi: smartpqi: add support for PQI Config Table handshake (bsc#1133547). - scsi: smartpqi: add support for huawei controllers (bsc#1133547). - scsi: smartpqi: add sysfs attributes (bsc#1133547). - scsi: smartpqi: allow for larger raid maps (bsc#1133547). - scsi: smartpqi: bump driver version (bsc#1133547). - scsi: smartpqi: bump driver version (bsc#1133547). - scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown() (bsc#1133547). - scsi: smartpqi: check for null device pointers (bsc#1133547). - scsi: smartpqi: correct host serial num for ssa (bsc#1133547). - scsi: smartpqi: correct lun reset issues (bsc#1133547). - scsi: smartpqi: correct volume status (bsc#1133547). - scsi: smartpqi: do not offline disks for transient did no connect conditions (bsc#1133547). - scsi: smartpqi: enhance numa node detection (bsc#1133547). - scsi: smartpqi: fix build warnings (bsc#1133547). - scsi: smartpqi: fix disk name mount point (bsc#1133547). - scsi: smartpqi: fully convert to the generic DMA API (bsc#1133547). - scsi: smartpqi: increase LUN reset timeout (bsc#1133547). - scsi: smartpqi: increase fw status register read timeout (bsc#1133547). - scsi: smartpqi: refactor sending controller raid requests (bsc#1133547). - scsi: smartpqi: turn off lun data caching for ptraid (bsc#1133547). - scsi: smartpqi: update copyright (bsc#1133547). - scsi: smartpqi: update driver version (bsc#1133547). - scsi: smartpqi: wake up drives after os resumes from suspend (bsc#1133547). - scsi: smartpqi_init: fix boolean expression in pqi_device_remove_start (bsc#1133547). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi-mem: fix kernel-doc for spi_mem_dirmap_{read|write}() (bsc#1111666). - spi: Add missing pm_runtime_put_noidle() after failed get (bsc#1111666). - spi: Fix zero length xfer bug (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc (bsc#1111666). - staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference (bsc#1111666). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - supported.conf: Add cls_bpf, sch_ingress to kernel-default-base (bsc#1134743). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994) - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow for file-max (bsc#1051510). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: fix fack_count accounting on tcp_shift_skb_data() (CVE-2019-11477 bsc#1137586). - tcp: fix tcp_set_congestion_control() use from bpf hook (bsc#1109837). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - team: Always enable vlan tx offload (bsc#1051510). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - testing: nvdimm: provide SZ_4G constant (bsc#1132982). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tools: bpftool: Fix json dump crash on powerpc (bsc#1109837). - tools: bpftool: fix infinite loop in map create (bsc#1109837). - tools: bpftool: use correct argument in cgroup errors (bsc#1109837). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - tty: serial_core, add install (bnc#1129693). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300 ep[i] (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio/s390: DMA support for virtio-ccw (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: add indirection to indicators access (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: make airq summary indicators DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use DMA memory for ccw I/O and classic notifiers (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use cacheline aligned airq bit vectors (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use vring_create_virtqueue (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wil6210: drop old event after wmi_call timeout (bsc#1111666). - wil6210: fix potential out-of-bounds read (bsc#1051510). - wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext (bsc#1111666). - wil6210: fix spurious interrupts in 3-msi (bsc#1111666). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor (bsc#1114279). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and pciE SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/perf/amd: Remove need to check "running" bit in NMI handler (bsc#1131438). - x86/perf/amd: Resolve NMI latency issues for active PMCs (bsc#1131438). - x86/perf/amd: Resolve race condition when disabling PMC (bsc#1131438). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/umip: Make the UMIP activated message generic (bsc#1138336). - x86/umip: Print UMIP line only once (bsc#1138336). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xdp: check device pointer before clearing (bsc#1109837). - xdp: fix possible cq entry leak (bsc#1109837). - xdp: fix race on generic receive path (bsc#1109837). - xdp: hold device for umem regardless of zero-copy mode (bsc#1109837). - xen/pciback: Don't disable PCI_COMMAND on PCI device reset (bsc#1065600). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: check _btree_check_block value (bsc#1123663). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: do not overflow xattr listent buffer (bsc#1143105). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: don't clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: don't look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: don't use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: don't use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: hold xfs_buf locked between shortform leaf conversion and the addition of an attribute (bsc#1133675). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: refactor unmount record write (bsc#1114427). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). - xprtrdma: Fix use-after-free in rpcrdma_post_recvs (bsc#1103992 FATE#326009). - xsk: Properly terminate assignment in xskq_produce_flush_desc (bsc#1109837). - {nl,mac}80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2019-2430=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2430=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP1 (noarch): kernel-devel-rt-4.12.14-14.8.1 kernel-source-rt-4.12.14-14.8.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): cluster-md-kmp-rt-4.12.14-14.8.1 cluster-md-kmp-rt-debuginfo-4.12.14-14.8.1 dlm-kmp-rt-4.12.14-14.8.1 dlm-kmp-rt-debuginfo-4.12.14-14.8.1 gfs2-kmp-rt-4.12.14-14.8.1 gfs2-kmp-rt-debuginfo-4.12.14-14.8.1 kernel-rt-4.12.14-14.8.1 kernel-rt-base-4.12.14-14.8.1 kernel-rt-base-debuginfo-4.12.14-14.8.1 kernel-rt-debuginfo-4.12.14-14.8.1 kernel-rt-debugsource-4.12.14-14.8.1 kernel-rt-devel-4.12.14-14.8.1 kernel-rt-devel-debuginfo-4.12.14-14.8.1 kernel-rt_debug-debuginfo-4.12.14-14.8.1 kernel-rt_debug-debugsource-4.12.14-14.8.1 kernel-rt_debug-devel-4.12.14-14.8.1 kernel-rt_debug-devel-debuginfo-4.12.14-14.8.1 kernel-syms-rt-4.12.14-14.8.1 ocfs2-kmp-rt-4.12.14-14.8.1 ocfs2-kmp-rt-debuginfo-4.12.14-14.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): cluster-md-kmp-rt_debug-4.12.14-14.8.1 cluster-md-kmp-rt_debug-debuginfo-4.12.14-14.8.1 dlm-kmp-rt_debug-4.12.14-14.8.1 dlm-kmp-rt_debug-debuginfo-4.12.14-14.8.1 gfs2-kmp-rt_debug-4.12.14-14.8.1 gfs2-kmp-rt_debug-debuginfo-4.12.14-14.8.1 kernel-rt-debuginfo-4.12.14-14.8.1 kernel-rt-debugsource-4.12.14-14.8.1 kernel-rt-extra-4.12.14-14.8.1 kernel-rt-extra-debuginfo-4.12.14-14.8.1 kernel-rt-livepatch-4.12.14-14.8.1 kernel-rt-livepatch-devel-4.12.14-14.8.1 kernel-rt_debug-4.12.14-14.8.1 kernel-rt_debug-base-4.12.14-14.8.1 kernel-rt_debug-base-debuginfo-4.12.14-14.8.1 kernel-rt_debug-debuginfo-4.12.14-14.8.1 kernel-rt_debug-debugsource-4.12.14-14.8.1 kernel-rt_debug-extra-4.12.14-14.8.1 kernel-rt_debug-extra-debuginfo-4.12.14-14.8.1 kernel-rt_debug-livepatch-4.12.14-14.8.1 kernel-rt_debug-livepatch-devel-4.12.14-14.8.1 kselftests-kmp-rt-4.12.14-14.8.1 kselftests-kmp-rt-debuginfo-4.12.14-14.8.1 kselftests-kmp-rt_debug-4.12.14-14.8.1 kselftests-kmp-rt_debug-debuginfo-4.12.14-14.8.1 ocfs2-kmp-rt_debug-4.12.14-14.8.1 ocfs2-kmp-rt_debug-debuginfo-4.12.14-14.8.1 reiserfs-kmp-rt-4.12.14-14.8.1 reiserfs-kmp-rt-debuginfo-4.12.14-14.8.1 reiserfs-kmp-rt_debug-4.12.14-14.8.1 reiserfs-kmp-rt_debug-debuginfo-4.12.14-14.8.1 References: https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-16880.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2018-7191.html https://www.suse.com/security/cve/CVE-2019-10124.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-11085.html https://www.suse.com/security/cve/CVE-2019-11091.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11479.html https://www.suse.com/security/cve/CVE-2019-11486.html https://www.suse.com/security/cve/CVE-2019-11487.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-11811.html https://www.suse.com/security/cve/CVE-2019-11815.html https://www.suse.com/security/cve/CVE-2019-11833.html https://www.suse.com/security/cve/CVE-2019-11884.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12382.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12817.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://www.suse.com/security/cve/CVE-2019-13233.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://www.suse.com/security/cve/CVE-2019-3846.html https://www.suse.com/security/cve/CVE-2019-3882.html https://www.suse.com/security/cve/CVE-2019-5489.html https://www.suse.com/security/cve/CVE-2019-8564.html https://www.suse.com/security/cve/CVE-2019-9003.html https://www.suse.com/security/cve/CVE-2019-9500.html https://www.suse.com/security/cve/CVE-2019-9503.html https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1052904 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1055121 https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1070872 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1075020 https://bugzilla.suse.com/1082387 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1085535 https://bugzilla.suse.com/1085536 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1088804 https://bugzilla.suse.com/1093389 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1096003 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1099658 https://bugzilla.suse.com/1102247 https://bugzilla.suse.com/1103186 https://bugzilla.suse.com/1103259 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1106011 https://bugzilla.suse.com/1106284 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1108193 https://bugzilla.suse.com/1108838 https://bugzilla.suse.com/1108937 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1110946 https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1111696 https://bugzilla.suse.com/1112063 https://bugzilla.suse.com/1112128 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1114427 https://bugzilla.suse.com/1114542 https://bugzilla.suse.com/1114638 https://bugzilla.suse.com/1114685 https://bugzilla.suse.com/1115688 https://bugzilla.suse.com/1117114 https://bugzilla.suse.com/1117158 https://bugzilla.suse.com/1117561 https://bugzilla.suse.com/1118139 https://bugzilla.suse.com/1119113 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1119532 https://bugzilla.suse.com/1119680 https://bugzilla.suse.com/1120091 https://bugzilla.suse.com/1120318 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1120566 https://bugzilla.suse.com/1120843 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1122767 https://bugzilla.suse.com/1122776 https://bugzilla.suse.com/1123080 https://bugzilla.suse.com/1123454 https://bugzilla.suse.com/1123663 https://bugzilla.suse.com/1124503 https://bugzilla.suse.com/1124839 https://bugzilla.suse.com/1125703 https://bugzilla.suse.com/1126206 https://bugzilla.suse.com/1126356 https://bugzilla.suse.com/1126704 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127175 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1127374 https://bugzilla.suse.com/1127611 https://bugzilla.suse.com/1127616 https://bugzilla.suse.com/1128052 https://bugzilla.suse.com/1128415 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128544 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128904 https://bugzilla.suse.com/1128971 https://bugzilla.suse.com/1128979 https://bugzilla.suse.com/1129138 https://bugzilla.suse.com/1129273 https://bugzilla.suse.com/1129693 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1129845 https://bugzilla.suse.com/1130195 https://bugzilla.suse.com/1130425 https://bugzilla.suse.com/1130527 https://bugzilla.suse.com/1130567 https://bugzilla.suse.com/1130579 https://bugzilla.suse.com/1130699 https://bugzilla.suse.com/1130836 https://bugzilla.suse.com/1130937 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1131326 https://bugzilla.suse.com/1131427 https://bugzilla.suse.com/1131438 https://bugzilla.suse.com/1131451 https://bugzilla.suse.com/1131467 https://bugzilla.suse.com/1131488 https://bugzilla.suse.com/1131530 https://bugzilla.suse.com/1131565 https://bugzilla.suse.com/1131574 https://bugzilla.suse.com/1131587 https://bugzilla.suse.com/1131645 https://bugzilla.suse.com/1131659 https://bugzilla.suse.com/1131673 https://bugzilla.suse.com/1131847 https://bugzilla.suse.com/1131848 https://bugzilla.suse.com/1131851 https://bugzilla.suse.com/1131900 https://bugzilla.suse.com/1131934 https://bugzilla.suse.com/1131935 https://bugzilla.suse.com/1132044 https://bugzilla.suse.com/1132219 https://bugzilla.suse.com/1132226 https://bugzilla.suse.com/1132227 https://bugzilla.suse.com/1132365 https://bugzilla.suse.com/1132368 https://bugzilla.suse.com/1132369 https://bugzilla.suse.com/1132370 https://bugzilla.suse.com/1132372 https://bugzilla.suse.com/1132373 https://bugzilla.suse.com/1132384 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1132397 https://bugzilla.suse.com/1132402 https://bugzilla.suse.com/1132403 https://bugzilla.suse.com/1132404 https://bugzilla.suse.com/1132405 https://bugzilla.suse.com/1132407 https://bugzilla.suse.com/1132411 https://bugzilla.suse.com/1132412 https://bugzilla.suse.com/1132413 https://bugzilla.suse.com/1132414 https://bugzilla.suse.com/1132426 https://bugzilla.suse.com/1132527 https://bugzilla.suse.com/1132531 https://bugzilla.suse.com/1132555 https://bugzilla.suse.com/1132558 https://bugzilla.suse.com/1132561 https://bugzilla.suse.com/1132562 https://bugzilla.suse.com/1132563 https://bugzilla.suse.com/1132564 https://bugzilla.suse.com/1132570 https://bugzilla.suse.com/1132571 https://bugzilla.suse.com/1132572 https://bugzilla.suse.com/1132589 https://bugzilla.suse.com/1132618 https://bugzilla.suse.com/1132673 https://bugzilla.suse.com/1132681 https://bugzilla.suse.com/1132726 https://bugzilla.suse.com/1132828 https://bugzilla.suse.com/1132894 https://bugzilla.suse.com/1132943 https://bugzilla.suse.com/1132982 https://bugzilla.suse.com/1133005 https://bugzilla.suse.com/1133016 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1133094 https://bugzilla.suse.com/1133095 https://bugzilla.suse.com/1133115 https://bugzilla.suse.com/1133149 https://bugzilla.suse.com/1133176 https://bugzilla.suse.com/1133188 https://bugzilla.suse.com/1133190 https://bugzilla.suse.com/1133311 https://bugzilla.suse.com/1133320 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133486 https://bugzilla.suse.com/1133529 https://bugzilla.suse.com/1133547 https://bugzilla.suse.com/1133584 https://bugzilla.suse.com/1133593 https://bugzilla.suse.com/1133612 https://bugzilla.suse.com/1133616 https://bugzilla.suse.com/1133667 https://bugzilla.suse.com/1133668 https://bugzilla.suse.com/1133672 https://bugzilla.suse.com/1133674 https://bugzilla.suse.com/1133675 https://bugzilla.suse.com/1133698 https://bugzilla.suse.com/1133702 https://bugzilla.suse.com/1133731 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1133769 https://bugzilla.suse.com/1133772 https://bugzilla.suse.com/1133774 https://bugzilla.suse.com/1133778 https://bugzilla.suse.com/1133779 https://bugzilla.suse.com/1133780 https://bugzilla.suse.com/1133825 https://bugzilla.suse.com/1133850 https://bugzilla.suse.com/1133851 https://bugzilla.suse.com/1133852 https://bugzilla.suse.com/1133897 https://bugzilla.suse.com/1134090 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134160 https://bugzilla.suse.com/1134162 https://bugzilla.suse.com/1134199 https://bugzilla.suse.com/1134200 https://bugzilla.suse.com/1134201 https://bugzilla.suse.com/1134202 https://bugzilla.suse.com/1134203 https://bugzilla.suse.com/1134204 https://bugzilla.suse.com/1134205 https://bugzilla.suse.com/1134223 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134354 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134393 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1134397 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1134459 https://bugzilla.suse.com/1134460 https://bugzilla.suse.com/1134461 https://bugzilla.suse.com/1134597 https://bugzilla.suse.com/1134600 https://bugzilla.suse.com/1134607 https://bugzilla.suse.com/1134618 https://bugzilla.suse.com/1134651 https://bugzilla.suse.com/1134671 https://bugzilla.suse.com/1134730 https://bugzilla.suse.com/1134738 https://bugzilla.suse.com/1134743 https://bugzilla.suse.com/1134760 https://bugzilla.suse.com/1134806 https://bugzilla.suse.com/1134810 https://bugzilla.suse.com/1134813 https://bugzilla.suse.com/1134848 https://bugzilla.suse.com/1134936 https://bugzilla.suse.com/1134945 https://bugzilla.suse.com/1134946 https://bugzilla.suse.com/1134947 https://bugzilla.suse.com/1134948 https://bugzilla.suse.com/1134949 https://bugzilla.suse.com/1134950 https://bugzilla.suse.com/1134951 https://bugzilla.suse.com/1134952 https://bugzilla.suse.com/1134953 https://bugzilla.suse.com/1134972 https://bugzilla.suse.com/1134974 https://bugzilla.suse.com/1134975 https://bugzilla.suse.com/1134980 https://bugzilla.suse.com/1134981 https://bugzilla.suse.com/1134983 https://bugzilla.suse.com/1134987 https://bugzilla.suse.com/1134989 https://bugzilla.suse.com/1134990 https://bugzilla.suse.com/1134994 https://bugzilla.suse.com/1134995 https://bugzilla.suse.com/1134998 https://bugzilla.suse.com/1134999 https://bugzilla.suse.com/1135006 https://bugzilla.suse.com/1135007 https://bugzilla.suse.com/1135008 https://bugzilla.suse.com/1135018 https://bugzilla.suse.com/1135021 https://bugzilla.suse.com/1135024 https://bugzilla.suse.com/1135026 https://bugzilla.suse.com/1135027 https://bugzilla.suse.com/1135028 https://bugzilla.suse.com/1135029 https://bugzilla.suse.com/1135031 https://bugzilla.suse.com/1135033 https://bugzilla.suse.com/1135034 https://bugzilla.suse.com/1135035 https://bugzilla.suse.com/1135036 https://bugzilla.suse.com/1135037 https://bugzilla.suse.com/1135038 https://bugzilla.suse.com/1135039 https://bugzilla.suse.com/1135041 https://bugzilla.suse.com/1135042 https://bugzilla.suse.com/1135044 https://bugzilla.suse.com/1135045 https://bugzilla.suse.com/1135046 https://bugzilla.suse.com/1135047 https://bugzilla.suse.com/1135049 https://bugzilla.suse.com/1135051 https://bugzilla.suse.com/1135052 https://bugzilla.suse.com/1135053 https://bugzilla.suse.com/1135055 https://bugzilla.suse.com/1135056 https://bugzilla.suse.com/1135058 https://bugzilla.suse.com/1135100 https://bugzilla.suse.com/1135120 https://bugzilla.suse.com/1135153 https://bugzilla.suse.com/1135278 https://bugzilla.suse.com/1135281 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135309 https://bugzilla.suse.com/1135312 https://bugzilla.suse.com/1135314 https://bugzilla.suse.com/1135315 https://bugzilla.suse.com/1135316 https://bugzilla.suse.com/1135320 https://bugzilla.suse.com/1135323 https://bugzilla.suse.com/1135330 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135492 https://bugzilla.suse.com/1135542 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135603 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1135758 https://bugzilla.suse.com/1135897 https://bugzilla.suse.com/1136156 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136161 https://bugzilla.suse.com/1136188 https://bugzilla.suse.com/1136206 https://bugzilla.suse.com/1136215 https://bugzilla.suse.com/1136217 https://bugzilla.suse.com/1136264 https://bugzilla.suse.com/1136271 https://bugzilla.suse.com/1136333 https://bugzilla.suse.com/1136342 https://bugzilla.suse.com/1136343 https://bugzilla.suse.com/1136345 https://bugzilla.suse.com/1136347 https://bugzilla.suse.com/1136348 https://bugzilla.suse.com/1136353 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136428 https://bugzilla.suse.com/1136430 https://bugzilla.suse.com/1136432 https://bugzilla.suse.com/1136434 https://bugzilla.suse.com/1136435 https://bugzilla.suse.com/1136438 https://bugzilla.suse.com/1136439 https://bugzilla.suse.com/1136456 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1136462 https://bugzilla.suse.com/1136467 https://bugzilla.suse.com/1136469 https://bugzilla.suse.com/1136477 https://bugzilla.suse.com/1136478 https://bugzilla.suse.com/1136498 https://bugzilla.suse.com/1136573 https://bugzilla.suse.com/1136586 https://bugzilla.suse.com/1136598 https://bugzilla.suse.com/1136881 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136978 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137151 https://bugzilla.suse.com/1137152 https://bugzilla.suse.com/1137153 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137201 https://bugzilla.suse.com/1137224 https://bugzilla.suse.com/1137232 https://bugzilla.suse.com/1137233 https://bugzilla.suse.com/1137236 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137372 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137444 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 https://bugzilla.suse.com/1137811 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137985 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138263 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138336 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138681 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1138732 https://bugzilla.suse.com/1138874 https://bugzilla.suse.com/1138879 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1139619 https://bugzilla.suse.com/1139712 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140139 https://bugzilla.suse.com/1140228 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140454 https://bugzilla.suse.com/1140463 https://bugzilla.suse.com/1140559 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140676 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1140948 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 https://bugzilla.suse.com/1141312 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1141558 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142052 https://bugzilla.suse.com/1142083 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142115 https://bugzilla.suse.com/1142119 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142254 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142623 https://bugzilla.suse.com/1142673 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143209 https://bugzilla.suse.com/1143507 From sle-updates at lists.suse.com Mon Sep 23 10:10:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Sep 2019 18:10:56 +0200 (CEST) Subject: SUSE-SU-2019:2436-1: important: Security update for MozillaFirefox Message-ID: <20190923161056.AC566F7B3@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2436-1 Rating: important References: #1149294 #1149295 #1149296 #1149297 #1149298 #1149299 #1149303 #1149304 #1149324 Cross-References: CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for MozillaFirefox to ESR 60.9 fixes the following issues: Security issues fixed: - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2436=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2436=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2436=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2436=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2436=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2436=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2436=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2436=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2436=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2436=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2436=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2436=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2436=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2436=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2436=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2436=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2436=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2436=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2436=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2436=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-devel-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-devel-60.9.0-109.86.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-devel-60.9.0-109.86.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-devel-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-devel-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-devel-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-devel-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-devel-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - SUSE Enterprise Storage 4 (x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-devel-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-60.9.0-109.86.1 MozillaFirefox-debuginfo-60.9.0-109.86.1 MozillaFirefox-debugsource-60.9.0-109.86.1 MozillaFirefox-translations-common-60.9.0-109.86.1 References: https://www.suse.com/security/cve/CVE-2019-11740.html https://www.suse.com/security/cve/CVE-2019-11742.html https://www.suse.com/security/cve/CVE-2019-11743.html https://www.suse.com/security/cve/CVE-2019-11744.html https://www.suse.com/security/cve/CVE-2019-11746.html https://www.suse.com/security/cve/CVE-2019-11752.html https://www.suse.com/security/cve/CVE-2019-11753.html https://www.suse.com/security/cve/CVE-2019-9812.html https://bugzilla.suse.com/1149294 https://bugzilla.suse.com/1149295 https://bugzilla.suse.com/1149296 https://bugzilla.suse.com/1149297 https://bugzilla.suse.com/1149298 https://bugzilla.suse.com/1149299 https://bugzilla.suse.com/1149303 https://bugzilla.suse.com/1149304 https://bugzilla.suse.com/1149324 From sle-updates at lists.suse.com Mon Sep 23 10:12:42 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Sep 2019 18:12:42 +0200 (CEST) Subject: SUSE-SU-2019:2435-1: moderate: Security update for libopenmpt Message-ID: <20190923161242.44022F7B3@maintenance.suse.de> SUSE Security Update: Security update for libopenmpt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2435-1 Rating: moderate References: #1143578 #1143581 #1143582 #1143584 Cross-References: CVE-2018-20860 CVE-2018-20861 CVE-2019-14382 CVE-2019-14383 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libopenmpt fixes the following issues: Security issues fixed: - CVE-2018-20861: Fixed crash with certain malformed custom tunings in MPTM files (bsc#1143578). - CVE-2018-20860: Fixed crash with malformed MED files (bsc#1143581). - CVE-2019-14383: Fixed J2B that allows an assertion failure during file parsing with debug STLs (bsc#1143584). - CVE-2019-14382: Fixed DSM that allows an assertion failure during file parsing with debug STLs (bsc#1143582). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2435=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2435=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2435=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2435=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libopenmpt-debugsource-0.3.17-2.7.1 openmpt123-0.3.17-2.7.1 openmpt123-debuginfo-0.3.17-2.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libmodplug1-32bit-0.3.17-2.7.1 libmodplug1-32bit-debuginfo-0.3.17-2.7.1 libopenmpt0-32bit-0.3.17-2.7.1 libopenmpt0-32bit-debuginfo-0.3.17-2.7.1 libopenmpt_modplug1-32bit-0.3.17-2.7.1 libopenmpt_modplug1-32bit-debuginfo-0.3.17-2.7.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libopenmpt-debugsource-0.3.17-2.7.1 openmpt123-0.3.17-2.7.1 openmpt123-debuginfo-0.3.17-2.7.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libmodplug-devel-0.3.17-2.7.1 libmodplug1-0.3.17-2.7.1 libmodplug1-debuginfo-0.3.17-2.7.1 libopenmpt-debugsource-0.3.17-2.7.1 libopenmpt-devel-0.3.17-2.7.1 libopenmpt0-0.3.17-2.7.1 libopenmpt0-debuginfo-0.3.17-2.7.1 libopenmpt_modplug1-0.3.17-2.7.1 libopenmpt_modplug1-debuginfo-0.3.17-2.7.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libmodplug-devel-0.3.17-2.7.1 libmodplug1-0.3.17-2.7.1 libmodplug1-debuginfo-0.3.17-2.7.1 libopenmpt-debugsource-0.3.17-2.7.1 libopenmpt-devel-0.3.17-2.7.1 libopenmpt0-0.3.17-2.7.1 libopenmpt0-debuginfo-0.3.17-2.7.1 libopenmpt_modplug1-0.3.17-2.7.1 libopenmpt_modplug1-debuginfo-0.3.17-2.7.1 References: https://www.suse.com/security/cve/CVE-2018-20860.html https://www.suse.com/security/cve/CVE-2018-20861.html https://www.suse.com/security/cve/CVE-2019-14382.html https://www.suse.com/security/cve/CVE-2019-14383.html https://bugzilla.suse.com/1143578 https://bugzilla.suse.com/1143581 https://bugzilla.suse.com/1143582 https://bugzilla.suse.com/1143584 From sle-updates at lists.suse.com Mon Sep 23 13:10:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Sep 2019 21:10:34 +0200 (CEST) Subject: SUSE-SU-2019:2440-1: moderate: Security update for expat Message-ID: <20190923191034.F3554F7B3@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2440-1 Rating: moderate References: #1149429 Cross-References: CVE-2019-15903 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2440=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2440=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2440=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): expat-debuginfo-2.1.0-21.9.1 expat-debugsource-2.1.0-21.9.1 libexpat-devel-2.1.0-21.9.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): expat-2.1.0-21.9.1 expat-debuginfo-2.1.0-21.9.1 expat-debugsource-2.1.0-21.9.1 libexpat1-2.1.0-21.9.1 libexpat1-debuginfo-2.1.0-21.9.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): expat-debuginfo-32bit-2.1.0-21.9.1 libexpat1-32bit-2.1.0-21.9.1 libexpat1-debuginfo-32bit-2.1.0-21.9.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): expat-2.1.0-21.9.1 expat-debuginfo-2.1.0-21.9.1 expat-debuginfo-32bit-2.1.0-21.9.1 expat-debugsource-2.1.0-21.9.1 libexpat1-2.1.0-21.9.1 libexpat1-32bit-2.1.0-21.9.1 libexpat1-debuginfo-2.1.0-21.9.1 libexpat1-debuginfo-32bit-2.1.0-21.9.1 - SUSE CaaS Platform 3.0 (x86_64): expat-2.1.0-21.9.1 expat-debuginfo-2.1.0-21.9.1 expat-debugsource-2.1.0-21.9.1 libexpat1-2.1.0-21.9.1 libexpat1-debuginfo-2.1.0-21.9.1 References: https://www.suse.com/security/cve/CVE-2019-15903.html https://bugzilla.suse.com/1149429 From sle-updates at lists.suse.com Mon Sep 23 13:11:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Sep 2019 21:11:18 +0200 (CEST) Subject: SUSE-SU-2019:2439-1: moderate: Security update for rust Message-ID: <20190923191118.6994FF7B3@maintenance.suse.de> SUSE Security Update: Security update for rust ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2439-1 Rating: moderate References: #1096945 #1100691 #1133283 #1134978 Cross-References: CVE-2018-1000622 CVE-2019-12083 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for rust fixes the following issues: Rust was updated to version 1.36.0. Security issues fixed: - CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety (bsc#1134978) - CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution (bsc#1100691) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2439=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2439=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): rust-cbindgen-0.8.7-1.3.6 rust-doc-1.36.0-3.21.1 rust-gdb-1.36.0-3.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): rust-src-1.36.0-3.21.1 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): cargo-1.36.0-3.21.1 clippy-1.36.0-3.21.1 rls-1.36.0-3.21.1 rust-1.36.0-3.21.1 rust-analysis-1.36.0-3.21.1 rust-gdb-1.36.0-3.21.1 rust-std-static-1.36.0-3.21.1 rustfmt-1.36.0-3.21.1 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): rust-src-1.36.0-3.21.1 References: https://www.suse.com/security/cve/CVE-2018-1000622.html https://www.suse.com/security/cve/CVE-2019-12083.html https://bugzilla.suse.com/1096945 https://bugzilla.suse.com/1100691 https://bugzilla.suse.com/1133283 https://bugzilla.suse.com/1134978 From sle-updates at lists.suse.com Mon Sep 23 13:12:09 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 23 Sep 2019 21:12:09 +0200 (CEST) Subject: SUSE-RU-2019:2438-1: moderate: Recommended update for ses-manual_en Message-ID: <20190923191209.31CD6F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2438-1 Rating: moderate References: #1134734 #1141678 #1141690 #1144696 #1144897 #1145080 #1146820 #1148216 #1148428 #1148548 #1148754 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 11 recommended fixes can now be installed. Description: This update for ses-manual_en fixes the following issues: - New section describing how to replace admin node (bsc#1145080) - Use human words instead of cryptic numbers for 'rbd default features' option (bsc#1134734) - Enabling image journaling on all new images has negative impact on performance (bsc#1134734) - Fixed systemctl command for restarting ganesha services (bsc#1148754) - Fixed formula for computing total RAM required for an OSD - Fixed commands that create SSL key for CA signing (bsc#1141678) - Added check for 'nscd' service and a tip to keep clocks synchronized from the domain controller (bsc#1144696) - Inserted with active Ceph MGR name instead of hardwired 'mgr' (bsc#1141690) - Unified the pool name 'cephfs_metadata' in examples of Ganesha setup (bsc#1148548) - Include only .sls and exclude .yaml profile lines in Deepsea's policy.cfg (bsc#1148428) - Updated disk filtering by size to include more realistic values (bsc#1148216) - Added two new repositories for 'Module-Desktop' as our customers use mostly GUI (bsc#1144897) - Removed a duplicate sentence (bsc#1146820) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2438=1 Package List: - SUSE Enterprise Storage 6 (noarch): ses-admin_en-pdf-6+git134.eefbc37-3.12.1 ses-deployment_en-pdf-6+git134.eefbc37-3.12.1 ses-manual_en-6+git134.eefbc37-3.12.1 References: https://bugzilla.suse.com/1134734 https://bugzilla.suse.com/1141678 https://bugzilla.suse.com/1141690 https://bugzilla.suse.com/1144696 https://bugzilla.suse.com/1144897 https://bugzilla.suse.com/1145080 https://bugzilla.suse.com/1146820 https://bugzilla.suse.com/1148216 https://bugzilla.suse.com/1148428 https://bugzilla.suse.com/1148548 https://bugzilla.suse.com/1148754 From sle-updates at lists.suse.com Tue Sep 24 07:16:07 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Sep 2019 15:16:07 +0200 (CEST) Subject: SUSE-RU-2019:2441-1: moderate: Recommended update for apache2-mod_nss Message-ID: <20190924131607.85A17F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2-mod_nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2441-1 Rating: moderate References: #1150133 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2-mod_nss fixes the following issues: - Use a stronger password in gencert to pass the stricter tests in FIPS mode (bsc#1150133) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2441=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_nss-1.0.14-19.9.1 apache2-mod_nss-debuginfo-1.0.14-19.9.1 apache2-mod_nss-debugsource-1.0.14-19.9.1 References: https://bugzilla.suse.com/1150133 From sle-updates at lists.suse.com Tue Sep 24 07:17:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Sep 2019 15:17:48 +0200 (CEST) Subject: SUSE-RU-2019:2443-1: moderate: Recommended update for libcdio Message-ID: <20190924131748.4642EF7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for libcdio ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2443-1 Rating: moderate References: #1094761 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libcdio fixes the following issues: - Fix warning when BigEndian and LittleEndian sizes do not match. (bsc#1094761) - Fix that libcdio doesn't bail out when processing non-compliant ISO files. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2443=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2443=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2443=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2443=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cdio-utils-0.94-6.9.2 cdio-utils-debuginfo-0.94-6.9.2 cdio-utils-debugsource-0.94-6.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libcdio++0-32bit-0.94-6.9.2 libcdio++0-32bit-debuginfo-0.94-6.9.2 libcdio-debugsource-0.94-6.9.2 libcdio16-32bit-0.94-6.9.2 libcdio16-32bit-debuginfo-0.94-6.9.2 libiso9660-10-32bit-0.94-6.9.2 libiso9660-10-32bit-debuginfo-0.94-6.9.2 libudf0-32bit-0.94-6.9.2 libudf0-32bit-debuginfo-0.94-6.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cdio-utils-0.94-6.9.2 cdio-utils-debuginfo-0.94-6.9.2 cdio-utils-debugsource-0.94-6.9.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libcdio++0-0.94-6.9.2 libcdio++0-debuginfo-0.94-6.9.2 libcdio-debugsource-0.94-6.9.2 libcdio-devel-0.94-6.9.2 libcdio16-0.94-6.9.2 libcdio16-debuginfo-0.94-6.9.2 libiso9660-10-0.94-6.9.2 libiso9660-10-debuginfo-0.94-6.9.2 libudf0-0.94-6.9.2 libudf0-debuginfo-0.94-6.9.2 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): libcdio++0-0.94-6.9.2 libcdio++0-debuginfo-0.94-6.9.2 libcdio-debugsource-0.94-6.9.2 libcdio-devel-0.94-6.9.2 libcdio16-0.94-6.9.2 libcdio16-debuginfo-0.94-6.9.2 libiso9660-10-0.94-6.9.2 libiso9660-10-debuginfo-0.94-6.9.2 libudf0-0.94-6.9.2 libudf0-debuginfo-0.94-6.9.2 References: https://bugzilla.suse.com/1094761 From sle-updates at lists.suse.com Tue Sep 24 07:21:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Sep 2019 15:21:18 +0200 (CEST) Subject: SUSE-SU-2019:2444-1: moderate: Security update for djvulibre Message-ID: <20190924132118.81E04F7B3@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2444-1 Rating: moderate References: #1146569 #1146571 #1146572 #1146702 Cross-References: CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702). - CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569). - CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571). - CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572). - Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2444=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2444=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2444=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.3.1 djvulibre-debugsource-3.5.25.3-5.3.1 libdjvulibre-devel-3.5.25.3-5.3.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.25.3-5.3.1 djvulibre-debugsource-3.5.25.3-5.3.1 libdjvulibre21-3.5.25.3-5.3.1 libdjvulibre21-debuginfo-3.5.25.3-5.3.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): djvulibre-debuginfo-3.5.25.3-5.3.1 djvulibre-debugsource-3.5.25.3-5.3.1 libdjvulibre21-3.5.25.3-5.3.1 libdjvulibre21-debuginfo-3.5.25.3-5.3.1 References: https://www.suse.com/security/cve/CVE-2019-15142.html https://www.suse.com/security/cve/CVE-2019-15143.html https://www.suse.com/security/cve/CVE-2019-15144.html https://www.suse.com/security/cve/CVE-2019-15145.html https://bugzilla.suse.com/1146569 https://bugzilla.suse.com/1146571 https://bugzilla.suse.com/1146572 https://bugzilla.suse.com/1146702 From sle-updates at lists.suse.com Tue Sep 24 07:23:49 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Sep 2019 15:23:49 +0200 (CEST) Subject: SUSE-RU-2019:2442-1: moderate: Recommended update for python-scipy Message-ID: <20190924132349.33410F7B3@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-scipy ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2442-1 Rating: moderate References: #1149203 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update brings python-scipy to version 1.2.2 (jsc#SLE-8532, bsc#1149203). All relevant changes are availalbe online in the following places: - https://docs.scipy.org/doc/scipy/reference/release.1.1.0.html - https://docs.scipy.org/doc/scipy/reference/release.1.2.0.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2442=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): python-scipy-debuginfo-1.2.2-3.3.1 python-scipy-debugsource-1.2.2-3.3.1 python2-scipy-1.2.2-3.3.1 python2-scipy-debuginfo-1.2.2-3.3.1 python3-scipy-1.2.2-3.3.1 python3-scipy-debuginfo-1.2.2-3.3.1 References: https://bugzilla.suse.com/1149203 From sle-updates at lists.suse.com Tue Sep 24 10:10:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Sep 2019 18:10:54 +0200 (CEST) Subject: SUSE-SU-2019:2450-1: important: Security update for the Linux Kernel Message-ID: <20190924161054.6010EF7C7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2450-1 Rating: important References: #1012382 #1051510 #1053043 #1055117 #1061840 #1065600 #1065729 #1068032 #1071995 #1083647 #1083710 #1088047 #1094555 #1098633 #1102247 #1106383 #1106751 #1109137 #1111666 #11123080 #1112824 #1113722 #1114279 #1115688 #1117158 #1118139 #1119222 #1120423 #1120566 #1124167 #1124503 #1127034 #1127155 #1127315 #1128432 #1128902 #1128910 #1129770 #1130972 #1132154 #1132390 #1133021 #1133401 #1133738 #1134097 #1134303 #1134390 #1134393 #1134395 #1134399 #1134671 #1135296 #1135335 #1135556 #1135642 #1135661 #1136157 #1136424 #1136598 #1136811 #1136896 #1136922 #1136935 #1136990 #1137103 #1137162 #1137194 #1137366 #1137372 #1137429 #1137444 #1137458 #1137534 #1137535 #1137584 #1137586 #1137609 #1137625 #1137728 #1137739 #1137752 #1137811 #1137827 #1137884 #1137995 #1137996 #1137998 #1137999 #1138000 #1138002 #1138003 #1138005 #1138006 #1138007 #1138008 #1138009 #1138010 #1138011 #1138012 #1138013 #1138014 #1138015 #1138016 #1138017 #1138018 #1138019 #1138291 #1138293 #1138374 #1138375 #1138589 #1138719 #1139358 #1139751 #1139771 #1139782 #1139865 #1140133 #1140139 #1140322 #1140328 #1140405 #1140424 #1140428 #1140575 #1140577 #1140637 #1140652 #1140658 #1140715 #1140719 #1140726 #1140727 #1140728 #1140814 #1140887 #1140888 #1140889 #1140891 #1140893 #1140903 #1140945 #1140954 #1140955 #1140956 #1140957 #1140958 #1140959 #1140960 #1140961 #1140962 #1140964 #1140971 #1140972 #1140992 #1141401 #1141402 #1141452 #1141453 #1141454 #1141478 #1141488 #1142023 #1142112 #1142220 #1142221 #1142265 #1142350 #1142351 #1142354 #1142359 #1142450 #1142701 #1142868 #1143003 #1143045 #1143105 #1143185 #1143189 #1143191 #1143507 Cross-References: CVE-2018-16871 CVE-2018-20836 CVE-2018-20855 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-1125 CVE-2019-11477 CVE-2019-11478 CVE-2019-11599 CVE-2019-11810 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 CVE-2019-3846 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP4 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 160 fixes is now available. Description: The SUSE Linux Enterprise Server 12 SP4 Realtime Kernel was updated to fix bugs and security issues. Security issues fixed: - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103). - CVE-2018-20836: There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-1125: Enable Spectre v1 mitigations for SWAPGS (bsc#1139358). - CVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935) - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#1140577) - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586) - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#1136598) - CVE-2019-12456: a double-fetch bug in _ctl_ioctl_main() could allow local users to create a denial of service (bsc#1136922). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) - CVE-2019-12819: The function __mdiobus_register() called put_device(), which triggered a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291) - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user can cause a denial of service via a sigreturn() system call that sends a crafted signal frame. (bnc#1142265) Other issues fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - Abort file_remove_privs() for non-reg. files (bsc#1140888). - acpi: Add Hygon Dhyana support (fate#327735). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - Add back sibling paca poiter to paca (bsc#1055117). - added De0-Nanos-SoC board support (and others based on Altera SOC). - Add kernel-subpackage-build.spec (FATE#326579). - Add sample kernel-default-base spec file (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - Add support for crct10dif-vpmsum (FATE#327696). - Add version information to KLP_SYMBOLS file - af_key: unconditionally clone on broadcast (bsc#1051510). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Don't allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. - ASoC : cs4265 : readable register too low (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510). - ASoC: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - ASoC: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: don't set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove "XXX:" comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert "bcache: fix high CPU occupancy during journal" (bsc#1140652). - bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free" (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - Build klp-symbols in kernel devel projects. - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Don't yell about bad mmc phases when getting (bsc#1051510). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coredump: fix race condition between collapse_huge_page() and core dumping (bnc#1133738, CVE-2019-11599). - coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (bsc#1133738, CVE-2019-11599). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) - Correct the patch reference tag for scsi fix (bsc#1136922 CVE-2019-12456) - cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies (bsc#1051510). - cpufreq: Add Hygon Dhyana support (fate#327735). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp - fix the SEV probe in kexec boot path (bsc#1136896). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#11123080). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" (bsc#1051510). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - dm, dax: Fix detection of DAX support (bsc#1139782). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - Documentation: Add MDS vulnerability documentation (bsc#1135642). - Documentation: Correct the possible MDS sysfs values (bsc#1135642). - Documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751). - Do not provide kernel-default-srchash from kernel-default-base. - Don't restrict NFSv4.2 on openSUSE (bsc#1138719). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (fate#327735). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Don't mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi/arm: Revert "Defer persistent reservations until after paging_init()" (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi/x86/Add missing error handling to old_memmap 1:1 mapping code (CVE-2019-12380,bsc#1136598). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - Fix kABI breakage by mwifiex security fix (CVE-2019-3846,bsc#1136424). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - floppy: fix div-by-zero in setup_format_params (CVE-2019-14283,bsc#1143191). - floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283,bsc#1143191). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995 fate#323487). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - git_sort: add crypto maintainer tree. - gpio: fix gpio-adp5588 build errors (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: correct touch resolution x/y typo (bsc#1051510). - HID: wacom: Don't report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Don't set tool type until we're in range (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: add the "Report Valid" usage (bsc#1051510). - HID: wacom: generic: Correct pad syncing (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735). - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735). - hwmon: (k10temp) Add support for family 17h (FATE#327735). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#327735). - hwmon: (k10temp) Add support for temperature offsets (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735). - hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735). - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735). - hwmon: (k10temp) Fix reading critical temperature register (FATE#327735). - hwmon: (k10temp) Make function get_raw_temp static (FATE#327735). - hwmon: (k10temp) Move chip specific code into probe function (FATE#327735). - hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#327735). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (FATE#327735). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (FATE#327735). - hwmon: (k10temp) Use API function to access System Management Network (FATE#327735). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwrng: omap - Set default quality (bsc#1051510). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735). - IB/mlx5: Fix leaking stack memory to userspace (bsc#1143045 CVE-2018-20855). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inet: switch IP ID generator to siphash (CVE-2019-10638 bsc#1140575). - Input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - Input: gtco - bounds check collection indent level (CVE-2019-13631,bsc#1142023). - Input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - Input: psmouse - fix build error of multiple definition (bsc#1051510). - Input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - Input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - Install extra rpm scripts for kernel subpackaging (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Don't clear eventid when freeing an MSI (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: don't crash on invalid RX interrupt (bsc#1051510). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - Kabi fixup blk_mq_register_dev() (bsc#1140637). - kabi: handle addition of net::hash_mix (CVE-2019-10639 bsc#1140577). - kabi: handle addition of netns_ipv4::ip_id_key (CVE-2019-10638 bsc#1140575). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995 fate#323487). - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-binary: Use -c grep option in klp project detection. - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). - KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - KMPs: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - KVM: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - KVM: polling: add architecture backend to disable polling (bsc#1119222). - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - KVM: PPC: Remove redundand permission bits removal (bsc#1061840). - KVM: PPC: Validate all tces before updating tables (bsc#1061840). - KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - KVM: s390: change default halt poll time to 50us (bsc#1119222). - KVM: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) - KVM: s390: fix typo in parameter description (bsc#1119222). - KVM: s390: kABI Workaround for 'kvm_vcpu_stat' - KVM: s390: kABI Workaround for 'lowcore' (bsc#1119222). - KVM: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - KVM: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - KVM: x86: fix return value for reserved EFER (bsc#1140992). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995 fate#323487). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995 fate#323487). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format doesn't match (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - Merge branch 'origin/users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'packaging' into SLE15 - Merge branch 'scripts' into SLE15 - Merge branch 'scripts' into SLE15 - Merge branch 'SLE15_EMBARGO' into SLE12-SP4_EMBARGO - Merge branch 'SLE15_EMBARGO' into SLE12-SP4_EMBARGO - Merge branch 'SLE15_EMBARGO' into SLE15 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE15_EMBARGO - Merge branch 'SLE15' into users/tiwai/SLE15/bsc1139358 - Merge branch 'SLE15' into users/tiwai/SLE15/bsc1139358 - Merge branch 'SLE15' into users/tiwai/SLE15/bsc1139358 - Merge branch 'users/bpetkov/SLE15/for-next' into SLE15 - Merge branch 'users/bpetkov/SLE15/for-next' into SLE15 - Merge branch 'users/dkirjanov/SLE15/for-next' into SLE15 - Merge branch 'users/fbaumanis/SLE15/for-next' into SLE15 - Merge branch 'users/fdmanana/SLE15/for-next' into SLE15 - Merge branch 'users/fdmanana/SLE15/for-next' into SLE15 - Merge branch 'users/fyang/SLE15/for-next' into SLE15 - Merge branch 'users/ggherdovich/SLE15/for-next' into SLE15 - Merge branch 'users/glin/SLE15/for-next' into SLE15 - Merge branch 'users/hare/SLE15/for-next' into SLE15 - Merge branch 'users/hare/SLE15/for-next' into SLE15 - Merge branch 'users/hare/SLE15/for-next' into SLE15 - Merge branch 'users/hare/SLE15/for-next' into SLE15 - Merge branch 'users/jack/SLE15/for-next' into SLE15 - Merge branch 'users/jack/SLE15/for-next' into SLE15 - Merge branch 'users/jack/SLE15/for-next' into SLE15 - Merge branch 'users/jack/SLE15/for-next' into SLE15 - Merge branch 'users/jdelvare/SLE15/for-next' into SLE15 - Merge branch 'users/jgross/SLE15/for-next' into SLE15 - Merge branch 'users/jroedel/SLE15/for-next' into SLE15 - Merge branch 'users/jroedel/SLE15/for-next' into SLE15 - Merge branch 'users/jslaby/SLE15/for-next' into SLE15 - Merge branch 'users/jslaby/SLE15/for-next' into SLE15 - Merge branch 'users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'users/lduncan/SLE15/for-next' into SLE15 - Merge branch 'users/lduncan/SLE15/for-next' into SLE15 - Merge branch 'users/lduncan/SLE15/for-next' into SLE15 - Merge branch 'users/lduncan/SLE15/for-next' into SLE15 - Merge branch 'users/lhenriques/SLE15/for-next' into SLE15 - Merge branch 'users/lyan/SLE15/for-next' into SLE15 - Merge branch 'users/lyan/SLE15/for-next' into SLE15 - Merge branch 'users/mbenes/SLE15/for-next' into SLE15 - Merge branch 'users/mbenes/SLE15/for-next' into SLE15 - Merge branch 'users/mbrugger/SLE15/for-next' into SLE15 - Merge branch 'users/mgorman/SLE15/for-next' into SLE15 - Merge branch 'users/mgorman/SLE15/for-next' into SLE15 - Merge branch 'users/mhocko/SLE12-SP4/bnc1136896' into users/mhocko/SLE12-SP4/for-next - Merge branch 'users/mhocko/SLE15/bnc1139358' into SLE15 - Merge branch 'users/mhocko/SLE15/bnc1139358' into users/mhocko/SLE12-SP4/bnc1139358 - Merge branch 'users/mhocko/SLE15/for-next' into SLE15 - Merge branch 'users/mkoutny/SLE15/for-next' into SLE15 - Merge branch 'users/mkubecek/SLE15/1137586' into SLE15_EMBARGO - Merge branch 'users/mkubecek/SLE15/1137586' into SLE15_EMBARGO - Merge branch 'users/mkubecek/SLE15/for-next' into SLE15 - Merge branch 'users/mkubecek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/bsc1137534-s390-jumplabel-perf' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/nfbrown/SLE15/for-next' into SLE15 - Merge branch 'users/nfbrown/SLE15/for-next' into SLE15 - Merge branch 'users/ohering/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/osalvador/SLE15/for-next' into SLE15 - Merge branch 'users/ptesarik/SLE15/for-next' into SLE15 - Merge branch 'users/pvorel/SLE15/for-next' into SLE15 - Merge branch 'users/tbogendoerfer/SLE15/for-next' into SLE15 - Merge branch 'users/tzimmermann/SLE15/for-next' into SLE15 - Merge branch 'users/vbabka/SLE15/for-next' into SLE15 - Merge branch 'users/vbabka/SLE15/for-next' into SLE15 - Merge branch 'users/vbabka/SLE15/for-next' into SLE15 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4_EMBARGO - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4_EMBARGO - Merge remote-tracking branch 'origin/users/fyang/SLE12-SP4/for-next' into SLE12-SP4 - Merge remote-tracking branch 'origin/users/ghe/SLE12-SP4/for-next' into SLE12-SP4 - Merge remote-tracking branch 'origin/users/mfleming/SLE12-SP4/for-next' into SLE12-SP4 - Merge remote-tracking branch 'origin/users/mhocko/SLE12-SP4/for-next' into SLE12-SP4 - Merge remote-tracking branch 'origin/users/msuchanek/SLE12-SP4/for-next' into SLE12-SP4 - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - Move patch to correct directory. - Move stuff git_sort chokes on, out of the way - Move upstreamed ASoC patches into sorted section - mwifiex: Abort at too short BSS descriptor element (bsc#1136424 CVE-2019-3846). - mwifiex: Don't abort on small, spec-compliant vendor IEs (CVE-2019-3846,bsc#1136424). - mwifiex: fix 802.11n/WPA detection (CVE-2019-3846,bsc#1136424). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - netns: get more entropy from net_hash_mix() (CVE-2019-10638 bsc#1140575). - netns: provide pure entropy for net_hash_mix() (CVE-2019-10639 bsc#1140577). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - NFS add module option to limit NFSv4 minor version (jsc#PM-231). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - patches.fixes/mm-Fix-modifying-of-page-protection-by-insert_pfn.patch: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - patches.fixes/scsi-vmw_pscsi-Fix-use-after-free-in-pvscsi_queue_lc.patch: U pdate patch metadata - patches.suse/Btrfs-kill-btrfs_clear_path_blocking.patch: (bsc#1140139). - PCI: Always allow probing with driver_override (bsc#1051510). - PCI: Do not poll for PME if the device is in D3cold (bsc#1051510). - PCI: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - PCI: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - PCI: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - PCI: hv: Remove unused reason for refcount handler (bsc#1142701). - PCI: hv: support reporting serial number as slot information (bsc#1142701). - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - PCI: Return error if cannot probe VF (bsc#1051510). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (fate#327735). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, FATE#323286, git-fixes). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (FATE#327696). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() (bsc#1137194, CVE-2019-12614). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - powerpc/tm: Fix oops on sigreturn on systems without TM (bsc#1142265 CVE-2019-13648). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/CEC: Convert the timer callback to a workqueue (bsc#1114279). - ras/CEC: Fix binary search function (bsc#1114279). - rds: IB: fix 'passing zero to ERR_PTR()' warning (git-fixes). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - Replace the bluetooth fix with the upstream commit (bsc#1135556) - Revert "alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops" (bsc#1051510). - Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()" (bsc#1140652). - Revert "Drop multiversion(kernel) from the KMP template (fate#323189)" (bsc#1109137). - Revert "e1000e: fix cyclic resets at link up with active tx" (bsc#1051510). - Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range" (bsc#1051510). - Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)." - Revert "KMPs: provide and conflict a kernel version specific KMP name" - Revert "livepatch: Remove reliable stacktrace check in klp_try_switch_task()" (bsc#1071995 fate#323487). - Revert "Revert "Drop multiversion(kernel) from the KMP template (fate#323189)"" - Revert "Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)."" - Revert "Revert "KMPs: provide and conflict a kernel version specific KMP name"" - Revert "Revert "Revert "Drop multiversion(kernel) from the KMP template (fate#323189)""" - Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)." - Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled" (bsc#1051510). - Revert "Sign non-x86 kernels when possible (boo#1134303)" - Revert "svm: Fix AVIC incomplete IPI emulation" (bsc#1140133). - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-binary.spec.in: Update drm-kmp obsolete for SLE12-SP3/Leap-42.3 - rpm/post.sh: correct typo in err msg (bsc#1137625) - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: don't reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/tar-up.sh: do not make assumptions about the remote name (bsc#1141488) - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836 bsc#1134395). - scsi: megaraid_sas: return error when create DMA pool failed (CVE-2019-11810 bsc#1134399). - scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main() (bsc#1136922 CVE-2019-12456). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: fix error message on <qla2400 (bsc#1118139). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: fix spelling mistake: "existant" -> "existent" (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - Sign non-x86 kernels when possible (boo#1134303) - SMB3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - Staging: vc04_services: Fix a couple error codes (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: be more careful in tcp_fragment() (CVE-2019-11478 bsc#1137586 bsc#1139751). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: fix fack_count accounting on tcp_shift_skb_data() (CVE-2019-11477 bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - tcp: refine memory limit test in tcp_fragment() (CVE-2019-11478 bsc#1137586 bsc#1139751). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - team: Always enable vlan tx offload (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (fate#327735). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - Trim build dependencies of sample subpackage spec file (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - Update config files for NFSv4.2 - Update patches.fixes/0001-mwifiex-Fix-heap-overflow-in-mwifiex_uap_parse_tail_.pat ch (bsc#1136935 CVE-2019-10126). Added CVE number - Update patches.fixes/nfsd-COPY-and-CLONE-operations-require-the-saved-fil.patch (git-fixes, bsc#1137103, CVE-2018-16871). - Update patches.suse/do-not-default-to-ibrs-on-skl.patch (bsc#1068032 CVE-2017-5753 bsc#1112824 jsc#SLE-7074). - Update patch referecens for two sercurity fixes (CVE-2019-12819, bsc#1138291, CVE-2019-12818, bsc#1138293). - Update References field to patches.suse/0275-bcache-never-writeback-a-discard-operation.patch (bsc#1130972, bsc#1102247). - Update "SACK Panic" patches to reflect upstream state. - Update upstream patch tags - USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - USB: core: Don't unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - USB: rio500: fix memory leak in close after disconnect (bsc#1051510). - USB: rio500: refuse more than one device at a time (bsc#1051510). - USB: serial: fix initial-termios handling (bsc#1135642). - USB: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - USB: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - USB: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - USB: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - USB: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - USB: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - VMCI: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735). - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735). - x86/amd_nb: Check vendor in AMD-only functions (fate#327735). - x86/apic: Add Hygon Dhyana support (fate#327735). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (fate#327735). - x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor (bsc#1114279). - x86/cpu: Create Hygon Dhyana architecture support file (fate#327735). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (fate#327735). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (fate#327735). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735). - x86/events: Add Hygon Dhyana support to PMU infrastructure (fate#327735). - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (fate#327735). - x86/mce: Don't disable MCA banks when offlining a CPU on AMD (fate#327735). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (fate#327735). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (fate#327735). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS (bsc#1139358, CVE-2019-1125). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (fate#327735). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xen/pciback: Don't disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: don't clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: don't look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: don't overflow xattr listent buffer (bsc#1143105). - xfs: don't use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: don't use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP4: zypper in -t patch SUSE-SLE-RT-12-SP4-2019-2450=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP4 (noarch): kernel-devel-rt-4.12.14-8.3.1 kernel-source-rt-4.12.14-8.3.1 - SUSE Linux Enterprise Real Time Extension 12-SP4 (x86_64): cluster-md-kmp-rt-4.12.14-8.3.1 dlm-kmp-rt-4.12.14-8.3.1 gfs2-kmp-rt-4.12.14-8.3.1 kernel-rt-4.12.14-8.3.1 kernel-rt-base-4.12.14-8.3.1 kernel-rt-devel-4.12.14-8.3.1 kernel-rt_debug-devel-4.12.14-8.3.1 kernel-syms-rt-4.12.14-8.3.1 ocfs2-kmp-rt-4.12.14-8.3.1 References: https://www.suse.com/security/cve/CVE-2018-16871.html https://www.suse.com/security/cve/CVE-2018-20836.html https://www.suse.com/security/cve/CVE-2018-20855.html https://www.suse.com/security/cve/CVE-2019-10126.html https://www.suse.com/security/cve/CVE-2019-10638.html https://www.suse.com/security/cve/CVE-2019-10639.html https://www.suse.com/security/cve/CVE-2019-1125.html https://www.suse.com/security/cve/CVE-2019-11477.html https://www.suse.com/security/cve/CVE-2019-11478.html https://www.suse.com/security/cve/CVE-2019-11599.html https://www.suse.com/security/cve/CVE-2019-11810.html https://www.suse.com/security/cve/CVE-2019-12380.html https://www.suse.com/security/cve/CVE-2019-12456.html https://www.suse.com/security/cve/CVE-2019-12614.html https://www.suse.com/security/cve/CVE-2019-12818.html https://www.suse.com/security/cve/CVE-2019-12819.html https://www.suse.com/security/cve/CVE-2019-13631.html https://www.suse.com/security/cve/CVE-2019-13648.html https://www.suse.com/security/cve/CVE-2019-14283.html https://www.suse.com/security/cve/CVE-2019-14284.html https://www.suse.com/security/cve/CVE-2019-3846.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1083710 https://bugzilla.suse.com/1088047 https://bugzilla.suse.com/1094555 https://bugzilla.suse.com/1098633 https://bugzilla.suse.com/1102247 https://bugzilla.suse.com/1106383 https://bugzilla.suse.com/1106751 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/11123080 https://bugzilla.suse.com/1112824 https://bugzilla.suse.com/1113722 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1115688 https://bugzilla.suse.com/1117158 https://bugzilla.suse.com/1118139 https://bugzilla.suse.com/1119222 https://bugzilla.suse.com/1120423 https://bugzilla.suse.com/1120566 https://bugzilla.suse.com/1124167 https://bugzilla.suse.com/1124503 https://bugzilla.suse.com/1127034 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127315 https://bugzilla.suse.com/1128432 https://bugzilla.suse.com/1128902 https://bugzilla.suse.com/1128910 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1130972 https://bugzilla.suse.com/1132154 https://bugzilla.suse.com/1132390 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1133401 https://bugzilla.suse.com/1133738 https://bugzilla.suse.com/1134097 https://bugzilla.suse.com/1134303 https://bugzilla.suse.com/1134390 https://bugzilla.suse.com/1134393 https://bugzilla.suse.com/1134395 https://bugzilla.suse.com/1134399 https://bugzilla.suse.com/1134671 https://bugzilla.suse.com/1135296 https://bugzilla.suse.com/1135335 https://bugzilla.suse.com/1135556 https://bugzilla.suse.com/1135642 https://bugzilla.suse.com/1135661 https://bugzilla.suse.com/1136157 https://bugzilla.suse.com/1136424 https://bugzilla.suse.com/1136598 https://bugzilla.suse.com/1136811 https://bugzilla.suse.com/1136896 https://bugzilla.suse.com/1136922 https://bugzilla.suse.com/1136935 https://bugzilla.suse.com/1136990 https://bugzilla.suse.com/1137103 https://bugzilla.suse.com/1137162 https://bugzilla.suse.com/1137194 https://bugzilla.suse.com/1137366 https://bugzilla.suse.com/1137372 https://bugzilla.suse.com/1137429 https://bugzilla.suse.com/1137444 https://bugzilla.suse.com/1137458 https://bugzilla.suse.com/1137534 https://bugzilla.suse.com/1137535 https://bugzilla.suse.com/1137584 https://bugzilla.suse.com/1137586 https://bugzilla.suse.com/1137609 https://bugzilla.suse.com/1137625 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1137739 https://bugzilla.suse.com/1137752 https://bugzilla.suse.com/1137811 https://bugzilla.suse.com/1137827 https://bugzilla.suse.com/1137884 https://bugzilla.suse.com/1137995 https://bugzilla.suse.com/1137996 https://bugzilla.suse.com/1137998 https://bugzilla.suse.com/1137999 https://bugzilla.suse.com/1138000 https://bugzilla.suse.com/1138002 https://bugzilla.suse.com/1138003 https://bugzilla.suse.com/1138005 https://bugzilla.suse.com/1138006 https://bugzilla.suse.com/1138007 https://bugzilla.suse.com/1138008 https://bugzilla.suse.com/1138009 https://bugzilla.suse.com/1138010 https://bugzilla.suse.com/1138011 https://bugzilla.suse.com/1138012 https://bugzilla.suse.com/1138013 https://bugzilla.suse.com/1138014 https://bugzilla.suse.com/1138015 https://bugzilla.suse.com/1138016 https://bugzilla.suse.com/1138017 https://bugzilla.suse.com/1138018 https://bugzilla.suse.com/1138019 https://bugzilla.suse.com/1138291 https://bugzilla.suse.com/1138293 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1138375 https://bugzilla.suse.com/1138589 https://bugzilla.suse.com/1138719 https://bugzilla.suse.com/1139358 https://bugzilla.suse.com/1139751 https://bugzilla.suse.com/1139771 https://bugzilla.suse.com/1139782 https://bugzilla.suse.com/1139865 https://bugzilla.suse.com/1140133 https://bugzilla.suse.com/1140139 https://bugzilla.suse.com/1140322 https://bugzilla.suse.com/1140328 https://bugzilla.suse.com/1140405 https://bugzilla.suse.com/1140424 https://bugzilla.suse.com/1140428 https://bugzilla.suse.com/1140575 https://bugzilla.suse.com/1140577 https://bugzilla.suse.com/1140637 https://bugzilla.suse.com/1140652 https://bugzilla.suse.com/1140658 https://bugzilla.suse.com/1140715 https://bugzilla.suse.com/1140719 https://bugzilla.suse.com/1140726 https://bugzilla.suse.com/1140727 https://bugzilla.suse.com/1140728 https://bugzilla.suse.com/1140814 https://bugzilla.suse.com/1140887 https://bugzilla.suse.com/1140888 https://bugzilla.suse.com/1140889 https://bugzilla.suse.com/1140891 https://bugzilla.suse.com/1140893 https://bugzilla.suse.com/1140903 https://bugzilla.suse.com/1140945 https://bugzilla.suse.com/1140954 https://bugzilla.suse.com/1140955 https://bugzilla.suse.com/1140956 https://bugzilla.suse.com/1140957 https://bugzilla.suse.com/1140958 https://bugzilla.suse.com/1140959 https://bugzilla.suse.com/1140960 https://bugzilla.suse.com/1140961 https://bugzilla.suse.com/1140962 https://bugzilla.suse.com/1140964 https://bugzilla.suse.com/1140971 https://bugzilla.suse.com/1140972 https://bugzilla.suse.com/1140992 https://bugzilla.suse.com/1141401 https://bugzilla.suse.com/1141402 https://bugzilla.suse.com/1141452 https://bugzilla.suse.com/1141453 https://bugzilla.suse.com/1141454 https://bugzilla.suse.com/1141478 https://bugzilla.suse.com/1141488 https://bugzilla.suse.com/1142023 https://bugzilla.suse.com/1142112 https://bugzilla.suse.com/1142220 https://bugzilla.suse.com/1142221 https://bugzilla.suse.com/1142265 https://bugzilla.suse.com/1142350 https://bugzilla.suse.com/1142351 https://bugzilla.suse.com/1142354 https://bugzilla.suse.com/1142359 https://bugzilla.suse.com/1142450 https://bugzilla.suse.com/1142701 https://bugzilla.suse.com/1142868 https://bugzilla.suse.com/1143003 https://bugzilla.suse.com/1143045 https://bugzilla.suse.com/1143105 https://bugzilla.suse.com/1143185 https://bugzilla.suse.com/1143189 https://bugzilla.suse.com/1143191 https://bugzilla.suse.com/1143507 From sle-updates at lists.suse.com Tue Sep 24 10:36:21 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Sep 2019 18:36:21 +0200 (CEST) Subject: SUSE-SU-2019:14179-1: Security update for libxml2 Message-ID: <20190924163621.5CF19F7C7@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14179-1 Rating: low References: #1123919 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libxml2-14179=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libxml2-14179=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libxml2-14179=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libxml2-14179=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libxml2-2.7.6-0.77.18.1 libxml2-doc-2.7.6-0.77.18.1 libxml2-python-2.7.6-0.77.18.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libxml2-32bit-2.7.6-0.77.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libxml2-2.7.6-0.77.18.1 libxml2-doc-2.7.6-0.77.18.1 libxml2-python-2.7.6-0.77.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libxml2-debuginfo-2.7.6-0.77.18.1 libxml2-debugsource-2.7.6-0.77.18.1 libxml2-python-debuginfo-2.7.6-0.77.18.1 libxml2-python-debugsource-2.7.6-0.77.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libxml2-debuginfo-2.7.6-0.77.18.1 libxml2-debugsource-2.7.6-0.77.18.1 libxml2-python-debuginfo-2.7.6-0.77.18.1 libxml2-python-debugsource-2.7.6-0.77.18.1 References: https://bugzilla.suse.com/1123919 From sle-updates at lists.suse.com Tue Sep 24 10:37:30 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Sep 2019 18:37:30 +0200 (CEST) Subject: SUSE-RU-2019:2448-1: Recommended update for rook Message-ID: <20190924163730.D9F00F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for rook ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2448-1 Rating: low References: #1151479 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This is a Technical Preview update for rook. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2448=1 Package List: - SUSE Enterprise Storage 6 (noarch): rook-k8s-yaml-1.1.0+git0.g2f9db0e1-1.6.1 References: https://bugzilla.suse.com/1151479 From sle-updates at lists.suse.com Tue Sep 24 13:11:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Sep 2019 21:11:18 +0200 (CEST) Subject: SUSE-SU-2019:2452-1: moderate: Security update for djvulibre Message-ID: <20190924191118.935E5F7BE@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2452-1 Rating: moderate References: #1146569 #1146571 #1146572 #1146702 Cross-References: CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702). - CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569). - CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571). - CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572). - Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2452=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2452=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2452=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2452=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2452=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): djvulibre-3.5.27-3.3.1 djvulibre-debuginfo-3.5.27-3.3.1 djvulibre-debugsource-3.5.27-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): djvulibre-3.5.27-3.3.1 djvulibre-debuginfo-3.5.27-3.3.1 djvulibre-debugsource-3.5.27-3.3.1 djvulibre-doc-3.5.27-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): djvulibre-3.5.27-3.3.1 djvulibre-debuginfo-3.5.27-3.3.1 djvulibre-debugsource-3.5.27-3.3.1 djvulibre-doc-3.5.27-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.27-3.3.1 djvulibre-debugsource-3.5.27-3.3.1 libdjvulibre-devel-3.5.27-3.3.1 libdjvulibre21-3.5.27-3.3.1 libdjvulibre21-debuginfo-3.5.27-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): djvulibre-debuginfo-3.5.27-3.3.1 djvulibre-debugsource-3.5.27-3.3.1 libdjvulibre-devel-3.5.27-3.3.1 libdjvulibre21-3.5.27-3.3.1 libdjvulibre21-debuginfo-3.5.27-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-15142.html https://www.suse.com/security/cve/CVE-2019-15143.html https://www.suse.com/security/cve/CVE-2019-15144.html https://www.suse.com/security/cve/CVE-2019-15145.html https://bugzilla.suse.com/1146569 https://bugzilla.suse.com/1146571 https://bugzilla.suse.com/1146572 https://bugzilla.suse.com/1146702 From sle-updates at lists.suse.com Tue Sep 24 13:12:27 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Sep 2019 21:12:27 +0200 (CEST) Subject: SUSE-SU-2019:2454-1: important: Security update for dovecot22 Message-ID: <20190924191227.8F35DF7BE@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2454-1 Rating: important References: #1145559 Cross-References: CVE-2019-11500 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot22 fixes the following issues: - CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers (bsc#1145559). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2454=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2454=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2454=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2454=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2454=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2454=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2454=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2454=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2454=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2454=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2454=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2454=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2454=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2454=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2454=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2454=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2454=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2454=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE OpenStack Cloud 8 (x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE OpenStack Cloud 7 (s390x x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 dovecot22-devel-2.2.31-19.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 dovecot22-devel-2.2.31-19.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - SUSE Enterprise Storage 4 (x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 - HPE Helion Openstack 8 (x86_64): dovecot22-2.2.31-19.17.1 dovecot22-backend-mysql-2.2.31-19.17.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.17.1 dovecot22-backend-pgsql-2.2.31-19.17.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.17.1 dovecot22-backend-sqlite-2.2.31-19.17.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.17.1 dovecot22-debuginfo-2.2.31-19.17.1 dovecot22-debugsource-2.2.31-19.17.1 References: https://www.suse.com/security/cve/CVE-2019-11500.html https://bugzilla.suse.com/1145559 From sle-updates at lists.suse.com Tue Sep 24 13:13:13 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 24 Sep 2019 21:13:13 +0200 (CEST) Subject: SUSE-SU-2019:2453-1: moderate: Security update for python-Twisted Message-ID: <20190924191313.D79EBF7BE@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2453-1 Rating: moderate References: #1138461 Cross-References: CVE-2019-12855 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: Security issue fixed: - CVE-2019-12855: Fixed TLS certificate verification to protecting against MITM attacks (bsc#1138461). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2453=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2453=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2453=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2453=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2453=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2019-2453=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2453=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2453=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2453=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-Twisted-15.2.1-9.8.1 python-Twisted-debuginfo-15.2.1-9.8.1 python-Twisted-debugsource-15.2.1-9.8.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-Twisted-15.2.1-9.8.1 python-Twisted-debuginfo-15.2.1-9.8.1 python-Twisted-debugsource-15.2.1-9.8.1 - SUSE OpenStack Cloud 9 (x86_64): python-Twisted-15.2.1-9.8.1 python-Twisted-debuginfo-15.2.1-9.8.1 python-Twisted-debugsource-15.2.1-9.8.1 - SUSE OpenStack Cloud 8 (x86_64): python-Twisted-15.2.1-9.8.1 python-Twisted-debuginfo-15.2.1-9.8.1 python-Twisted-debugsource-15.2.1-9.8.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): python-Twisted-15.2.1-9.8.1 python-Twisted-debuginfo-15.2.1-9.8.1 python-Twisted-debugsource-15.2.1-9.8.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): python-Twisted-15.2.1-9.8.1 python-Twisted-debuginfo-15.2.1-9.8.1 python-Twisted-debugsource-15.2.1-9.8.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): python-Twisted-15.2.1-9.8.1 python-Twisted-debuginfo-15.2.1-9.8.1 python-Twisted-debugsource-15.2.1-9.8.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): python-Twisted-15.2.1-9.8.1 python-Twisted-debuginfo-15.2.1-9.8.1 python-Twisted-debugsource-15.2.1-9.8.1 - HPE Helion Openstack 8 (x86_64): python-Twisted-15.2.1-9.8.1 python-Twisted-debuginfo-15.2.1-9.8.1 python-Twisted-debugsource-15.2.1-9.8.1 References: https://www.suse.com/security/cve/CVE-2019-12855.html https://bugzilla.suse.com/1138461 From sle-updates at lists.suse.com Wed Sep 25 04:12:12 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Sep 2019 12:12:12 +0200 (CEST) Subject: SUSE-RU-2019:2458-1: moderate: Recommended update for supportutils-plugin-ses Message-ID: <20190925101212.68255F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2458-1 Rating: moderate References: #1142791 #1147148 #1150419 #1150420 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for supportutils-plugin-ses fixes the following issues: - Fix stderr redirect running `ceph auth list` - Include `ceph crash info` output (bsc#1150419) - Add ceph telemetry status (bsc#1150420) - add ceph daemon mds get subtrees (bsc#1147148) - Include `gwcli export` output (bsc#1142791) - add various ceph-volume related info bits - add config file from /srv/salt/ceph/configuration/files - add deepsea cli log - use client id option in ceph commands Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2458=1 Package List: - SUSE Enterprise Storage 6 (noarch): supportutils-plugin-ses-6.0+git.1568626220.ab963ce-3.3.1 References: https://bugzilla.suse.com/1142791 https://bugzilla.suse.com/1147148 https://bugzilla.suse.com/1150419 https://bugzilla.suse.com/1150420 From sle-updates at lists.suse.com Wed Sep 25 04:13:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Sep 2019 12:13:20 +0200 (CEST) Subject: SUSE-RU-2019:2456-1: moderate: Recommended update for lvm2 Message-ID: <20190925101320.3A0A2F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2456-1 Rating: moderate References: #1145231 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lvm2 fixes the following issues: - MD devices will now get detected by LVM2 with metadata=1.0/0.9 (bsc#1145231) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2456=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2456=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2456=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2456=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-devel-1.02.149-9.15.1 lvm2-debuginfo-2.02.180-9.15.1 lvm2-debugsource-2.02.180-9.15.1 lvm2-devel-2.02.180-9.15.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-9.15.1 device-mapper-debuginfo-1.02.149-9.15.1 lvm2-2.02.180-9.15.1 lvm2-debuginfo-2.02.180-9.15.1 lvm2-debugsource-2.02.180-9.15.1 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): device-mapper-32bit-1.02.149-9.15.1 device-mapper-debuginfo-32bit-1.02.149-9.15.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.15.1 lvm2-clvm-debuginfo-2.02.180-9.15.1 lvm2-cmirrord-2.02.180-9.15.1 lvm2-cmirrord-debuginfo-2.02.180-9.15.1 lvm2-debuginfo-2.02.180-9.15.1 lvm2-debugsource-2.02.180-9.15.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): device-mapper-1.02.149-9.15.1 device-mapper-32bit-1.02.149-9.15.1 device-mapper-debuginfo-1.02.149-9.15.1 device-mapper-debuginfo-32bit-1.02.149-9.15.1 lvm2-2.02.180-9.15.1 lvm2-debuginfo-2.02.180-9.15.1 lvm2-debugsource-2.02.180-9.15.1 References: https://bugzilla.suse.com/1145231 From sle-updates at lists.suse.com Wed Sep 25 04:14:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Sep 2019 12:14:03 +0200 (CEST) Subject: SUSE-RU-2019:2459-1: moderate: Recommended update for makedumpfile Message-ID: <20190925101403.4C4A2F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for makedumpfile ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2459-1 Rating: moderate References: #1123015 #1138451 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for makedumpfile provides the following fix: - Update larger VA size changes to work across codestreams. (bsc#1123015, bsc#1138451) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2459=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): makedumpfile-1.6.3-10.3.1 makedumpfile-debuginfo-1.6.3-10.3.1 makedumpfile-debugsource-1.6.3-10.3.1 References: https://bugzilla.suse.com/1123015 https://bugzilla.suse.com/1138451 From sle-updates at lists.suse.com Wed Sep 25 04:14:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Sep 2019 12:14:54 +0200 (CEST) Subject: SUSE-RU-2019:2457-1: moderate: Recommended update for fence-agents Message-ID: <20190925101454.DD5C8F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2457-1 Rating: moderate References: #1150504 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents provides the following fix: - aliyun: Include the latest upstream fixes on the Alibaba Cloud fence-agent. (bsc#1150504) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2457=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): fence-agents-4.4.0+git.1558595666.5f79f9e9-3.8.1 fence-agents-debuginfo-4.4.0+git.1558595666.5f79f9e9-3.8.1 fence-agents-debugsource-4.4.0+git.1558595666.5f79f9e9-3.8.1 References: https://bugzilla.suse.com/1150504 From sle-updates at lists.suse.com Wed Sep 25 07:11:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Sep 2019 15:11:56 +0200 (CEST) Subject: SUSE-SU-2019:2460-1: important: Security update for ghostscript Message-ID: <20190925131156.256E2F7BE@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2460-1 Rating: important References: #1129180 #1129186 #1134156 #1140359 #1146882 #1146884 Cross-References: CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for ghostscript fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2460=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2460=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2460=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2460=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ghostscript-mini-9.27-3.21.1 ghostscript-mini-debuginfo-9.27-3.21.1 ghostscript-mini-debugsource-9.27-3.21.1 ghostscript-mini-devel-9.27-3.21.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): ghostscript-mini-9.27-3.21.1 ghostscript-mini-debuginfo-9.27-3.21.1 ghostscript-mini-debugsource-9.27-3.21.1 ghostscript-mini-devel-9.27-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ghostscript-9.27-3.21.1 ghostscript-debuginfo-9.27-3.21.1 ghostscript-debugsource-9.27-3.21.1 ghostscript-devel-9.27-3.21.1 ghostscript-x11-9.27-3.21.1 ghostscript-x11-debuginfo-9.27-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): ghostscript-9.27-3.21.1 ghostscript-debuginfo-9.27-3.21.1 ghostscript-debugsource-9.27-3.21.1 ghostscript-devel-9.27-3.21.1 ghostscript-x11-9.27-3.21.1 ghostscript-x11-debuginfo-9.27-3.21.1 References: https://www.suse.com/security/cve/CVE-2019-12973.html https://www.suse.com/security/cve/CVE-2019-14811.html https://www.suse.com/security/cve/CVE-2019-14812.html https://www.suse.com/security/cve/CVE-2019-14813.html https://www.suse.com/security/cve/CVE-2019-14817.html https://www.suse.com/security/cve/CVE-2019-3835.html https://www.suse.com/security/cve/CVE-2019-3839.html https://bugzilla.suse.com/1129180 https://bugzilla.suse.com/1129186 https://bugzilla.suse.com/1134156 https://bugzilla.suse.com/1140359 https://bugzilla.suse.com/1146882 https://bugzilla.suse.com/1146884 From sle-updates at lists.suse.com Wed Sep 25 13:11:20 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Sep 2019 21:11:20 +0200 (CEST) Subject: SUSE-SU-2019:2461-1: moderate: Security update for mariadb Message-ID: <20190925191120.C0A8CF7BE@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2461-1 Rating: moderate References: #1127027 #1132826 #1141798 #1142058 #1143215 Cross-References: CVE-2019-2614 CVE-2019-2627 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for mariadb fixes the following issues: Updated to MariaDB 10.0.40-1. Security issues fixed: - CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737, CVE-2019-2614, CVE-2019-2627. (bsc#1132826) (bsc#1141798). Non-security issues fixed: - Adjusted mysql-systemd-helper ("shutdown protected MySQL" section) so it checks both ping response and the pid in a process list as it can take some time till the process is terminated. Otherwise it can lead to "found left-over process" situation when regular mariadb is started. (bsc#1143215) - Fixed IP resolving in mysql_install_db script. (bsc#1142058, bsc#1127027, MDEV-18526) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2461=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2461=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2461=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libmysqlclient18-10.0.40.1-29.32.1 libmysqlclient18-debuginfo-10.0.40.1-29.32.1 - SUSE OpenStack Cloud 8 (x86_64): libmysqlclient18-10.0.40.1-29.32.1 libmysqlclient18-debuginfo-10.0.40.1-29.32.1 - HPE Helion Openstack 8 (x86_64): libmysqlclient18-10.0.40.1-29.32.1 libmysqlclient18-debuginfo-10.0.40.1-29.32.1 References: https://www.suse.com/security/cve/CVE-2019-2614.html https://www.suse.com/security/cve/CVE-2019-2627.html https://www.suse.com/security/cve/CVE-2019-2737.html https://www.suse.com/security/cve/CVE-2019-2739.html https://www.suse.com/security/cve/CVE-2019-2740.html https://www.suse.com/security/cve/CVE-2019-2805.html https://bugzilla.suse.com/1127027 https://bugzilla.suse.com/1132826 https://bugzilla.suse.com/1141798 https://bugzilla.suse.com/1142058 https://bugzilla.suse.com/1143215 From sle-updates at lists.suse.com Wed Sep 25 13:12:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Sep 2019 21:12:35 +0200 (CEST) Subject: SUSE-SU-2019:2463-1: moderate: Security update for SDL2 Message-ID: <20190925191235.1BF03F7BE@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2463-1 Rating: moderate References: #1141844 #1142031 Cross-References: CVE-2019-13616 CVE-2019-13626 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for SDL2 fixes the following issues: Security issues fixed: - CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844). - CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2463=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2463=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-2463=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): SDL2-debugsource-2.0.8-3.15.1 libSDL2-2_0-0-32bit-2.0.8-3.15.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-3.15.1 libSDL2-devel-32bit-2.0.8-3.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-3.15.1 libSDL2-2_0-0-2.0.8-3.15.1 libSDL2-2_0-0-debuginfo-2.0.8-3.15.1 libSDL2-devel-2.0.8-3.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-3.15.1 libSDL2-2_0-0-2.0.8-3.15.1 libSDL2-2_0-0-debuginfo-2.0.8-3.15.1 libSDL2-devel-2.0.8-3.15.1 References: https://www.suse.com/security/cve/CVE-2019-13616.html https://www.suse.com/security/cve/CVE-2019-13626.html https://bugzilla.suse.com/1141844 https://bugzilla.suse.com/1142031 From sle-updates at lists.suse.com Wed Sep 25 13:13:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 25 Sep 2019 21:13:22 +0200 (CEST) Subject: SUSE-SU-2019:2462-1: moderate: Security update for python-numpy Message-ID: <20190925191322.30F65F7BE@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2462-1 Rating: moderate References: #1149203 Cross-References: CVE-2019-6446 Affected Products: SUSE Linux Enterprise Module for HPC 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issues: Non-security issues fixed: - Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15: zypper in -t patch SUSE-SLE-Module-HPC-15-2019-2462=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2462=1 Package List: - SUSE Linux Enterprise Module for HPC 15 (aarch64 x86_64): python2-numpy-gnu-hpc-1.16.1-4.8.1 python2-numpy-gnu-hpc-devel-1.16.1-4.8.1 python3-numpy-gnu-hpc-1.16.1-4.8.1 python3-numpy-gnu-hpc-devel-1.16.1-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.16.1-4.8.1 python-numpy-debugsource-1.16.1-4.8.1 python2-numpy-1.16.1-4.8.1 python2-numpy-debuginfo-1.16.1-4.8.1 python2-numpy-devel-1.16.1-4.8.1 python3-numpy-1.16.1-4.8.1 python3-numpy-debuginfo-1.16.1-4.8.1 python3-numpy-devel-1.16.1-4.8.1 References: https://www.suse.com/security/cve/CVE-2019-6446.html https://bugzilla.suse.com/1149203 From sle-updates at lists.suse.com Wed Sep 25 19:10:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 03:10:36 +0200 (CEST) Subject: SUSE-RU-2019:2468-1: moderate: Recommended update for supportutils-plugin-suse-openstack-cloud Message-ID: <20190926011036.6C533F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2468-1 Rating: moderate References: #1140267 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-suse-openstack-cloud fixes the following issues: - Update to version 9.0.1562324636.e7046a3: * Add the freezer service to config file and log file collection * Change the dir from where the ardana model/config files are collected Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2468=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2468=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): supportutils-plugin-suse-openstack-cloud-9.0.1562324636.e7046a3-3.3.1 - SUSE OpenStack Cloud 9 (noarch): supportutils-plugin-suse-openstack-cloud-9.0.1562324636.e7046a3-3.3.1 References: https://bugzilla.suse.com/1140267 From sle-updates at lists.suse.com Wed Sep 25 19:11:16 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 03:11:16 +0200 (CEST) Subject: SUSE-RU-2019:2471-1: moderate: Recommended update for perf Message-ID: <20190926011116.49867F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2471-1 Rating: moderate References: #1117114 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perf provides the following fixes: - Correctly list implementation defined events on Cavium. (bsc#1117114) - Fix core dump in `perf stat -e` on Cavium. (bsc#1117114) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2471=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): perf-4.12.14-17.6.1 perf-debuginfo-4.12.14-17.6.1 perf-debugsource-4.12.14-17.6.1 References: https://bugzilla.suse.com/1117114 From sle-updates at lists.suse.com Wed Sep 25 19:11:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 03:11:55 +0200 (CEST) Subject: SUSE-RU-2019:2470-1: moderate: Recommended update for perf Message-ID: <20190926011155.C52AAF7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2470-1 Rating: moderate References: #1147003 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perf fixes the following issues: - Fix failure of perf c2c report if cpus are offline. (bsc#1147003) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2470=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): perf-4.12.14-46.6.1 perf-debuginfo-4.12.14-46.6.1 perf-debugsource-4.12.14-46.6.1 References: https://bugzilla.suse.com/1147003 From sle-updates at lists.suse.com Wed Sep 25 19:12:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 03:12:35 +0200 (CEST) Subject: SUSE-RU-2019:2465-1: important: Recommended update for rmt-server Message-ID: <20190926011235.3F0B0F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2465-1 Rating: important References: #1136168 #1136178 #1138863 #1142641 #1145688 #1146611 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Preserve cached metadata timestamps. (bsc#1146611) - Allow to mirror individual products/repositories. (bsc#1138863) - RMT now uses mirror_src to determine whether or not to download source packages. (bsc#1145688) - Fix RMT installer_repo call for empty release_type parameter. (bsc#1136178) - Clean up download queue on metadata download errors. (bsc#1142641) - Removed release stage from names to be consistent with SCC. (bsc#1136168) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2465=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): rmt-server-2.4.1-3.23.1 rmt-server-config-2.4.1-3.23.1 rmt-server-debuginfo-2.4.1-3.23.1 References: https://bugzilla.suse.com/1136168 https://bugzilla.suse.com/1136178 https://bugzilla.suse.com/1138863 https://bugzilla.suse.com/1142641 https://bugzilla.suse.com/1145688 https://bugzilla.suse.com/1146611 From sle-updates at lists.suse.com Wed Sep 25 19:13:51 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 03:13:51 +0200 (CEST) Subject: SUSE-RU-2019:2469-1: moderate: Recommended update for documentation-openstack, documentation-suse-openstack-cloud, release-notes-suse-openstack-cloud Message-ID: <20190926011351.60956F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for documentation-openstack, documentation-suse-openstack-cloud, release-notes-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2469-1 Rating: moderate References: #1108818 #1128453 #1132852 #1134589 #1135354 #1135355 #1136569 #1137377 #1137817 #1138489 #1138967 #1139750 #1140663 #1142032 #1142312 #1142521 #1142686 #1143310 #1145498 #1146206 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that has 20 recommended fixes can now be installed. Description: This update for documentation-openstack, documentation-suse-openstack-cloud, release-notes-suse-openstack-cloud fixes the following issues: - add provides/obsoletes for the cloud8 documentation variants - Update to version 9.20190820: * add note about venv- prefix (SOC-9958) * add requirement for dummy entries in servers.yml (bsc#1146206) - Update to version 9.20190819: * Fix broken URLs (SOC-10108) - Update to version 9.20190816: * add workaround for partition image resize (bsc#1145498) - Update to version 9.20190813: * MANAGEMENT network group cannot be changed, is required (SOC-10106) - Update to version 9.20190812: * Remove VMware appendix (SOC-10081) * Remove VMware appendix (SOC-10081) * replace Administration Server entity (SOC-8984) - Update to version 9.20190808: * Fix docmanager URL (noref) * The Upstream User Guide is just the User Guide (noref) * POC guide: Add product name & version on title page (noref) * Make names of CLM/Crowbar sets consistent, right documents in each (noref) * Update config-ansible_playbook.xml * add ardana prompt, add ardana-init step (bsc#1143310) * add ironic configuration table (SOC-9936) * SOC-8980: Moving new sections in CLM install guide * SOC-8946: Update Ovsvapp install docs * New ID Format (noref) - Update packagaing to deal with new ID names - Update to version 9.20190730: * Replace SES with entity * Add changes requested by TR (noref) - Update to version 9.20190729: * add image-volume cache instructions for SES (bsc#1140663) - Update to version 9.20190726: * modify MariaDB backup procedure (bsc#1142312) - Update to version 9.20190725: * warning about .j2 file comments (bsc#1142521) * Remove redundant TLS config content (SOC-9000) * MANAGEMENT network group name cannot be changed (bsc#1142686) * replace SUSE ca-certificate instructions for Crowbar (bsc#1136569) * replace SUSE ca-cert instructions with public (bsc#1136569) - Update to version 9.20190724: * Fix SOC-9588) * remove ardana references in Crowbar doc (SOC-9904) - Update to version 9.20190722: * clarify No Maintenance Mode (bsc#1108818) * replace empty ESX compatibility guide (noref) * delete cache volume before trying to use source volume (bsc#1142032) * delete cache volume when source volume is changed (bsc#1142032) * replace empty ESX compatibility guide (noref) - Update to version 9.20190719: * update MariaDB manually with CLI (bsc#1132852, SOC-9022) * update MariaDB manually with CLI (bsc#1132852, SOC-9022) - Update to version 9.20190718: * Fix DC file * change SES URL (bsc#1137817) - Update to version 9.20190717: * add Redfish instructions (SOC-9291) * remove duplicate content (bsc#1138489) * correct repo URL (bsc#1134589) * change ses_config.yml to settings.yml (bsc#1137377) * improve performance, image-volume-cache (bsc#1140663) * update suse-12.3 to suse-12.4 (bsc#1135355) * CLM update mariadb manually with CLI (bsc#1132852, SOC-9022) * manually set MTU or br-init with jumbo frames (bsc#1139750) * remove empty step in procedure (trivial) * update PTF deploy instructions (bsc#1128453) * remove HA SNAT section, not supported in SOC9 (bsc#1135354) * add hostnamectl to ardana-update-pkgs process (bsc#1138967) - Update to version 9.20190808: * Fix misspelling of corresponding * Clarify text * Add limitation for ipv4 addresses in CLM install UI (SOC-9677) - Update to version 9.20190725: * Add Swift requirement for SES to known issues (SOC-9303) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2469=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2469=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): documentation-openstack-admin-9.20190415-3.3.1 documentation-openstack-common-9.20190415-3.3.1 documentation-openstack-user-9.20190415-3.3.1 documentation-suse-openstack-cloud-crowbar-deployment-9.20190820-3.6.1 documentation-suse-openstack-cloud-crowbar-operations-9.20190820-3.6.1 documentation-suse-openstack-cloud-supplement-9.20190820-3.6.1 release-notes-suse-openstack-cloud-9.20190808-3.9.1 - SUSE OpenStack Cloud 9 (noarch): documentation-openstack-admin-9.20190415-3.3.1 documentation-openstack-common-9.20190415-3.3.1 documentation-openstack-user-9.20190415-3.3.1 documentation-suse-openstack-cloud-deployment-9.20190820-3.6.1 documentation-suse-openstack-cloud-operations-9.20190820-3.6.1 documentation-suse-openstack-cloud-security-9.20190820-3.6.1 documentation-suse-openstack-cloud-supplement-9.20190820-3.6.1 release-notes-suse-openstack-cloud-9.20190808-3.9.1 References: https://bugzilla.suse.com/1108818 https://bugzilla.suse.com/1128453 https://bugzilla.suse.com/1132852 https://bugzilla.suse.com/1134589 https://bugzilla.suse.com/1135354 https://bugzilla.suse.com/1135355 https://bugzilla.suse.com/1136569 https://bugzilla.suse.com/1137377 https://bugzilla.suse.com/1137817 https://bugzilla.suse.com/1138489 https://bugzilla.suse.com/1138967 https://bugzilla.suse.com/1139750 https://bugzilla.suse.com/1140663 https://bugzilla.suse.com/1142032 https://bugzilla.suse.com/1142312 https://bugzilla.suse.com/1142521 https://bugzilla.suse.com/1142686 https://bugzilla.suse.com/1143310 https://bugzilla.suse.com/1145498 https://bugzilla.suse.com/1146206 From sle-updates at lists.suse.com Wed Sep 25 19:19:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 03:19:05 +0200 (CEST) Subject: SUSE-RU-2019:2464-1: moderate: Recommended update for kiwi Message-ID: <20190926011905.9769CF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2464-1 Rating: moderate References: #1150238 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kiwi fixes the following issues: - Is now able to handle multiple packages with same name but different versions/releases in one repo (bsc#1150238) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2464=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2464=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): kiwi-instsource-7.04.53-2.15.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): kiwi-7.04.53-2.15.1 kiwi-desc-oemboot-7.04.53-2.15.1 kiwi-desc-vmxboot-7.04.53-2.15.1 kiwi-templates-7.04.53-2.15.1 - SUSE Linux Enterprise Server 12-SP4 (ppc64le s390x x86_64): kiwi-desc-netboot-7.04.53-2.15.1 - SUSE Linux Enterprise Server 12-SP4 (x86_64): kiwi-desc-isoboot-7.04.53-2.15.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): kiwi-doc-7.04.53-2.15.1 References: https://bugzilla.suse.com/1150238 From sle-updates at lists.suse.com Wed Sep 25 19:21:56 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 03:21:56 +0200 (CEST) Subject: SUSE-RU-2019:2466-1: important: Recommended update for SAPHanaSR Message-ID: <20190926012156.4EDF3F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2466-1 Rating: important References: #1082974 #1101373 #1133024 #1133866 #1134106 #1139715 #1149829 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Fixes a bug where an attribute was not correctly set for remoteNode (bsc#1082974) - Does no longer set attributes to prevent unlogged failovers because of empty or unknown attributes (bsc#1134106, bsc#1133024, bsc#1101373) - Will now return $OCF_RUNNING_MASTER (8) instead of $OCF_SUCCESS (0) when probing a promoted node (bsc#1133866) - Using crm-attributes written by a SAP HANA SR provider hook does improve the data integrity in special error conditions with multiple errors coming in a short time frame (bsc#1139715) - Fix a typo in a condition statement that was breaking SAPHanaSR-monitor output. (bnc#1149829) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2019-2466=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2019-2466=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): SAPHanaSR-0.153.2-4.8.1 SAPHanaSR-doc-0.153.2-4.8.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): SAPHanaSR-0.153.2-4.8.1 SAPHanaSR-doc-0.153.2-4.8.1 References: https://bugzilla.suse.com/1082974 https://bugzilla.suse.com/1101373 https://bugzilla.suse.com/1133024 https://bugzilla.suse.com/1133866 https://bugzilla.suse.com/1134106 https://bugzilla.suse.com/1139715 https://bugzilla.suse.com/1149829 From sle-updates at lists.suse.com Wed Sep 25 19:23:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 03:23:32 +0200 (CEST) Subject: SUSE-RU-2019:2467-1: moderate: Recommended update for sleshammer Message-ID: <20190926012332.EF7C0F7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for sleshammer ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2467-1 Rating: moderate References: #1140267 Affected Products: SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sleshammer fixes the following issues: - IPv6: Export ip_version and handle the DHCP domain - Really drop etc/udev/rules.d/70-persistent-net.rules from the overlay - it was still present in the tarball. (SOC-9288) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2467=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): sleshammer-debugsource-0.9.0-7.3.1 sleshammer-x86_64-0.9.0-7.3.1 References: https://bugzilla.suse.com/1140267 From sle-updates at lists.suse.com Thu Sep 26 10:12:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 18:12:43 +0200 (CEST) Subject: SUSE-SU-2019:2474-1: moderate: Security update for u-boot Message-ID: <20190926161243.32EB1F7BE@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2474-1 Rating: moderate References: #1144656 #1144675 Cross-References: CVE-2019-13104 CVE-2019-13106 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for u-boot fixes the following issues: Security issues fixed: - CVE-2019-13106: Fixed stack buffer overflow via a crafted ext4 filesystem that may lead to code execution (bsc#1144656). - CVE-2019-13104: Fixed an underflow that could cause memcpy() to overwrite a very large amount of data via a crafted ext4 filesystem (bsc#1144675). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2474=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): u-boot-tools-2018.03-4.3.1 u-boot-tools-debuginfo-2018.03-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64): u-boot-rpi3-2018.03-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-13104.html https://www.suse.com/security/cve/CVE-2019-13106.html https://bugzilla.suse.com/1144656 https://bugzilla.suse.com/1144675 From sle-updates at lists.suse.com Thu Sep 26 10:13:33 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 18:13:33 +0200 (CEST) Subject: SUSE-RU-2019:2477-1: moderate: Recommended update for openwsman Message-ID: <20190926161333.AB1B9F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for openwsman ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2477-1 Rating: moderate References: #1105331 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openwsman fixes the following issues: - Adds CIM_NAMESPACE if it's not already present (bsc#1105331) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2477=1 - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2477=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2477=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2477=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libwsman-devel-2.6.7-3.6.1 libwsman3-2.6.7-3.6.1 libwsman3-debuginfo-2.6.7-3.6.1 openwsman-debuginfo-2.6.7-3.6.1 openwsman-debugsource-2.6.7-3.6.1 openwsman-server-2.6.7-3.6.1 openwsman-server-debuginfo-2.6.7-3.6.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libwsman-devel-2.6.7-3.6.1 libwsman3-2.6.7-3.6.1 libwsman3-debuginfo-2.6.7-3.6.1 openwsman-debuginfo-2.6.7-3.6.1 openwsman-debugsource-2.6.7-3.6.1 openwsman-server-2.6.7-3.6.1 openwsman-server-debuginfo-2.6.7-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libwsman_clientpp-devel-2.6.7-3.6.1 libwsman_clientpp1-2.6.7-3.6.1 libwsman_clientpp1-debuginfo-2.6.7-3.6.1 openwsman-debuginfo-2.6.7-3.6.1 openwsman-debugsource-2.6.7-3.6.1 openwsman-java-2.6.7-3.6.1 openwsman-perl-2.6.7-3.6.1 openwsman-perl-debuginfo-2.6.7-3.6.1 openwsman-ruby-2.6.7-3.6.1 openwsman-ruby-debuginfo-2.6.7-3.6.1 openwsman-ruby-docs-2.6.7-3.6.1 openwsman-server-plugin-ruby-2.6.7-3.6.1 openwsman-server-plugin-ruby-debuginfo-2.6.7-3.6.1 python3-openwsman-2.6.7-3.6.1 python3-openwsman-debuginfo-2.6.7-3.6.1 winrs-2.6.7-3.6.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libwsman_clientpp-devel-2.6.7-3.6.1 libwsman_clientpp1-2.6.7-3.6.1 libwsman_clientpp1-debuginfo-2.6.7-3.6.1 openwsman-debuginfo-2.6.7-3.6.1 openwsman-debugsource-2.6.7-3.6.1 openwsman-java-2.6.7-3.6.1 openwsman-perl-2.6.7-3.6.1 openwsman-perl-debuginfo-2.6.7-3.6.1 openwsman-ruby-2.6.7-3.6.1 openwsman-ruby-debuginfo-2.6.7-3.6.1 openwsman-ruby-docs-2.6.7-3.6.1 openwsman-server-plugin-ruby-2.6.7-3.6.1 openwsman-server-plugin-ruby-debuginfo-2.6.7-3.6.1 python3-openwsman-2.6.7-3.6.1 python3-openwsman-debuginfo-2.6.7-3.6.1 winrs-2.6.7-3.6.1 References: https://bugzilla.suse.com/1105331 From sle-updates at lists.suse.com Thu Sep 26 10:14:17 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 18:14:17 +0200 (CEST) Subject: SUSE-SU-2019:2475-1: moderate: Security update for u-boot Message-ID: <20190926161417.75E7FF7BE@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2475-1 Rating: moderate References: #1144656 #1144675 Cross-References: CVE-2019-13104 CVE-2019-13106 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for u-boot fixes the following issues: Security issues fixed: - CVE-2019-13106: Fixed stack buffer overflow via a crafted ext4 filesystem that may lead to code execution (bsc#1144656). - CVE-2019-13104: Fixed an underflow that could cause memcpy() to overwrite a very large amount of data via a crafted ext4 filesystem (bsc#1144675). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2475=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2475=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64): u-boot-bananapim64-2019.01-7.3.1 u-boot-bananapim64-doc-2019.01-7.3.1 u-boot-dragonboard410c-2019.01-7.3.1 u-boot-dragonboard410c-doc-2019.01-7.3.1 u-boot-dragonboard820c-2019.01-7.3.1 u-boot-dragonboard820c-doc-2019.01-7.3.1 u-boot-evb-rk3399-2019.01-7.3.1 u-boot-evb-rk3399-doc-2019.01-7.3.1 u-boot-firefly-rk3399-2019.01-7.3.1 u-boot-firefly-rk3399-doc-2019.01-7.3.1 u-boot-geekbox-2019.01-7.3.1 u-boot-geekbox-doc-2019.01-7.3.1 u-boot-hikey-2019.01-7.3.1 u-boot-hikey-doc-2019.01-7.3.1 u-boot-khadas-vim-2019.01-7.3.1 u-boot-khadas-vim-doc-2019.01-7.3.1 u-boot-khadas-vim2-2019.01-7.3.1 u-boot-khadas-vim2-doc-2019.01-7.3.1 u-boot-ls1012afrdmqspi-2019.01-7.3.1 u-boot-ls1012afrdmqspi-doc-2019.01-7.3.1 u-boot-mvebudb-88f3720-2019.01-7.3.1 u-boot-mvebudb-88f3720-doc-2019.01-7.3.1 u-boot-mvebudbarmada8k-2019.01-7.3.1 u-boot-mvebudbarmada8k-doc-2019.01-7.3.1 u-boot-mvebuespressobin-88f3720-2019.01-7.3.1 u-boot-mvebuespressobin-88f3720-doc-2019.01-7.3.1 u-boot-mvebumcbin-88f8040-2019.01-7.3.1 u-boot-mvebumcbin-88f8040-doc-2019.01-7.3.1 u-boot-nanopia64-2019.01-7.3.1 u-boot-nanopia64-doc-2019.01-7.3.1 u-boot-odroid-c2-2019.01-7.3.1 u-boot-odroid-c2-doc-2019.01-7.3.1 u-boot-orangepipc2-2019.01-7.3.1 u-boot-orangepipc2-doc-2019.01-7.3.1 u-boot-p2371-2180-2019.01-7.3.1 u-boot-p2371-2180-doc-2019.01-7.3.1 u-boot-p2771-0000-500-2019.01-7.3.1 u-boot-p2771-0000-500-doc-2019.01-7.3.1 u-boot-pine64plus-2019.01-7.3.1 u-boot-pine64plus-doc-2019.01-7.3.1 u-boot-pinebook-2019.01-7.3.1 u-boot-pinebook-doc-2019.01-7.3.1 u-boot-pineh64-2019.01-7.3.1 u-boot-pineh64-doc-2019.01-7.3.1 u-boot-poplar-2019.01-7.3.1 u-boot-poplar-doc-2019.01-7.3.1 u-boot-rock960-rk3399-2019.01-7.3.1 u-boot-rock960-rk3399-doc-2019.01-7.3.1 u-boot-rpi3-doc-2019.01-7.3.1 u-boot-xilinxzynqmpgeneric-2019.01-7.3.1 u-boot-xilinxzynqmpgeneric-doc-2019.01-7.3.1 u-boot-xilinxzynqmpzcu102rev10-2019.01-7.3.1 u-boot-xilinxzynqmpzcu102rev10-doc-2019.01-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): u-boot-tools-2019.01-7.3.1 u-boot-tools-debuginfo-2019.01-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64): u-boot-rpi3-2019.01-7.3.1 References: https://www.suse.com/security/cve/CVE-2019-13104.html https://www.suse.com/security/cve/CVE-2019-13106.html https://bugzilla.suse.com/1144656 https://bugzilla.suse.com/1144675 From sle-updates at lists.suse.com Thu Sep 26 10:15:06 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 18:15:06 +0200 (CEST) Subject: SUSE-RU-2019:2476-1: important: Recommended update for pacemaker Message-ID: <20190926161506.D5C6BF7C7@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2476-1 Rating: important References: #1140519 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pacemaker fixes the following issues: - Run main loop for crm_resource clean-up with resource. (bsc#1140519) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2019-2476=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.18+20180430.b12c320f5-3.15.1 libpacemaker3-1.1.18+20180430.b12c320f5-3.15.1 libpacemaker3-debuginfo-1.1.18+20180430.b12c320f5-3.15.1 pacemaker-1.1.18+20180430.b12c320f5-3.15.1 pacemaker-cli-1.1.18+20180430.b12c320f5-3.15.1 pacemaker-cli-debuginfo-1.1.18+20180430.b12c320f5-3.15.1 pacemaker-debuginfo-1.1.18+20180430.b12c320f5-3.15.1 pacemaker-debugsource-1.1.18+20180430.b12c320f5-3.15.1 pacemaker-remote-1.1.18+20180430.b12c320f5-3.15.1 pacemaker-remote-debuginfo-1.1.18+20180430.b12c320f5-3.15.1 - SUSE Linux Enterprise High Availability 15 (noarch): pacemaker-cts-1.1.18+20180430.b12c320f5-3.15.1 References: https://bugzilla.suse.com/1140519 From sle-updates at lists.suse.com Thu Sep 26 10:15:52 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 18:15:52 +0200 (CEST) Subject: SUSE-SU-2019:2473-1: moderate: Security update for nghttp2 Message-ID: <20190926161552.0C4C0F7BE@maintenance.suse.de> SUSE Security Update: Security update for nghttp2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2473-1 Rating: moderate References: #1112438 #1125689 #1134616 #1146182 #1146184 Cross-References: CVE-2019-9511 CVE-2019-9513 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461). Bug fixes and enhancements: - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Feature: Add W&S module (FATE#326776, bsc#1112438) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2473=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2473=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2473=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2473=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): nghttp2-1.39.2-3.3.1 nghttp2-debuginfo-1.39.2-3.3.1 nghttp2-debugsource-1.39.2-3.3.1 python3-nghttp2-1.39.2-3.3.1 python3-nghttp2-debuginfo-1.39.2-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libnghttp2_asio1-32bit-1.39.2-3.3.1 libnghttp2_asio1-32bit-debuginfo-1.39.2-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): nghttp2-1.39.2-3.3.1 nghttp2-debuginfo-1.39.2-3.3.1 nghttp2-debugsource-1.39.2-3.3.1 python3-nghttp2-1.39.2-3.3.1 python3-nghttp2-debuginfo-1.39.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libnghttp2-14-1.39.2-3.3.1 libnghttp2-14-debuginfo-1.39.2-3.3.1 libnghttp2-devel-1.39.2-3.3.1 libnghttp2_asio-devel-1.39.2-3.3.1 libnghttp2_asio1-1.39.2-3.3.1 libnghttp2_asio1-debuginfo-1.39.2-3.3.1 nghttp2-debuginfo-1.39.2-3.3.1 nghttp2-debugsource-1.39.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libnghttp2-14-32bit-1.39.2-3.3.1 libnghttp2-14-32bit-debuginfo-1.39.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libnghttp2-14-1.39.2-3.3.1 libnghttp2-14-debuginfo-1.39.2-3.3.1 libnghttp2-devel-1.39.2-3.3.1 libnghttp2_asio-devel-1.39.2-3.3.1 libnghttp2_asio1-1.39.2-3.3.1 libnghttp2_asio1-debuginfo-1.39.2-3.3.1 nghttp2-debuginfo-1.39.2-3.3.1 nghttp2-debugsource-1.39.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libnghttp2-14-32bit-1.39.2-3.3.1 libnghttp2-14-32bit-debuginfo-1.39.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-9511.html https://www.suse.com/security/cve/CVE-2019-9513.html https://bugzilla.suse.com/1112438 https://bugzilla.suse.com/1125689 https://bugzilla.suse.com/1134616 https://bugzilla.suse.com/1146182 https://bugzilla.suse.com/1146184 From sle-updates at lists.suse.com Thu Sep 26 10:17:14 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 18:17:14 +0200 (CEST) Subject: SUSE-SU-2019:2478-1: important: Security update for ghostscript Message-ID: <20190926161714.81C07F7BE@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2478-1 Rating: important References: #1129180 #1131863 #1134156 #1140359 #1146882 #1146884 Cross-References: CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Desktop 12-SP4 SUSE Enterprise Storage 5 SUSE Enterprise Storage 4 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for ghostscript to 9.27 fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2478=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2478=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2478=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-2478=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2478=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2019-2478=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2478=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2478=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-2478=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2478=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-2478=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2019-2478=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2478=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2478=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2478=1 - SUSE Linux Enterprise Desktop 12-SP5: zypper in -t patch SUSE-SLE-DESKTOP-12-SP5-2019-2478=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2478=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2478=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2019-2478=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2019-2478=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE OpenStack Cloud 8 (x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE OpenStack Cloud 7 (s390x x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-devel-9.27-23.28.1 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-devel-9.27-23.28.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Desktop 12-SP5 (x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - SUSE Enterprise Storage 4 (x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 - HPE Helion Openstack 8 (x86_64): ghostscript-9.27-23.28.1 ghostscript-debuginfo-9.27-23.28.1 ghostscript-debugsource-9.27-23.28.1 ghostscript-x11-9.27-23.28.1 ghostscript-x11-debuginfo-9.27-23.28.1 References: https://www.suse.com/security/cve/CVE-2019-12973.html https://www.suse.com/security/cve/CVE-2019-14811.html https://www.suse.com/security/cve/CVE-2019-14812.html https://www.suse.com/security/cve/CVE-2019-14813.html https://www.suse.com/security/cve/CVE-2019-14817.html https://www.suse.com/security/cve/CVE-2019-3835.html https://www.suse.com/security/cve/CVE-2019-3839.html https://bugzilla.suse.com/1129180 https://bugzilla.suse.com/1131863 https://bugzilla.suse.com/1134156 https://bugzilla.suse.com/1140359 https://bugzilla.suse.com/1146882 https://bugzilla.suse.com/1146884 From sle-updates at lists.suse.com Thu Sep 26 10:18:36 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 26 Sep 2019 18:18:36 +0200 (CEST) Subject: SUSE-RU-2019:2472-1: moderate: Recommended update for lrbd Message-ID: <20190926161836.0B391F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for lrbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2472-1 Rating: moderate References: #1137518 #1142218 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lrbd fixes the following issues: - Improves the performance of lrbd (bsc#1137518) - Added a validation to prevent duplicate gateway entries (bsc#1142218) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2472=1 Package List: - SUSE Enterprise Storage 6 (noarch): lrbd-2.3-3.3.1 References: https://bugzilla.suse.com/1137518 https://bugzilla.suse.com/1142218 From sle-updates at lists.suse.com Fri Sep 27 10:11:45 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Sep 2019 18:11:45 +0200 (CEST) Subject: SUSE-OU-2019:2483-1: Optional update for python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate. Message-ID: <20190927161145.6D327F7BE@maintenance.suse.de> SUSE Optional Update: Optional update for python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate. ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:2483-1 Rating: low References: #1088358 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update ships python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate for the SUSE Linux Enterprise Public Cloud 15 module. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-2483=1 - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-2483=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2483=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-2483=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2483=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2483=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2483=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): python2-fasteners-0.14.1-3.2.4 - SUSE Linux Enterprise Workstation Extension 15 (noarch): python2-fasteners-0.14.1-3.2.4 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-fasteners-0.14.1-3.2.4 python3-google-api-python-client-1.6.7-1.5.9 python3-httplib2-0.10.3-1.5.5 python3-oauth2client-4.1.2-1.5.8 python3-pyasn1-modules-0.2.1-3.2.4 python3-uritemplate-3.0.0-1.5.5 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch): python3-fasteners-0.14.1-3.2.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python2-pyasn1-modules-0.2.1-3.2.4 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python2-pyasn1-modules-0.2.1-3.2.4 python3-fasteners-0.14.1-3.2.4 python3-pyasn1-modules-0.2.1-3.2.4 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-fasteners-0.14.1-3.2.4 python3-pyasn1-modules-0.2.1-3.2.4 References: https://bugzilla.suse.com/1088358 From sle-updates at lists.suse.com Fri Sep 27 10:12:32 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Sep 2019 18:12:32 +0200 (CEST) Subject: SUSE-RU-2019:2484-1: important: Recommended update for rmt-server Message-ID: <20190927161232.39045F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2484-1 Rating: important References: #1136168 #1136178 #1138863 #1142641 #1145688 #1146611 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Preserve cached metadata timestamps. (bsc#1146611) - Allow to mirror individual products/repositories. (bsc#1138863) - RMT now uses mirror_src to determine whether or not to download source packages. (bsc#1145688) - Fix RMT installer_repo call for empty release_type parameter. (bsc#1136178) - Clean up download queue on metadata download errors. (bsc#1142641) - Removed release stage from names to be consistent with SCC. (bsc#1136168) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2484=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2484=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): rmt-server-2.4.1-3.6.1 rmt-server-config-2.4.1-3.6.1 rmt-server-debuginfo-2.4.1-3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.4.1-3.6.1 rmt-server-pubcloud-2.4.1-3.6.1 References: https://bugzilla.suse.com/1136168 https://bugzilla.suse.com/1136178 https://bugzilla.suse.com/1138863 https://bugzilla.suse.com/1142641 https://bugzilla.suse.com/1145688 https://bugzilla.suse.com/1146611 From sle-updates at lists.suse.com Fri Sep 27 10:13:48 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Sep 2019 18:13:48 +0200 (CEST) Subject: SUSE-SU-2019:2480-1: moderate: Security update for gpg2 Message-ID: <20190927161348.82FD0F7BE@maintenance.suse.de> SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2480-1 Rating: moderate References: #1124847 #1141093 Cross-References: CVE-2019-13050 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093) Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2480=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2480=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): gpg2-2.0.24-9.8.1 gpg2-debuginfo-2.0.24-9.8.1 gpg2-debugsource-2.0.24-9.8.1 - SUSE Linux Enterprise Server 12-SP4 (noarch): gpg2-lang-2.0.24-9.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): gpg2-2.0.24-9.8.1 gpg2-debuginfo-2.0.24-9.8.1 gpg2-debugsource-2.0.24-9.8.1 - SUSE Linux Enterprise Desktop 12-SP4 (noarch): gpg2-lang-2.0.24-9.8.1 - SUSE CaaS Platform 3.0 (x86_64): gpg2-2.0.24-9.8.1 gpg2-debuginfo-2.0.24-9.8.1 gpg2-debugsource-2.0.24-9.8.1 References: https://www.suse.com/security/cve/CVE-2019-13050.html https://bugzilla.suse.com/1124847 https://bugzilla.suse.com/1141093 From sle-updates at lists.suse.com Fri Sep 27 10:14:37 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Sep 2019 18:14:37 +0200 (CEST) Subject: SUSE-RU-2019:2482-1: important: Recommended update for google-compute-engine Message-ID: <20190927161437.68F29F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2482-1 Rating: important References: #1150058 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-compute-engine fixes the following issues: - Fixes an issue where the implementation of Google Private Access over IPv6 was not complete and thus crashed the application (bsc#1150058) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2482=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2482=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2482=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-compute-engine-debugsource-20190801-4.26.1 google-compute-engine-oslogin-20190801-4.26.1 google-compute-engine-oslogin-debuginfo-20190801-4.26.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-compute-engine-init-20190801-4.26.1 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190801-4.26.1 google-compute-engine-oslogin-debuginfo-20190801-4.26.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): google-compute-engine-init-20190801-4.26.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): google-compute-engine-debugsource-20190801-4.26.1 google-compute-engine-oslogin-32bit-20190801-4.26.1 google-compute-engine-oslogin-32bit-debuginfo-20190801-4.26.1 References: https://bugzilla.suse.com/1150058 From sle-updates at lists.suse.com Fri Sep 27 10:15:22 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 27 Sep 2019 18:15:22 +0200 (CEST) Subject: SUSE-RU-2019:2481-1: important: Recommended update for google-compute-engine Message-ID: <20190927161522.5C280F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2481-1 Rating: important References: #1150058 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-compute-engine fixes the following issues: - Fixes an issue where the implementation of Google Private Access over IPv6 was not complete and thus crashed the application (bsc#1150058) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2019-2481=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-compute-engine-oslogin-20190801-42.1 google-compute-engine-oslogin-debuginfo-20190801-42.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-compute-engine-init-20190801-42.1 References: https://bugzilla.suse.com/1150058 From sle-updates at lists.suse.com Sat Sep 28 07:11:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Sep 2019 15:11:03 +0200 (CEST) Subject: SUSE-RU-2019:14183-1: moderate: Recommended update for microcode_ctl Message-ID: <20190928131103.15CC6F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for microcode_ctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:14183-1 Rating: moderate References: #1138185 #1151232 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for microcode_ctl fixes the following issues: The Intel CPU Microcode bundle was updated to the 20190918 bugfix release (bsc#1151232 bsc#1138185) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ BDW-U/Y E0/F0 6-3d-4/c0 0000002d->0000002e Core Gen5 HSX-EX E0 6-3f-4/80 00000014->00000016 Xeon E7 v3 BDW-H/E3 E0/G0 6-47-1/22 00000020->00000021 Core Gen5 BDX-ML B0/M0/R0 6-4f-1/ef 0b000036->0b000038 Xeon E5/E7 v4; Core i7-69xx/68xx BDX-DE V1 6-56-2/10 0000001a->0000001c Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000017->07000019 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000015->0f000017 Xeon D-1557/59/67/71/77/81/87 BDX-NS A0 6-56-5/10 0e00000d->0e00000f Xeon D-1513N/23/33/43/53 SKX-SP H0/M0/U0 6-55-4/b7 0200005e->00000064 Xeon Scalable SKX-D M1 6-55-4/b7 0200005e->00000064 Xeon D-21xx CLX-SP B1 6-55-7/bf 05000021->0500002b Xeon Scalable Gen2 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-microcode_ctl-14183=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-microcode_ctl-14183=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): microcode_ctl-1.17-102.83.44.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): microcode_ctl-1.17-102.83.44.2 References: https://bugzilla.suse.com/1138185 https://bugzilla.suse.com/1151232 From sle-updates at lists.suse.com Sat Sep 28 07:11:55 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Sep 2019 15:11:55 +0200 (CEST) Subject: SUSE-RU-2019:2487-1: moderate: Recommended update for sle-module-containers-release Message-ID: <20190928131155.0AF82F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-containers-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2487-1 Rating: moderate References: #1146863 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sle-module-containers-release fixes the following issues: - Sync end of life date with SUSE Linux Enterprise 12 lifecycle. (bsc#1146863) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-2487=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): sle-module-containers-release-12-6.9.1 - SUSE Linux Enterprise Module for Containers 12 (ppc64le x86_64): sle-module-containers-release-cd-12-6.9.1 - SUSE Linux Enterprise Module for Containers 12 (s390x): sle-module-containers-release-POOL-12-6.9.1 References: https://bugzilla.suse.com/1146863 From sle-updates at lists.suse.com Sat Sep 28 07:12:34 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 28 Sep 2019 15:12:34 +0200 (CEST) Subject: SUSE-RU-2019:2486-1: moderate: Recommended update for ucode-intel Message-ID: <20190928131234.7F816F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2486-1 Rating: moderate References: #1138185 #1151232 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ucode-intel fixes the following issues: The Intel CPU Microcode was updated to the 20190918 bugfix release (bsc#1151232 bsc#1138185): Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ BDW-U/Y E0/F0 6-3d-4/c0 0000002d->0000002e Core Gen5 HSX-EX E0 6-3f-4/80 00000014->00000016 Xeon E7 v3 BDW-H/E3 E0/G0 6-47-1/22 00000020->00000021 Core Gen5 BDX-ML B0/M0/R0 6-4f-1/ef 0b000036->0b000038 Xeon E5/E7 v4; Core i7-69xx/68xx BDX-DE V1 6-56-2/10 0000001a->0000001c Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000017->07000019 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000015->0f000017 Xeon D-1557/59/67/71/77/81/87 BDX-NS A0 6-56-5/10 0e00000d->0e00000f Xeon D-1513N/23/33/43/53 SKX-SP H0/M0/U0 6-55-4/b7 0200005e->00000064 Xeon Scalable SKX-D M1 6-55-4/b7 0200005e->00000064 Xeon D-21xx CLX-SP B1 6-55-7/bf 05000021->0500002b Xeon Scalable Gen2 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2486=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): ucode-intel-20190918-3.25.1 References: https://bugzilla.suse.com/1138185 https://bugzilla.suse.com/1151232 From sle-updates at lists.suse.com Mon Sep 30 07:10:54 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Sep 2019 15:10:54 +0200 (CEST) Subject: SUSE-OU-2019:2489-1: SUSE Enterprise Storage 6 Technical Container Preview Message-ID: <20190930131054.7D32DF7BE@maintenance.suse.de> SUSE Optional Update: SUSE Enterprise Storage 6 Technical Container Preview ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:2489-1 Rating: low References: #1151909 #1152008 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has two optional fixes can now be installed. Description: This is a technical preview for SUSE Enterprise Storage 6. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2019-2489=1 Package List: - SUSE Enterprise Storage 6 (noarch): rook-k8s-yaml-1.1.1+git0.g9a2641a6-1.11.2 References: https://bugzilla.suse.com/1151909 https://bugzilla.suse.com/1152008 From sle-updates at lists.suse.com Mon Sep 30 13:11:11 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Sep 2019 21:11:11 +0200 (CEST) Subject: SUSE-RU-2019:2493-1: important: Recommended update for cloud-init Message-ID: <20190930191111.52377F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2493-1 Rating: important References: #1144363 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-init fixes the following issues: - Fixes a regression which was introduced by fixing a different bug in the last maintenance update for cloud-init (bsc#1144363) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-2493=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2493=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): cloud-init-19.1-5.14.1 cloud-init-config-suse-19.1-5.14.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cloud-init-doc-19.1-5.14.1 References: https://bugzilla.suse.com/1144363 From sle-updates at lists.suse.com Mon Sep 30 13:12:35 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Sep 2019 21:12:35 +0200 (CEST) Subject: SUSE-RU-2019:2495-1: moderate: Recommended update for firewalld-rpcbind-helper Message-ID: <20190930191235.2602FF7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for firewalld-rpcbind-helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2495-1 Rating: moderate References: #1146188 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for firewalld-rpcbind-helper fixes the following issues: - Fixes an error when running in python3 context and a port in `rpcinfo -p` is running neither as tcp nor in udp protocol (bsc#1146188) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2495=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2495=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): firewalld-rpcbind-helper-0.1-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): firewalld-rpcbind-helper-0.1-3.6.1 References: https://bugzilla.suse.com/1146188 From sle-updates at lists.suse.com Mon Sep 30 13:14:05 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Sep 2019 21:14:05 +0200 (CEST) Subject: SUSE-RU-2019:2491-1: moderate: Recommended update for oracleasm Message-ID: <20190930191405.39F28F7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2491-1 Rating: moderate References: #1053298 #1093128 #1144700 #1145675 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for oracleasm provides the following fixes: - Fix use after free for request processing timer. (bsc#1145675) - Fix build error with kernel 5.3. (bsc#1144700) - Updated code for SLES15 Kernel. (bsc#1053298, bsc#1093128) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2491=1 - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2019-2491=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.15-7.6.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.15-7.6.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): oracleasm-kmp-rt-2.0.8_k4.12.14_14.3-7.6.1 oracleasm-kmp-rt-debuginfo-2.0.8_k4.12.14_14.3-7.6.1 References: https://bugzilla.suse.com/1053298 https://bugzilla.suse.com/1093128 https://bugzilla.suse.com/1144700 https://bugzilla.suse.com/1145675 From sle-updates at lists.suse.com Mon Sep 30 13:16:18 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Sep 2019 21:16:18 +0200 (CEST) Subject: SUSE-RU-2019:2490-1: moderate: Recommended update for oracleasm Message-ID: <20190930191618.C81ADF7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2490-1 Rating: moderate References: #1053298 #1093128 #1119403 #1144700 #1145675 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for oracleasm provides the following fixes: - Fix use after free for request processing timer. (bsc#1145675) - Fix build error with kernel 5.3. (bsc#1144700) - Fix error: storage size of 'iter' isn't known. (bsc#1119403) - Updated code for SLES15 Kernel. (bsc#1053298, bsc#1093128) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-2490=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150.32-4.3.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.32-4.3.1 References: https://bugzilla.suse.com/1053298 https://bugzilla.suse.com/1093128 https://bugzilla.suse.com/1119403 https://bugzilla.suse.com/1144700 https://bugzilla.suse.com/1145675 From sle-updates at lists.suse.com Mon Sep 30 13:18:03 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 30 Sep 2019 21:18:03 +0200 (CEST) Subject: SUSE-RU-2019:2494-1: important: Recommended update for cloud-init Message-ID: <20190930191803.671FBF7BE@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2019:2494-1 Rating: important References: #1141969 #1144363 #1144881 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-init provides the following fixes: - Properly handle static routes. The EphemeralDHCP context manager did not parse or handle rfc3442 classless static routes which prevented reading datasource metadata in some clouds. (bsc#1141969) - The __str__ implementation no longer delivers the name of the interface, use the "name" attribute instead to form a proper path in the sysfs tree. (bsc#1144363) - If no routes are set for a subnet but the subnet has a gateway specified, set the gateway as the default route for the interface. (bsc#1144881) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2019-2494=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2494=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cloud-init-19.1-8.8.1 cloud-init-config-suse-19.1-8.8.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cloud-init-doc-19.1-8.8.1 References: https://bugzilla.suse.com/1141969 https://bugzilla.suse.com/1144363 https://bugzilla.suse.com/1144881 From sle-updates at lists.suse.com Mon Sep 30 16:13:01 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Oct 2019 00:13:01 +0200 (CEST) Subject: SUSE-OU-2019:2497-1: Optional update for yast2-rdp Message-ID: <20190930221301.E398CF7BE@maintenance.suse.de> SUSE Optional Update: Optional update for yast2-rdp ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:2497-1 Rating: low References: #1142282 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for yast2-rdp doesn't fix any user relevant issues. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2497=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (noarch): yast2-rdp-4.0.2.1-3.6.1 References: https://bugzilla.suse.com/1142282 From sle-updates at lists.suse.com Mon Sep 30 16:13:43 2019 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Oct 2019 00:13:43 +0200 (CEST) Subject: SUSE-OU-2019:2496-1: Optional update for yast2-rdp Message-ID: <20190930221343.83401F7BE@maintenance.suse.de> SUSE Optional Update: Optional update for yast2-rdp ______________________________________________________________________________ Announcement ID: SUSE-OU-2019:2496-1 Rating: low References: #1142282 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for yast2-rdp doesn't fix any user relevant issues. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2496=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): yast2-rdp-4.1.1-3.3.1 References: https://bugzilla.suse.com/1142282