From sle-updates at lists.suse.com Tue Sep 1 00:00:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:00:16 +0200 (CEST) Subject: SUSE-CU-2020:421-1: Recommended update of registry/harbor-db Message-ID: <20200901060016.7CF0AFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:421-1 Container Tags : registry/harbor-db:2.0.2 , registry/harbor-db:2.0.2-rev1 , registry/harbor-db:2.0.2-rev1-build3.3 Container Release : 3.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:00:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:00:34 +0200 (CEST) Subject: SUSE-CU-2020:422-1: Recommended update of registry/harbor-jobservice Message-ID: <20200901060034.E56EEFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:422-1 Container Tags : registry/harbor-jobservice:2.0.2 , registry/harbor-jobservice:2.0.2-rev1 , registry/harbor-jobservice:2.0.2-rev1-build2.3 Container Release : 2.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:00:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:00:53 +0200 (CEST) Subject: SUSE-CU-2020:423-1: Recommended update of registry/harbor-nginx Message-ID: <20200901060053.B39FFFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:423-1 Container Tags : registry/harbor-nginx:2.0.2 , registry/harbor-nginx:2.0.2-rev1 , registry/harbor-nginx:2.0.2-rev1-build2.3 Container Release : 2.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:01:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:01:19 +0200 (CEST) Subject: SUSE-CU-2020:424-1: Recommended update of registry/harbor-portal Message-ID: <20200901060119.3E74CFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:424-1 Container Tags : registry/harbor-portal:2.0.2 , registry/harbor-portal:2.0.2-rev1 , registry/harbor-portal:2.0.2-rev1-build3.5 Container Release : 3.5 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:01:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:01:36 +0200 (CEST) Subject: SUSE-CU-2020:425-1: Recommended update of registry/harbor-redis Message-ID: <20200901060136.05D44FF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-redis ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:425-1 Container Tags : registry/harbor-redis:2.0.2 , registry/harbor-redis:2.0.2-rev1 , registry/harbor-redis:2.0.2-rev1-build2.3 Container Release : 2.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-redis was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:01:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:01:52 +0200 (CEST) Subject: SUSE-CU-2020:426-1: Recommended update of registry/harbor-registry Message-ID: <20200901060152.86E5CFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:426-1 Container Tags : registry/harbor-registry:2.0.2 , registry/harbor-registry:2.0.2-rev1 , registry/harbor-registry:2.0.2-rev1-build2.4 Container Release : 2.4 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:02:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:02:08 +0200 (CEST) Subject: SUSE-CU-2020:427-1: Recommended update of registry/harbor-registryctl Message-ID: <20200901060208.AC622FF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:427-1 Container Tags : registry/harbor-registryctl:2.0.2 , registry/harbor-registryctl:2.0.2-rev1 , registry/harbor-registryctl:2.0.2-rev1-build2.3 Container Release : 2.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:02:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:02:39 +0200 (CEST) Subject: SUSE-CU-2020:429-1: Recommended update of registry/harbor-trivy-adapter Message-ID: <20200901060239.9D95EFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:429-1 Container Tags : registry/harbor-trivy-adapter:2.0.2 , registry/harbor-trivy-adapter:2.0.2-rev1 , registry/harbor-trivy-adapter:2.0.2-rev1-build2.3 Container Release : 2.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 04:17:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 12:17:00 +0200 (CEST) Subject: SUSE-SU-2020:2399-1: important: Security update for xorg-x11-server Message-ID: <20200901101700.3E517F403@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2399-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2399=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2399=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2399=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2399=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xorg-x11-server-1.19.6-4.11.1 xorg-x11-server-debuginfo-1.19.6-4.11.1 xorg-x11-server-debugsource-1.19.6-4.11.1 xorg-x11-server-extra-1.19.6-4.11.1 xorg-x11-server-extra-debuginfo-1.19.6-4.11.1 - SUSE OpenStack Cloud 9 (x86_64): xorg-x11-server-1.19.6-4.11.1 xorg-x11-server-debuginfo-1.19.6-4.11.1 xorg-x11-server-debugsource-1.19.6-4.11.1 xorg-x11-server-extra-1.19.6-4.11.1 xorg-x11-server-extra-debuginfo-1.19.6-4.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xorg-x11-server-1.19.6-4.11.1 xorg-x11-server-debuginfo-1.19.6-4.11.1 xorg-x11-server-debugsource-1.19.6-4.11.1 xorg-x11-server-extra-1.19.6-4.11.1 xorg-x11-server-extra-debuginfo-1.19.6-4.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.11.1 xorg-x11-server-debuginfo-1.19.6-4.11.1 xorg-x11-server-debugsource-1.19.6-4.11.1 xorg-x11-server-extra-1.19.6-4.11.1 xorg-x11-server-extra-debuginfo-1.19.6-4.11.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Tue Sep 1 04:18:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 12:18:10 +0200 (CEST) Subject: SUSE-SU-2020:2398-1: important: Security update for xorg-x11-server Message-ID: <20200901101810.2E626F403@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2398-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2398=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2398=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2398=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2398=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): xorg-x11-server-1.19.6-8.19.1 xorg-x11-server-debuginfo-1.19.6-8.19.1 xorg-x11-server-debugsource-1.19.6-8.19.1 xorg-x11-server-extra-1.19.6-8.19.1 xorg-x11-server-extra-debuginfo-1.19.6-8.19.1 xorg-x11-server-sdk-1.19.6-8.19.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): xorg-x11-server-1.19.6-8.19.1 xorg-x11-server-debuginfo-1.19.6-8.19.1 xorg-x11-server-debugsource-1.19.6-8.19.1 xorg-x11-server-extra-1.19.6-8.19.1 xorg-x11-server-extra-debuginfo-1.19.6-8.19.1 xorg-x11-server-sdk-1.19.6-8.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): xorg-x11-server-1.19.6-8.19.1 xorg-x11-server-debuginfo-1.19.6-8.19.1 xorg-x11-server-debugsource-1.19.6-8.19.1 xorg-x11-server-extra-1.19.6-8.19.1 xorg-x11-server-extra-debuginfo-1.19.6-8.19.1 xorg-x11-server-sdk-1.19.6-8.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): xorg-x11-server-1.19.6-8.19.1 xorg-x11-server-debuginfo-1.19.6-8.19.1 xorg-x11-server-debugsource-1.19.6-8.19.1 xorg-x11-server-extra-1.19.6-8.19.1 xorg-x11-server-extra-debuginfo-1.19.6-8.19.1 xorg-x11-server-sdk-1.19.6-8.19.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Tue Sep 1 04:19:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 12:19:23 +0200 (CEST) Subject: SUSE-SU-2020:2401-1: important: Security update for xorg-x11-server Message-ID: <20200901101923.2D9DAF403@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2401-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2401=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2401=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2401=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2401=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2401=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2401=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2401=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2401=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2401=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2401=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2401=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE OpenStack Cloud 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE OpenStack Cloud 7 (s390x x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - HPE Helion Openstack 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Tue Sep 1 04:20:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 12:20:33 +0200 (CEST) Subject: SUSE-SU-2020:14475-1: important: Security update for xorg-x11-server Message-ID: <20200901102033.7094FF794@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14475-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xorg-x11-server-14475=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-server-14475=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-server-14475=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-server-14475=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.29.1 xorg-x11-server-7.4-27.122.29.1 xorg-x11-server-extra-7.4-27.122.29.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-Xvnc-7.4-27.122.29.1 xorg-x11-server-7.4-27.122.29.1 xorg-x11-server-extra-7.4-27.122.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.29.1 xorg-x11-server-debugsource-7.4-27.122.29.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.29.1 xorg-x11-server-debugsource-7.4-27.122.29.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Tue Sep 1 07:14:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:14:01 +0200 (CEST) Subject: SUSE-SU-2020:2403-1: moderate: Security update for php7 Message-ID: <20200901131401.C7F3FF794@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2403-1 Rating: moderate References: #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - fix CVE-2020-7068 [bsc#1175223]: Use of freed hash key in the phar_parse_zipfile function Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2403=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2403=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.97.1 php7-debugsource-7.0.7-50.97.1 php7-devel-7.0.7-50.97.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.97.1 apache2-mod_php7-debuginfo-7.0.7-50.97.1 php7-7.0.7-50.97.1 php7-bcmath-7.0.7-50.97.1 php7-bcmath-debuginfo-7.0.7-50.97.1 php7-bz2-7.0.7-50.97.1 php7-bz2-debuginfo-7.0.7-50.97.1 php7-calendar-7.0.7-50.97.1 php7-calendar-debuginfo-7.0.7-50.97.1 php7-ctype-7.0.7-50.97.1 php7-ctype-debuginfo-7.0.7-50.97.1 php7-curl-7.0.7-50.97.1 php7-curl-debuginfo-7.0.7-50.97.1 php7-dba-7.0.7-50.97.1 php7-dba-debuginfo-7.0.7-50.97.1 php7-debuginfo-7.0.7-50.97.1 php7-debugsource-7.0.7-50.97.1 php7-dom-7.0.7-50.97.1 php7-dom-debuginfo-7.0.7-50.97.1 php7-enchant-7.0.7-50.97.1 php7-enchant-debuginfo-7.0.7-50.97.1 php7-exif-7.0.7-50.97.1 php7-exif-debuginfo-7.0.7-50.97.1 php7-fastcgi-7.0.7-50.97.1 php7-fastcgi-debuginfo-7.0.7-50.97.1 php7-fileinfo-7.0.7-50.97.1 php7-fileinfo-debuginfo-7.0.7-50.97.1 php7-fpm-7.0.7-50.97.1 php7-fpm-debuginfo-7.0.7-50.97.1 php7-ftp-7.0.7-50.97.1 php7-ftp-debuginfo-7.0.7-50.97.1 php7-gd-7.0.7-50.97.1 php7-gd-debuginfo-7.0.7-50.97.1 php7-gettext-7.0.7-50.97.1 php7-gettext-debuginfo-7.0.7-50.97.1 php7-gmp-7.0.7-50.97.1 php7-gmp-debuginfo-7.0.7-50.97.1 php7-iconv-7.0.7-50.97.1 php7-iconv-debuginfo-7.0.7-50.97.1 php7-imap-7.0.7-50.97.1 php7-imap-debuginfo-7.0.7-50.97.1 php7-intl-7.0.7-50.97.1 php7-intl-debuginfo-7.0.7-50.97.1 php7-json-7.0.7-50.97.1 php7-json-debuginfo-7.0.7-50.97.1 php7-ldap-7.0.7-50.97.1 php7-ldap-debuginfo-7.0.7-50.97.1 php7-mbstring-7.0.7-50.97.1 php7-mbstring-debuginfo-7.0.7-50.97.1 php7-mcrypt-7.0.7-50.97.1 php7-mcrypt-debuginfo-7.0.7-50.97.1 php7-mysql-7.0.7-50.97.1 php7-mysql-debuginfo-7.0.7-50.97.1 php7-odbc-7.0.7-50.97.1 php7-odbc-debuginfo-7.0.7-50.97.1 php7-opcache-7.0.7-50.97.1 php7-opcache-debuginfo-7.0.7-50.97.1 php7-openssl-7.0.7-50.97.1 php7-openssl-debuginfo-7.0.7-50.97.1 php7-pcntl-7.0.7-50.97.1 php7-pcntl-debuginfo-7.0.7-50.97.1 php7-pdo-7.0.7-50.97.1 php7-pdo-debuginfo-7.0.7-50.97.1 php7-pgsql-7.0.7-50.97.1 php7-pgsql-debuginfo-7.0.7-50.97.1 php7-phar-7.0.7-50.97.1 php7-phar-debuginfo-7.0.7-50.97.1 php7-posix-7.0.7-50.97.1 php7-posix-debuginfo-7.0.7-50.97.1 php7-pspell-7.0.7-50.97.1 php7-pspell-debuginfo-7.0.7-50.97.1 php7-shmop-7.0.7-50.97.1 php7-shmop-debuginfo-7.0.7-50.97.1 php7-snmp-7.0.7-50.97.1 php7-snmp-debuginfo-7.0.7-50.97.1 php7-soap-7.0.7-50.97.1 php7-soap-debuginfo-7.0.7-50.97.1 php7-sockets-7.0.7-50.97.1 php7-sockets-debuginfo-7.0.7-50.97.1 php7-sqlite-7.0.7-50.97.1 php7-sqlite-debuginfo-7.0.7-50.97.1 php7-sysvmsg-7.0.7-50.97.1 php7-sysvmsg-debuginfo-7.0.7-50.97.1 php7-sysvsem-7.0.7-50.97.1 php7-sysvsem-debuginfo-7.0.7-50.97.1 php7-sysvshm-7.0.7-50.97.1 php7-sysvshm-debuginfo-7.0.7-50.97.1 php7-tokenizer-7.0.7-50.97.1 php7-tokenizer-debuginfo-7.0.7-50.97.1 php7-wddx-7.0.7-50.97.1 php7-wddx-debuginfo-7.0.7-50.97.1 php7-xmlreader-7.0.7-50.97.1 php7-xmlreader-debuginfo-7.0.7-50.97.1 php7-xmlrpc-7.0.7-50.97.1 php7-xmlrpc-debuginfo-7.0.7-50.97.1 php7-xmlwriter-7.0.7-50.97.1 php7-xmlwriter-debuginfo-7.0.7-50.97.1 php7-xsl-7.0.7-50.97.1 php7-xsl-debuginfo-7.0.7-50.97.1 php7-zip-7.0.7-50.97.1 php7-zip-debuginfo-7.0.7-50.97.1 php7-zlib-7.0.7-50.97.1 php7-zlib-debuginfo-7.0.7-50.97.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.97.1 php7-pear-Archive_Tar-7.0.7-50.97.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Tue Sep 1 07:14:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:14:53 +0200 (CEST) Subject: SUSE-SU-2020:2409-1: moderate: Security update for freerdp Message-ID: <20200901131453.82542F794@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2409-1 Rating: moderate References: #1174321 Cross-References: CVE-2020-15103 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for freerdp fixes the following issues: - CVE-2020-15103: Fix integer overflow due to missing input sanitation in rdpegfx channel (bsc#1174321). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2409=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): freerdp-2.1.2-10.18.1 freerdp-debuginfo-2.1.2-10.18.1 freerdp-debugsource-2.1.2-10.18.1 freerdp-devel-2.1.2-10.18.1 libfreerdp2-2.1.2-10.18.1 libfreerdp2-debuginfo-2.1.2-10.18.1 libwinpr2-2.1.2-10.18.1 libwinpr2-debuginfo-2.1.2-10.18.1 winpr2-devel-2.1.2-10.18.1 References: https://www.suse.com/security/cve/CVE-2020-15103.html https://bugzilla.suse.com/1174321 From sle-updates at lists.suse.com Tue Sep 1 07:15:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:15:45 +0200 (CEST) Subject: SUSE-SU-2020:2404-1: moderate: Security update for php74 Message-ID: <20200901131545.B8323F794@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2404-1 Rating: moderate References: #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php74 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2404=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2404=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.6-1.8.1 php74-debugsource-7.4.6-1.8.1 php74-devel-7.4.6-1.8.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.6-1.8.1 apache2-mod_php74-debuginfo-7.4.6-1.8.1 php74-7.4.6-1.8.1 php74-bcmath-7.4.6-1.8.1 php74-bcmath-debuginfo-7.4.6-1.8.1 php74-bz2-7.4.6-1.8.1 php74-bz2-debuginfo-7.4.6-1.8.1 php74-calendar-7.4.6-1.8.1 php74-calendar-debuginfo-7.4.6-1.8.1 php74-ctype-7.4.6-1.8.1 php74-ctype-debuginfo-7.4.6-1.8.1 php74-curl-7.4.6-1.8.1 php74-curl-debuginfo-7.4.6-1.8.1 php74-dba-7.4.6-1.8.1 php74-dba-debuginfo-7.4.6-1.8.1 php74-debuginfo-7.4.6-1.8.1 php74-debugsource-7.4.6-1.8.1 php74-dom-7.4.6-1.8.1 php74-dom-debuginfo-7.4.6-1.8.1 php74-enchant-7.4.6-1.8.1 php74-enchant-debuginfo-7.4.6-1.8.1 php74-exif-7.4.6-1.8.1 php74-exif-debuginfo-7.4.6-1.8.1 php74-fastcgi-7.4.6-1.8.1 php74-fastcgi-debuginfo-7.4.6-1.8.1 php74-fileinfo-7.4.6-1.8.1 php74-fileinfo-debuginfo-7.4.6-1.8.1 php74-fpm-7.4.6-1.8.1 php74-fpm-debuginfo-7.4.6-1.8.1 php74-ftp-7.4.6-1.8.1 php74-ftp-debuginfo-7.4.6-1.8.1 php74-gd-7.4.6-1.8.1 php74-gd-debuginfo-7.4.6-1.8.1 php74-gettext-7.4.6-1.8.1 php74-gettext-debuginfo-7.4.6-1.8.1 php74-gmp-7.4.6-1.8.1 php74-gmp-debuginfo-7.4.6-1.8.1 php74-iconv-7.4.6-1.8.1 php74-iconv-debuginfo-7.4.6-1.8.1 php74-intl-7.4.6-1.8.1 php74-intl-debuginfo-7.4.6-1.8.1 php74-json-7.4.6-1.8.1 php74-json-debuginfo-7.4.6-1.8.1 php74-ldap-7.4.6-1.8.1 php74-ldap-debuginfo-7.4.6-1.8.1 php74-mbstring-7.4.6-1.8.1 php74-mbstring-debuginfo-7.4.6-1.8.1 php74-mysql-7.4.6-1.8.1 php74-mysql-debuginfo-7.4.6-1.8.1 php74-odbc-7.4.6-1.8.1 php74-odbc-debuginfo-7.4.6-1.8.1 php74-opcache-7.4.6-1.8.1 php74-opcache-debuginfo-7.4.6-1.8.1 php74-openssl-7.4.6-1.8.1 php74-openssl-debuginfo-7.4.6-1.8.1 php74-pcntl-7.4.6-1.8.1 php74-pcntl-debuginfo-7.4.6-1.8.1 php74-pdo-7.4.6-1.8.1 php74-pdo-debuginfo-7.4.6-1.8.1 php74-pgsql-7.4.6-1.8.1 php74-pgsql-debuginfo-7.4.6-1.8.1 php74-phar-7.4.6-1.8.1 php74-phar-debuginfo-7.4.6-1.8.1 php74-posix-7.4.6-1.8.1 php74-posix-debuginfo-7.4.6-1.8.1 php74-readline-7.4.6-1.8.1 php74-readline-debuginfo-7.4.6-1.8.1 php74-shmop-7.4.6-1.8.1 php74-shmop-debuginfo-7.4.6-1.8.1 php74-snmp-7.4.6-1.8.1 php74-snmp-debuginfo-7.4.6-1.8.1 php74-soap-7.4.6-1.8.1 php74-soap-debuginfo-7.4.6-1.8.1 php74-sockets-7.4.6-1.8.1 php74-sockets-debuginfo-7.4.6-1.8.1 php74-sodium-7.4.6-1.8.1 php74-sodium-debuginfo-7.4.6-1.8.1 php74-sqlite-7.4.6-1.8.1 php74-sqlite-debuginfo-7.4.6-1.8.1 php74-sysvmsg-7.4.6-1.8.1 php74-sysvmsg-debuginfo-7.4.6-1.8.1 php74-sysvsem-7.4.6-1.8.1 php74-sysvsem-debuginfo-7.4.6-1.8.1 php74-sysvshm-7.4.6-1.8.1 php74-sysvshm-debuginfo-7.4.6-1.8.1 php74-tidy-7.4.6-1.8.1 php74-tidy-debuginfo-7.4.6-1.8.1 php74-tokenizer-7.4.6-1.8.1 php74-tokenizer-debuginfo-7.4.6-1.8.1 php74-xmlreader-7.4.6-1.8.1 php74-xmlreader-debuginfo-7.4.6-1.8.1 php74-xmlrpc-7.4.6-1.8.1 php74-xmlrpc-debuginfo-7.4.6-1.8.1 php74-xmlwriter-7.4.6-1.8.1 php74-xmlwriter-debuginfo-7.4.6-1.8.1 php74-xsl-7.4.6-1.8.1 php74-xsl-debuginfo-7.4.6-1.8.1 php74-zip-7.4.6-1.8.1 php74-zip-debuginfo-7.4.6-1.8.1 php74-zlib-7.4.6-1.8.1 php74-zlib-debuginfo-7.4.6-1.8.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Tue Sep 1 07:16:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:16:36 +0200 (CEST) Subject: SUSE-SU-2020:2408-1: moderate: Security update for freerdp Message-ID: <20200901131636.1A760F794@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2408-1 Rating: moderate References: #1174321 Cross-References: CVE-2020-15103 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for freerdp fixes the following issues: - CVE-2020-15103: Fix integer overflow due to missing input sanitation in rdpegfx channel (bsc#1174321). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2408=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): freerdp-2.1.2-15.10.1 freerdp-debuginfo-2.1.2-15.10.1 freerdp-debugsource-2.1.2-15.10.1 freerdp-devel-2.1.2-15.10.1 libfreerdp2-2.1.2-15.10.1 libfreerdp2-debuginfo-2.1.2-15.10.1 libwinpr2-2.1.2-15.10.1 libwinpr2-debuginfo-2.1.2-15.10.1 winpr2-devel-2.1.2-15.10.1 References: https://www.suse.com/security/cve/CVE-2020-15103.html https://bugzilla.suse.com/1174321 From sle-updates at lists.suse.com Tue Sep 1 07:17:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:17:28 +0200 (CEST) Subject: SUSE-SU-2020:2405-1: moderate: Security update for php72 Message-ID: <20200901131728.12652F794@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2405-1 Rating: moderate References: #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php72 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2405=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2405=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.49.1 php72-debugsource-7.2.5-1.49.1 php72-devel-7.2.5-1.49.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.49.1 apache2-mod_php72-debuginfo-7.2.5-1.49.1 php72-7.2.5-1.49.1 php72-bcmath-7.2.5-1.49.1 php72-bcmath-debuginfo-7.2.5-1.49.1 php72-bz2-7.2.5-1.49.1 php72-bz2-debuginfo-7.2.5-1.49.1 php72-calendar-7.2.5-1.49.1 php72-calendar-debuginfo-7.2.5-1.49.1 php72-ctype-7.2.5-1.49.1 php72-ctype-debuginfo-7.2.5-1.49.1 php72-curl-7.2.5-1.49.1 php72-curl-debuginfo-7.2.5-1.49.1 php72-dba-7.2.5-1.49.1 php72-dba-debuginfo-7.2.5-1.49.1 php72-debuginfo-7.2.5-1.49.1 php72-debugsource-7.2.5-1.49.1 php72-dom-7.2.5-1.49.1 php72-dom-debuginfo-7.2.5-1.49.1 php72-enchant-7.2.5-1.49.1 php72-enchant-debuginfo-7.2.5-1.49.1 php72-exif-7.2.5-1.49.1 php72-exif-debuginfo-7.2.5-1.49.1 php72-fastcgi-7.2.5-1.49.1 php72-fastcgi-debuginfo-7.2.5-1.49.1 php72-fileinfo-7.2.5-1.49.1 php72-fileinfo-debuginfo-7.2.5-1.49.1 php72-fpm-7.2.5-1.49.1 php72-fpm-debuginfo-7.2.5-1.49.1 php72-ftp-7.2.5-1.49.1 php72-ftp-debuginfo-7.2.5-1.49.1 php72-gd-7.2.5-1.49.1 php72-gd-debuginfo-7.2.5-1.49.1 php72-gettext-7.2.5-1.49.1 php72-gettext-debuginfo-7.2.5-1.49.1 php72-gmp-7.2.5-1.49.1 php72-gmp-debuginfo-7.2.5-1.49.1 php72-iconv-7.2.5-1.49.1 php72-iconv-debuginfo-7.2.5-1.49.1 php72-imap-7.2.5-1.49.1 php72-imap-debuginfo-7.2.5-1.49.1 php72-intl-7.2.5-1.49.1 php72-intl-debuginfo-7.2.5-1.49.1 php72-json-7.2.5-1.49.1 php72-json-debuginfo-7.2.5-1.49.1 php72-ldap-7.2.5-1.49.1 php72-ldap-debuginfo-7.2.5-1.49.1 php72-mbstring-7.2.5-1.49.1 php72-mbstring-debuginfo-7.2.5-1.49.1 php72-mysql-7.2.5-1.49.1 php72-mysql-debuginfo-7.2.5-1.49.1 php72-odbc-7.2.5-1.49.1 php72-odbc-debuginfo-7.2.5-1.49.1 php72-opcache-7.2.5-1.49.1 php72-opcache-debuginfo-7.2.5-1.49.1 php72-openssl-7.2.5-1.49.1 php72-openssl-debuginfo-7.2.5-1.49.1 php72-pcntl-7.2.5-1.49.1 php72-pcntl-debuginfo-7.2.5-1.49.1 php72-pdo-7.2.5-1.49.1 php72-pdo-debuginfo-7.2.5-1.49.1 php72-pgsql-7.2.5-1.49.1 php72-pgsql-debuginfo-7.2.5-1.49.1 php72-phar-7.2.5-1.49.1 php72-phar-debuginfo-7.2.5-1.49.1 php72-posix-7.2.5-1.49.1 php72-posix-debuginfo-7.2.5-1.49.1 php72-pspell-7.2.5-1.49.1 php72-pspell-debuginfo-7.2.5-1.49.1 php72-readline-7.2.5-1.49.1 php72-readline-debuginfo-7.2.5-1.49.1 php72-shmop-7.2.5-1.49.1 php72-shmop-debuginfo-7.2.5-1.49.1 php72-snmp-7.2.5-1.49.1 php72-snmp-debuginfo-7.2.5-1.49.1 php72-soap-7.2.5-1.49.1 php72-soap-debuginfo-7.2.5-1.49.1 php72-sockets-7.2.5-1.49.1 php72-sockets-debuginfo-7.2.5-1.49.1 php72-sodium-7.2.5-1.49.1 php72-sodium-debuginfo-7.2.5-1.49.1 php72-sqlite-7.2.5-1.49.1 php72-sqlite-debuginfo-7.2.5-1.49.1 php72-sysvmsg-7.2.5-1.49.1 php72-sysvmsg-debuginfo-7.2.5-1.49.1 php72-sysvsem-7.2.5-1.49.1 php72-sysvsem-debuginfo-7.2.5-1.49.1 php72-sysvshm-7.2.5-1.49.1 php72-sysvshm-debuginfo-7.2.5-1.49.1 php72-tidy-7.2.5-1.49.1 php72-tidy-debuginfo-7.2.5-1.49.1 php72-tokenizer-7.2.5-1.49.1 php72-tokenizer-debuginfo-7.2.5-1.49.1 php72-wddx-7.2.5-1.49.1 php72-wddx-debuginfo-7.2.5-1.49.1 php72-xmlreader-7.2.5-1.49.1 php72-xmlreader-debuginfo-7.2.5-1.49.1 php72-xmlrpc-7.2.5-1.49.1 php72-xmlrpc-debuginfo-7.2.5-1.49.1 php72-xmlwriter-7.2.5-1.49.1 php72-xmlwriter-debuginfo-7.2.5-1.49.1 php72-xsl-7.2.5-1.49.1 php72-xsl-debuginfo-7.2.5-1.49.1 php72-zip-7.2.5-1.49.1 php72-zip-debuginfo-7.2.5-1.49.1 php72-zlib-7.2.5-1.49.1 php72-zlib-debuginfo-7.2.5-1.49.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.49.1 php72-pear-Archive_Tar-7.2.5-1.49.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Tue Sep 1 07:18:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:18:21 +0200 (CEST) Subject: SUSE-SU-2020:2407-1: important: Security update for xorg-x11-server Message-ID: <20200901131821.06E07F794@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2407-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2407=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2407=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.12.1 xorg-x11-server-debugsource-1.19.6-10.12.1 xorg-x11-server-sdk-1.19.6-10.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.12.1 xorg-x11-server-debuginfo-1.19.6-10.12.1 xorg-x11-server-debugsource-1.19.6-10.12.1 xorg-x11-server-extra-1.19.6-10.12.1 xorg-x11-server-extra-debuginfo-1.19.6-10.12.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Tue Sep 1 10:13:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:13:58 +0200 (CEST) Subject: SUSE-RU-2020:2414-1: moderate: Recommended update for SLES15-Migration Message-ID: <20200901161358.95A1CF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLES15-Migration ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2414-1 Rating: moderate References: #1173654 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SLES15-Migration fixes the following issues: - Added suse-migration-services version 2.0.13 Explicitly request python3-azuremetadata Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2414=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): SLES15-Migration-2.0.13-6 References: https://bugzilla.suse.com/1173654 From sle-updates at lists.suse.com Tue Sep 1 10:14:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:14:48 +0200 (CEST) Subject: SUSE-RU-2020:2415-1: moderate: Recommended update for python-kiwi Message-ID: <20200901161448.832B7F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2415-1 Rating: moderate References: #1096738 #1165730 #1172908 #1173226 #1173356 #1174009 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for python-kiwi contains the following fixes: - Bump version up to 9.21.7: This version upgrade includes several fixes: * Skip filesystem check for XFS prior xfs_grow running xfs_repair check isn't strictly necessary before resizing, and in some cases it may even prevent resizing by giving an error that would be cleared through mounting the fs (e.g. when the fs wasn't cleanly umounted, and thus letting xfs recover and replay its journal). Given that xfs can only grow online (while being mounted), this is sufficient to ensure that the fs is in a state where it can be resized. This is related to bsc#1174009. (bsc#1174009) * Fixed grub setup in EFI/BOOT directory kiwi copied the same grub.cfg file as it exists in boot/grub2 to the efi path. This is wrong as the setup in the efi boot directory is used to enable normal grub loading and not providing the user grub configuration. In addition the changes here makes sure that the early grub boot code is placed into the system in any EFI case except for secure boot when shim-install is present. If shim-install is present it also creates the early grub boot setup such that kiwi doesn't have to do it. This Fixes #1491 and Fixes bsc#1172908. (bsc#1172908) * Use rsync in inplace transfer mode Using the --inplace option in rsync helps to save space on syncing the rootfs data and prevents e.g OBS workers from running out of VM space when transfering root filesystem data. Also using --inplace allows to keep hardlinks intact. This is related to bsc#1096738. (bsc#1096738) * Don't keep copy of grub2-install in the system To prevent shim-install from calling grub2-install in uefi mode kiwi temporary replaces the tool by a noop. This acts as a workaround for an issue in shim-install. However the workaround left a file copy of grub2-install in the system which should not happen. This commit Fixes bsc#1173226 and Fixes #1490. (bsc#1173226) * Fixes live ISOs This commit fixes iso images. Due to a change introduced in c7ed1cf live ISOs were no longer booting as the rootfs.img filesystem was copied to the squashfs container while being still mounted. Because of that, at boot time, it refused to mount. This commit adds umount method for the filesystem base class, so it can be umounted before deleting the instance. Fixes #1489 and bsc#1173356. (bsc#1173356) * Support grub timeout_style parameter Grub supports a style setting that influences the display of the menu depending on the configured timeout value. With this patch kiwi allows to specify the style via a new bootloader parameter named timeout_style="hidden|countdown". If not set the grub default applies which shows the menu in any case. This Fixes bsc#1165730 and Fixes #1404. (bsc#1165730) * Use auto video mode as default for grub An explicit video mode 800x600 was used for grub if no video mode setup exists in the XML description. For grub this should better result in the auto mode. Related to bsc#1165730. (bsc#1165730) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2415=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2415=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.21.7-3.24.2 dracut-kiwi-live-9.21.7-3.24.2 dracut-kiwi-oem-dump-9.21.7-3.24.2 dracut-kiwi-oem-repart-9.21.7-3.24.2 dracut-kiwi-overlay-9.21.7-3.24.2 kiwi-man-pages-9.21.7-3.24.2 kiwi-tools-9.21.7-3.24.2 kiwi-tools-debuginfo-9.21.7-3.24.2 python-kiwi-debugsource-9.21.7-3.24.2 python3-kiwi-9.21.7-3.24.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): kiwi-pxeboot-9.21.7-3.24.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.21.7-3.24.2 dracut-kiwi-live-9.21.7-3.24.2 dracut-kiwi-oem-dump-9.21.7-3.24.2 dracut-kiwi-oem-repart-9.21.7-3.24.2 dracut-kiwi-overlay-9.21.7-3.24.2 kiwi-man-pages-9.21.7-3.24.2 kiwi-tools-9.21.7-3.24.2 kiwi-tools-debuginfo-9.21.7-3.24.2 python-kiwi-debugsource-9.21.7-3.24.2 python3-kiwi-9.21.7-3.24.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): kiwi-pxeboot-9.21.7-3.24.2 References: https://bugzilla.suse.com/1096738 https://bugzilla.suse.com/1165730 https://bugzilla.suse.com/1172908 https://bugzilla.suse.com/1173226 https://bugzilla.suse.com/1173356 https://bugzilla.suse.com/1174009 From sle-updates at lists.suse.com Tue Sep 1 10:17:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:17:54 +0200 (CEST) Subject: SUSE-RU-2020:2426-1: Recommended update for sysstat Message-ID: <20200901161754.2BD93F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2426-1 Rating: low References: #1173593 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat fixes the following issue: - sysstat was rebuild with a higher release number to adjust against other released 12 SP5 images, where the release number was too high. (bsc#1173593) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2426=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-20.8.1 sysstat-debuginfo-12.0.2-20.8.1 sysstat-debugsource-12.0.2-20.8.1 sysstat-isag-12.0.2-20.8.1 References: https://bugzilla.suse.com/1173593 From sle-updates at lists.suse.com Tue Sep 1 10:18:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:18:45 +0200 (CEST) Subject: SUSE-RU-2020:2416-1: moderate: Recommended update for python3-ec2imgutils Message-ID: <20200901161845.1E789F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-ec2imgutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2416-1 Rating: moderate References: #1172579 #1172948 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-ec2imgutils contains the following fixes: - Fixed an error, when an image gets deprecated using its name (bsc#1172948) - Added new utility ec2listimg to list images owned by the specified account - Fixed an error when an image is not allowed to be copied and shared with a specific account (bsc#1172579) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2416=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2416=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-ec2imgutils-9.0.0-3.17.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-ec2imgutils-9.0.0-3.17.1 References: https://bugzilla.suse.com/1172579 https://bugzilla.suse.com/1172948 From sle-updates at lists.suse.com Tue Sep 1 10:19:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:19:41 +0200 (CEST) Subject: SUSE-RU-2020:2424-1: moderate: Recommended update for yast2-rmt Message-ID: <20200901161941.29863F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-rmt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2424-1 Rating: moderate References: #1171555 #1172674 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-rmt fixes the following issues: - Handle Common Name length. (bsc#1172674) - Changed placeholders in translatable strings to support better the 'gettext' language format tags. (bsc#1171555) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2424=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): yast2-rmt-1.3.2-3.3.1 References: https://bugzilla.suse.com/1171555 https://bugzilla.suse.com/1172674 From sle-updates at lists.suse.com Tue Sep 1 10:20:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:20:38 +0200 (CEST) Subject: SUSE-RU-2020:2421-1: moderate: Recommended update for 389-ds Message-ID: <20200901162038.38BB7F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2421-1 Rating: moderate References: #1174057 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for 389-ds fixes the following issues: Update from version 1.4.2.14~git0.5ac5b02ce to version 1.4.2.16~git0.92afa2ea7: - Resolve upstream stability and fix rollup. (bsc#1174057) - dsidm ou delete fails - add more logconv stats for the new access log keywords - add new access log keywords for wtime and optime - Fix Allowed and Denied Ciphers lists - WebUI - UI - attr uniqueness - selecting empty subtree crashes cockpit - log warning when thread number is very different from autotuned value - Reindex task may create abandoned index file - Log an error when a search is fully unindexed - fix SLE15.2 install issps - dsctl fails with instance names that contain slapd- - Memory leaks in disk monitoring - Set the default minimum worker threads - Correct numSubordinates value for cn=monitor - dsctl and dsidm do not errors correctly when using JSON - Winsync setting winSyncWindowsFilter not working as expected - improve autotune defaults - Add option to healthcheck to list all the lint reports - UI - improve modal validation when creating an instance Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2421=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.2.16~git0.92afa2ea7-7.25.1 389-ds-debuginfo-1.4.2.16~git0.92afa2ea7-7.25.1 389-ds-debugsource-1.4.2.16~git0.92afa2ea7-7.25.1 389-ds-devel-1.4.2.16~git0.92afa2ea7-7.25.1 389-ds-snmp-1.4.2.16~git0.92afa2ea7-7.25.1 389-ds-snmp-debuginfo-1.4.2.16~git0.92afa2ea7-7.25.1 lib389-1.4.2.16~git0.92afa2ea7-7.25.1 libsvrcore0-1.4.2.16~git0.92afa2ea7-7.25.1 libsvrcore0-debuginfo-1.4.2.16~git0.92afa2ea7-7.25.1 References: https://bugzilla.suse.com/1174057 From sle-updates at lists.suse.com Tue Sep 1 10:21:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:21:27 +0200 (CEST) Subject: SUSE-RU-2020:2413-1: moderate: Recommended update for 389-ds Message-ID: <20200901162127.7C0BBF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2413-1 Rating: moderate References: #1174057 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for 389-ds fixes the following issues: Update from version 1.4.3.9~git0.3eb8617f6 to version 1.4.3.12~git0.9bc042902 - It should not be allowed to delete Managed Entry manually - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version - Fix instance name length for interactive install - JSON Error output has redundant messages - If dbhome directory is set online backup fails - Separate the BDB backend monitors - entryUSN is duplicated after memberOf operation - Fix disk_mon_check_diskspace types - Resolve upstream stability and fix rollup. (bsc#1174057) - Add option to reject internal unindexed searches - dsidm ou delete fails - add more logconv stats for the new access log keywords - db2ldif crashes when LDIF file can't be accessed - add new access log keywords for wtime and optime - Fix Allowed and Denied Ciphers lists - WebUI - UI - attr uniqueness - selecting empty subtree crashes cockpit - log warning when thread number is very different from autotuned value - Reindex task may create abandoned index file - Log an error when a search is fully unindexed - fix SLE15.2 install issps - dsctl fails with instance names that contain slapd- - Memory leaks in disk monitoring - nsIndexIDListScanLimit accepts any value - A distinguished value can be missing in an entry - Healthcheck should look for notes=A/F in access log - Set the default minimum worker threads - pwdReset can be modified by a user - Correct numSubordinates value for cn=monitor - dsctl and dsidm do not errors correctly when using JSON - Winsync setting winSyncWindowsFilter not working as expected - improve autotune defaults - Add option to healthcheck to list all the lint reports - UI - improve modal validation when creating an instance Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2413=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.3.12~git0.9bc042902-3.6.1 389-ds-debuginfo-1.4.3.12~git0.9bc042902-3.6.1 389-ds-debugsource-1.4.3.12~git0.9bc042902-3.6.1 389-ds-devel-1.4.3.12~git0.9bc042902-3.6.1 lib389-1.4.3.12~git0.9bc042902-3.6.1 libsvrcore0-1.4.3.12~git0.9bc042902-3.6.1 libsvrcore0-debuginfo-1.4.3.12~git0.9bc042902-3.6.1 References: https://bugzilla.suse.com/1174057 From sle-updates at lists.suse.com Tue Sep 1 10:25:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:25:14 +0200 (CEST) Subject: SUSE-RU-2020:2412-1: moderate: Recommended update for icewm-theme-branding Message-ID: <20200901162514.C4F67F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for icewm-theme-branding ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2412-1 Rating: moderate References: #1170420 #1173441 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for icewm-theme-branding fixes the following issue: - Fixed obsoletion of *icewm-config-upstream*. (bsc#1173441, bsc#1170420) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2412=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2412=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): icewm-theme-branding-1.2.4-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): icewm-theme-branding-1.2.4-3.12.1 References: https://bugzilla.suse.com/1170420 https://bugzilla.suse.com/1173441 From sle-updates at lists.suse.com Tue Sep 1 10:26:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:26:12 +0200 (CEST) Subject: SUSE-RU-2020:2410-1: Recommended update for pam Message-ID: <20200901162612.42F4DF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2410-1 Rating: low References: #1173593 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of pam fixes the following issue: - On some SUSE Linux Enterprise 12 SP5 based media from build.suse.com a pam version with a higher release number than the last update of pam was delivered. This update releases pam with a higher release number to align it with this media. (bsc#1173593) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2410=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2410=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): pam-debuginfo-1.1.8-24.33.1 pam-debugsource-1.1.8-24.33.1 pam-devel-1.1.8-24.33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): pam-1.1.8-24.33.1 pam-debuginfo-1.1.8-24.33.1 pam-debugsource-1.1.8-24.33.1 pam-extra-1.1.8-24.33.1 pam-extra-debuginfo-1.1.8-24.33.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): pam-32bit-1.1.8-24.33.1 pam-debuginfo-32bit-1.1.8-24.33.1 pam-extra-32bit-1.1.8-24.33.1 pam-extra-debuginfo-32bit-1.1.8-24.33.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): pam-doc-1.1.8-24.33.1 References: https://bugzilla.suse.com/1173593 From sle-updates at lists.suse.com Tue Sep 1 10:27:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:27:03 +0200 (CEST) Subject: SUSE-RU-2020:2418-1: moderate: Recommended update for golang-github-digitalocean-ceph_exporter Message-ID: <20200901162703.60856F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-digitalocean-ceph_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2418-1 Rating: moderate References: #1172772 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-digitalocean-ceph_exporter fixes the following issues: - Fix degraded/misplaced object count (bsc#1172772) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2418=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): golang-github-digitalocean-ceph_exporter-2.0.1+git20200709.6dd161d-4.12.1 References: https://bugzilla.suse.com/1172772 From sle-updates at lists.suse.com Tue Sep 1 10:29:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:29:52 +0200 (CEST) Subject: SUSE-RU-2020:2422-1: moderate: Recommended update for yast2-rmt Message-ID: <20200901162952.86838F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-rmt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2422-1 Rating: moderate References: #1171555 #1172674 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-rmt fixes the following issues: - Handle Common Name length. (bsc#1172674) - Changed placeholders in translatable strings to support better the 'gettext' language format tags. (bsc#1171555) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2422=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2422=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2422=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2422=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): yast2-rmt-1.3.2-3.24.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): yast2-rmt-1.3.2-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): yast2-rmt-1.3.2-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): yast2-rmt-1.3.2-3.24.1 References: https://bugzilla.suse.com/1171555 https://bugzilla.suse.com/1172674 From sle-updates at lists.suse.com Tue Sep 1 10:30:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:30:57 +0200 (CEST) Subject: SUSE-RU-2020:2425-1: moderate: Recommended update for nfs-utils Message-ID: <20200901163057.7809EF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2425-1 Rating: moderate References: #1174260 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nfs-utils fixes the following issues: - Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2425=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2425=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.7.2 nfs-client-debuginfo-2.1.1-10.7.2 nfs-doc-2.1.1-10.7.2 nfs-kernel-server-2.1.1-10.7.2 nfs-kernel-server-debuginfo-2.1.1-10.7.2 nfs-utils-debuginfo-2.1.1-10.7.2 nfs-utils-debugsource-2.1.1-10.7.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.7.2 nfs-client-debuginfo-2.1.1-10.7.2 nfs-doc-2.1.1-10.7.2 nfs-kernel-server-2.1.1-10.7.2 nfs-kernel-server-debuginfo-2.1.1-10.7.2 nfs-utils-debuginfo-2.1.1-10.7.2 nfs-utils-debugsource-2.1.1-10.7.2 References: https://bugzilla.suse.com/1174260 From sle-updates at lists.suse.com Tue Sep 1 10:31:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:31:49 +0200 (CEST) Subject: SUSE-RU-2020:2420-1: moderate: Recommended update for zlib Message-ID: <20200901163149.C5CC2F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2420-1 Rating: moderate References: #1174551 #1174736 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2420=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2420=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2420=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2420=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): zlib-debugsource-1.2.11-3.15.1 zlib-devel-32bit-1.2.11-3.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): zlib-debugsource-1.2.11-3.15.1 zlib-devel-32bit-1.2.11-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.15.1 libminizip1-debuginfo-1.2.11-3.15.1 libz1-1.2.11-3.15.1 libz1-debuginfo-1.2.11-3.15.1 minizip-devel-1.2.11-3.15.1 zlib-debugsource-1.2.11-3.15.1 zlib-devel-1.2.11-3.15.1 zlib-devel-static-1.2.11-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libz1-32bit-1.2.11-3.15.1 libz1-32bit-debuginfo-1.2.11-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.15.1 libminizip1-debuginfo-1.2.11-3.15.1 libz1-1.2.11-3.15.1 libz1-debuginfo-1.2.11-3.15.1 minizip-devel-1.2.11-3.15.1 zlib-debugsource-1.2.11-3.15.1 zlib-devel-1.2.11-3.15.1 zlib-devel-static-1.2.11-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libz1-32bit-1.2.11-3.15.1 libz1-32bit-debuginfo-1.2.11-3.15.1 References: https://bugzilla.suse.com/1174551 https://bugzilla.suse.com/1174736 From sle-updates at lists.suse.com Tue Sep 1 10:32:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:32:48 +0200 (CEST) Subject: SUSE-RU-2020:2419-1: moderate: Recommended update for yast2-storage-ng Message-ID: <20200901163248.C55C4F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2419-1 Rating: moderate References: #1110413 #1115749 #1145269 #1172026 #1172548 #1173793 #1174469 #1174475 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for autoyast2, yast2-storage-ng and libstorage-ng provides the following fixes: Fixes in autoyast2: - Fix 'autoyast' and 'clone_system' command line interfaces (bsc#1172548): * autoyast: Add a list-modules command to list all known modules. * autoyast: Display the correct client name in the help text. * autoyast: 'file' and 'module' command are now equivalent. Both of them support setting 'filename' and 'modname' arguments. * clone_system: Add a 'filename' option instead of always using '/root/autoinst.xml'. * clone_system: Move the logic to find the clonable modules. - Move pre-scripts to the autoinit client running them just after the profile has been processed. (bsc#1110413) - Do not remove interfaces configuration by default when there is not networking section defined in the profile. (bsc#1173793) - Export ntp_policy as CDATA so that empty strings are preserved for the second_stage. (bsc#1172026) - Saving log files of postpartitioning-scripts. (bsc#1145269) Fixes in yast2-storage-ng and libstorage-ng: - Fixed detection of shadowed subvolumes for roles using separate LVM volume groups for each filesystem. (bsc#1174475) - AutoinstProposal now properly reports the proposal as failed when it fails to find the disks. (bsc#1174469) - AutoYaST: do not append a suffix to LVM Volume Group names unless it is needed. (bsc#1115749) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2419=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2419=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2020-2419=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.2.76-3.5.4 libstorage-ng-debugsource-4.2.76-3.5.4 libstorage-ng-utils-4.2.76-3.5.4 libstorage-ng-utils-debuginfo-4.2.76-3.5.4 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.2.76-3.5.4 libstorage-ng-debugsource-4.2.76-3.5.4 libstorage-ng-devel-4.2.76-3.5.4 libstorage-ng-ruby-4.2.76-3.5.4 libstorage-ng-ruby-debuginfo-4.2.76-3.5.4 libstorage-ng1-4.2.76-3.5.4 libstorage-ng1-debuginfo-4.2.76-3.5.4 yast2-storage-ng-4.2.113-3.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): autoyast2-4.2.42-3.3.1 autoyast2-installation-4.2.42-3.3.1 libstorage-ng-lang-4.2.76-3.5.4 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-ruby-4.2.76-3.5.4 libstorage-ng1-4.2.76-3.5.4 yast2-storage-ng-4.2.113-3.11.2 - SUSE Linux Enterprise Installer 15-SP2 (noarch): autoyast2-4.2.42-3.3.1 References: https://bugzilla.suse.com/1110413 https://bugzilla.suse.com/1115749 https://bugzilla.suse.com/1145269 https://bugzilla.suse.com/1172026 https://bugzilla.suse.com/1172548 https://bugzilla.suse.com/1173793 https://bugzilla.suse.com/1174469 https://bugzilla.suse.com/1174475 From sle-updates at lists.suse.com Tue Sep 1 10:34:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:34:37 +0200 (CEST) Subject: SUSE-RU-2020:2411-1: moderate: Recommended update for systemd Message-ID: <20200901163437.6A0F9F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2411-1 Rating: moderate References: #1142733 #1146991 #1158336 #1172195 #1172824 #1173539 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2411=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2411=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-2411=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.58.1 libsystemd0-debuginfo-234-24.58.1 libudev-devel-234-24.58.1 libudev1-234-24.58.1 libudev1-debuginfo-234-24.58.1 systemd-234-24.58.1 systemd-container-234-24.58.1 systemd-container-debuginfo-234-24.58.1 systemd-coredump-234-24.58.1 systemd-coredump-debuginfo-234-24.58.1 systemd-debuginfo-234-24.58.1 systemd-debugsource-234-24.58.1 systemd-devel-234-24.58.1 systemd-sysvinit-234-24.58.1 udev-234-24.58.1 udev-debuginfo-234-24.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libsystemd0-32bit-234-24.58.1 libsystemd0-32bit-debuginfo-234-24.58.1 libudev1-32bit-234-24.58.1 libudev1-32bit-debuginfo-234-24.58.1 systemd-32bit-234-24.58.1 systemd-32bit-debuginfo-234-24.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-bash-completion-234-24.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.58.1 libsystemd0-debuginfo-234-24.58.1 libudev-devel-234-24.58.1 libudev1-234-24.58.1 libudev1-debuginfo-234-24.58.1 systemd-234-24.58.1 systemd-container-234-24.58.1 systemd-container-debuginfo-234-24.58.1 systemd-coredump-234-24.58.1 systemd-coredump-debuginfo-234-24.58.1 systemd-debuginfo-234-24.58.1 systemd-debugsource-234-24.58.1 systemd-devel-234-24.58.1 systemd-sysvinit-234-24.58.1 udev-234-24.58.1 udev-debuginfo-234-24.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): systemd-bash-completion-234-24.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libsystemd0-32bit-234-24.58.1 libsystemd0-32bit-debuginfo-234-24.58.1 libudev1-32bit-234-24.58.1 libudev1-32bit-debuginfo-234-24.58.1 systemd-32bit-234-24.58.1 systemd-32bit-debuginfo-234-24.58.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libudev1-234-24.58.1 systemd-234-24.58.1 systemd-sysvinit-234-24.58.1 udev-234-24.58.1 References: https://bugzilla.suse.com/1142733 https://bugzilla.suse.com/1146991 https://bugzilla.suse.com/1158336 https://bugzilla.suse.com/1172195 https://bugzilla.suse.com/1172824 https://bugzilla.suse.com/1173539 From sle-updates at lists.suse.com Tue Sep 1 10:36:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:36:05 +0200 (CEST) Subject: SUSE-RU-2020:2423-1: moderate: Recommended update for yast2-rmt Message-ID: <20200901163605.01A93F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-rmt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2423-1 Rating: moderate References: #1171555 #1172674 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-rmt fixes the following issues: - Handle Common Name length. (bsc#1172674) - Changed placeholders in translatable strings to support better the 'gettext' language format tags. (bsc#1171555) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2423=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): yast2-rmt-1.3.2-3.8.1 References: https://bugzilla.suse.com/1171555 https://bugzilla.suse.com/1172674 From sle-updates at lists.suse.com Tue Sep 1 13:13:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 21:13:29 +0200 (CEST) Subject: SUSE-RU-2020:2427-1: important: Recommended update for openwsman Message-ID: <20200901191329.0D656F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for openwsman ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2427-1 Rating: important References: #1157655 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openwsman fixes the following issues: - Prevent libcurl from uninitializing global state of OpenSSL library. (bsc#1157655) - Prepare OpenSSL library for threaded operation. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2427=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2427=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2427=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2427=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2427=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2427=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2427=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2427=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2427=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2427=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2427=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2427=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2427=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2427=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2427=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2427=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2427=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE OpenStack Cloud 9 (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE OpenStack Cloud 8 (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libwsman-devel-2.4.11-21.11.1 libwsman_clientpp-devel-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-python-2.4.11-21.11.1 openwsman-python-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - HPE Helion Openstack 8 (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 References: https://bugzilla.suse.com/1157655 From sle-updates at lists.suse.com Tue Sep 1 19:13:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:13:44 +0200 (CEST) Subject: SUSE-RU-2020:2429-1: moderate: Recommended update for oracleasm Message-ID: <20200902011344.AC606F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2429-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2429=1 - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-2429=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.51-7.11.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.51-7.11.2 - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): oracleasm-kmp-rt-2.0.8_k4.12.14_14.23-7.11.2 oracleasm-kmp-rt-debuginfo-2.0.8_k4.12.14_14.23-7.11.2 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:14:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:14:32 +0200 (CEST) Subject: SUSE-RU-2020:2430-1: moderate: Recommended update for oracleasm Message-ID: <20200902011432.A41FFF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2430-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2430=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2430=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2430=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2430=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150.55-4.5.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.55-4.5.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): oracleasm-kmp-default-2.0.8_k4.12.14_150.55-4.5.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.55-4.5.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150.55-4.5.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.55-4.5.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150.55-4.5.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.55-4.5.2 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:15:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:15:25 +0200 (CEST) Subject: SUSE-RU-2020:2428-1: moderate: Recommended update for ca-certificates-mozilla Message-ID: <20200902011525.CD832F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2428-1 Rating: moderate References: #1174673 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: - AddTrust External CA Root - AddTrust Class 1 CA Root - LuxTrust Global Root 2 - Staat der Nederlanden Root CA - G2 - Symantec Class 1 Public Primary Certification Authority - G4 - Symantec Class 2 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: - certSIGN Root CA G2 - e-Szigno Root CA 2017 - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2428=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2428=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2428=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2428=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2428=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2428=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2428=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2428=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2428=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2428=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2428=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2428=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2428=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2428=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2428=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2428=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE OpenStack Cloud 9 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE OpenStack Cloud 8 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE OpenStack Cloud 7 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Enterprise Storage 5 (noarch): ca-certificates-mozilla-2.42-12.28.1 - HPE Helion Openstack 8 (noarch): ca-certificates-mozilla-2.42-12.28.1 References: https://bugzilla.suse.com/1174673 From sle-updates at lists.suse.com Tue Sep 1 19:16:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:16:21 +0200 (CEST) Subject: SUSE-RU-2020:2441-1: moderate: Recommended update for avahi Message-ID: <20200902011621.135C2F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2441-1 Rating: moderate References: #1154063 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2441=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2441=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2441=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2441=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2441=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2441=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 python3-avahi-0.7-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 python3-avahi-0.7-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.7-3.3.1 avahi-autoipd-debuginfo-0.7-3.3.1 avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 avahi-glib2-debugsource-0.7-3.3.1 avahi-utils-gtk-0.7-3.3.1 avahi-utils-gtk-debuginfo-0.7-3.3.1 libavahi-gobject-devel-0.7-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.7-3.3.1 avahi-autoipd-debuginfo-0.7-3.3.1 avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 avahi-glib2-debugsource-0.7-3.3.1 avahi-utils-gtk-0.7-3.3.1 avahi-utils-gtk-debuginfo-0.7-3.3.1 libavahi-gobject-devel-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-0.7-3.3.1 avahi-compat-howl-devel-0.7-3.3.1 avahi-compat-mDNSResponder-devel-0.7-3.3.1 avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 avahi-glib2-debugsource-0.7-3.3.1 avahi-utils-0.7-3.3.1 avahi-utils-debuginfo-0.7-3.3.1 libavahi-client3-0.7-3.3.1 libavahi-client3-debuginfo-0.7-3.3.1 libavahi-common3-0.7-3.3.1 libavahi-common3-debuginfo-0.7-3.3.1 libavahi-core7-0.7-3.3.1 libavahi-core7-debuginfo-0.7-3.3.1 libavahi-devel-0.7-3.3.1 libavahi-glib-devel-0.7-3.3.1 libavahi-glib1-0.7-3.3.1 libavahi-glib1-debuginfo-0.7-3.3.1 libavahi-gobject0-0.7-3.3.1 libavahi-gobject0-debuginfo-0.7-3.3.1 libavahi-ui-gtk3-0-0.7-3.3.1 libavahi-ui-gtk3-0-debuginfo-0.7-3.3.1 libavahi-ui0-0.7-3.3.1 libavahi-ui0-debuginfo-0.7-3.3.1 libdns_sd-0.7-3.3.1 libdns_sd-debuginfo-0.7-3.3.1 libhowl0-0.7-3.3.1 libhowl0-debuginfo-0.7-3.3.1 typelib-1_0-Avahi-0_6-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): avahi-32bit-debuginfo-0.7-3.3.1 libavahi-client3-32bit-0.7-3.3.1 libavahi-client3-32bit-debuginfo-0.7-3.3.1 libavahi-common3-32bit-0.7-3.3.1 libavahi-common3-32bit-debuginfo-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): avahi-lang-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): avahi-0.7-3.3.1 avahi-compat-howl-devel-0.7-3.3.1 avahi-compat-mDNSResponder-devel-0.7-3.3.1 avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 avahi-glib2-debugsource-0.7-3.3.1 avahi-utils-0.7-3.3.1 avahi-utils-debuginfo-0.7-3.3.1 libavahi-client3-0.7-3.3.1 libavahi-client3-debuginfo-0.7-3.3.1 libavahi-common3-0.7-3.3.1 libavahi-common3-debuginfo-0.7-3.3.1 libavahi-core7-0.7-3.3.1 libavahi-core7-debuginfo-0.7-3.3.1 libavahi-devel-0.7-3.3.1 libavahi-glib-devel-0.7-3.3.1 libavahi-glib1-0.7-3.3.1 libavahi-glib1-debuginfo-0.7-3.3.1 libavahi-gobject0-0.7-3.3.1 libavahi-gobject0-debuginfo-0.7-3.3.1 libavahi-ui-gtk3-0-0.7-3.3.1 libavahi-ui-gtk3-0-debuginfo-0.7-3.3.1 libavahi-ui0-0.7-3.3.1 libavahi-ui0-debuginfo-0.7-3.3.1 libdns_sd-0.7-3.3.1 libdns_sd-debuginfo-0.7-3.3.1 libhowl0-0.7-3.3.1 libhowl0-debuginfo-0.7-3.3.1 typelib-1_0-Avahi-0_6-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): avahi-lang-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): avahi-32bit-debuginfo-0.7-3.3.1 libavahi-client3-32bit-0.7-3.3.1 libavahi-client3-32bit-debuginfo-0.7-3.3.1 libavahi-common3-32bit-0.7-3.3.1 libavahi-common3-32bit-debuginfo-0.7-3.3.1 References: https://bugzilla.suse.com/1154063 From sle-updates at lists.suse.com Tue Sep 1 19:17:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:17:10 +0200 (CEST) Subject: SUSE-RU-2020:2436-1: moderate: Recommended update for oracleasm Message-ID: <20200902011710.0D2B9F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2436-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP4: zypper in -t patch SUSE-SLE-RT-12-SP4-2020-2436=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP4 (x86_64): oracleasm-kmp-rt-2.0.8_k4.12.14_8.24-3.5.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:17:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:17:55 +0200 (CEST) Subject: SUSE-RU-2020:2435-1: moderate: Recommended update for oracleasm Message-ID: <20200902011755.592CEF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2435-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2020-2435=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): oracleasm-kmp-rt-2.0.8_k4.12.14_10.9-4.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:18:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:18:43 +0200 (CEST) Subject: SUSE-RU-2020:2440-1: moderate: Recommended update for libmaxminddb Message-ID: <20200902011843.6018CF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for libmaxminddb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2440-1 Rating: moderate References: #1175006 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libmaxminddb fixes the following issues: - update to 1.4.3: * Use of uninitialized memory in dump_entry_data_list() could have cause a heap buffer flow in mmdblookup [bsc#1175006] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2440=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2440=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2440=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2440=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2440=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2440=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libmaxminddb0-32bit-1.4.3-1.6.1 libmaxminddb0-32bit-debuginfo-1.4.3-1.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 mmdblookup-debuginfo-1.4.3-1.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libmaxminddb0-32bit-1.4.3-1.6.1 libmaxminddb0-32bit-debuginfo-1.4.3-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libmaxminddb0-32bit-1.4.3-1.6.1 libmaxminddb0-32bit-debuginfo-1.4.3-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libmaxminddb0-32bit-1.4.3-1.6.1 libmaxminddb0-32bit-debuginfo-1.4.3-1.6.1 References: https://bugzilla.suse.com/1175006 From sle-updates at lists.suse.com Tue Sep 1 19:19:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:19:32 +0200 (CEST) Subject: SUSE-RU-2020:2437-1: moderate: Recommended update for drbd Message-ID: <20200902011932.3DF9BF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2437-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2020-2437=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): drbd-kmp-rt-9.0.14+git.62f906cf_k4.12.14_10.9-4.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:20:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:20:19 +0200 (CEST) Subject: SUSE-RU-2020:2432-1: moderate: Recommended update for oracleasm Message-ID: <20200902012019.24A3AF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2432-1 Rating: moderate References: #1174543 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2432=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2432=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2432=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2432=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): oracleasm-kmp-default-2.0.8_k4.4.121_92.138-8.2.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.121_92.138-8.2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.4.121_92.138-8.2.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.121_92.138-8.2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.4.121_92.138-8.2.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.121_92.138-8.2.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): oracleasm-kmp-default-2.0.8_k4.4.121_92.138-8.2.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.121_92.138-8.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:21:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:21:05 +0200 (CEST) Subject: SUSE-RU-2020:2438-1: moderate: Recommended update for drbd Message-ID: <20200902012105.22E08F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2438-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP4: zypper in -t patch SUSE-SLE-RT-12-SP4-2020-2438=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP4 (x86_64): drbd-kmp-rt-9.0.14+git.62f906cf_k4.12.14_8.24-3.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:21:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:21:54 +0200 (CEST) Subject: SUSE-RU-2020:14478-1: moderate: Recommended update for mozilla-nss Message-ID: <20200902012154.75103F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14478-1 Rating: moderate References: #1168669 #1173767 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mozilla-nss fixes the following issues: - Deactivate HW optimizations on ppc that caused "Illegal instructions" on usage (bsc#1173767) - Add "-O1" flag to s390, ppc and ppc64 because of OOM-kills - avoid spurious initialization attempt of global RNG (bsc#1168669). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mozilla-nss-14478=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mozilla-nss-14478=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mozilla-nss-14478=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mozilla-nss-14478=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libfreebl3-3.53.1-47.12.1 libsoftokn3-3.53.1-47.12.1 mozilla-nss-3.53.1-47.12.1 mozilla-nss-certs-3.53.1-47.12.1 mozilla-nss-devel-3.53.1-47.12.1 mozilla-nss-tools-3.53.1-47.12.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libfreebl3-32bit-3.53.1-47.12.1 libsoftokn3-32bit-3.53.1-47.12.1 mozilla-nss-32bit-3.53.1-47.12.1 mozilla-nss-certs-32bit-3.53.1-47.12.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libfreebl3-3.53.1-47.12.1 libsoftokn3-3.53.1-47.12.1 mozilla-nss-3.53.1-47.12.1 mozilla-nss-tools-3.53.1-47.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mozilla-nss-debuginfo-3.53.1-47.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mozilla-nss-debuginfo-3.53.1-47.12.1 References: https://bugzilla.suse.com/1168669 https://bugzilla.suse.com/1173767 From sle-updates at lists.suse.com Tue Sep 1 19:22:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:22:56 +0200 (CEST) Subject: SUSE-RU-2020:2439-1: moderate: Recommended update for avahi Message-ID: <20200902012256.897E5F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2439-1 Rating: moderate References: #1154063 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2439=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2439=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2439=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2439=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2439=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2439=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2439=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2439=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2439=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2439=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2439=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2439=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2439=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2439=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2439=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2439=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2439=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2439=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE OpenStack Cloud 9 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE OpenStack Cloud 9 (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE OpenStack Cloud 8 (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE OpenStack Cloud 8 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE OpenStack Cloud 7 (s390x x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE OpenStack Cloud 7 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): avahi-glib2-debugsource-0.6.32-32.9.1 libavahi-gobject0-0.6.32-32.9.1 libavahi-gobject0-debuginfo-0.6.32-32.9.1 libavahi-ui-gtk3-0-0.6.32-32.9.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.9.1 libavahi-ui0-0.6.32-32.9.1 libavahi-ui0-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): avahi-compat-howl-devel-0.6.32-32.9.1 avahi-compat-mDNSResponder-devel-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 libavahi-devel-0.6.32-32.9.1 libavahi-glib-devel-0.6.32-32.9.1 libavahi-gobject-devel-0.6.32-32.9.1 libavahi-gobject0-0.6.32-32.9.1 libavahi-gobject0-debuginfo-0.6.32-32.9.1 libavahi-ui-gtk3-0-0.6.32-32.9.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.9.1 libavahi-ui0-0.6.32-32.9.1 libavahi-ui0-debuginfo-0.6.32-32.9.1 libhowl0-0.6.32-32.9.1 libhowl0-debuginfo-0.6.32-32.9.1 python-avahi-0.6.32-32.9.1 typelib-1_0-Avahi-0_6-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Enterprise Storage 5 (x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Enterprise Storage 5 (noarch): avahi-lang-0.6.32-32.9.1 - HPE Helion Openstack 8 (noarch): avahi-lang-0.6.32-32.9.1 - HPE Helion Openstack 8 (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 References: https://bugzilla.suse.com/1154063 From sle-updates at lists.suse.com Tue Sep 1 19:23:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:23:49 +0200 (CEST) Subject: SUSE-RU-2020:2431-1: moderate: Recommended update for oracleasm Message-ID: <20200902012349.70854F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2431-1 Rating: moderate References: #1174543 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2431=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2431=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2431=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2431=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.57-4.5.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.57-4.5.1 - SUSE OpenStack Cloud 9 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.57-4.5.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.57-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.57-4.5.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.57-4.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.57-4.5.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.57-4.5.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Sep 2 00:17:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:17:51 +0200 (CEST) Subject: SUSE-CU-2020:430-1: Recommended update of suse/sles12sp3 Message-ID: <20200902061751.96131FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:430-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.197 , suse/sles12sp3:latest Container Release : 24.197 Severity : low Type : recommended References : 1173593 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2410-1 Released: Tue Sep 1 13:15:48 2020 Summary: Recommended update for pam Type: recommended Severity: low References: 1173593 This update of pam fixes the following issue: - On some SUSE Linux Enterprise 12 SP5 based media from build.suse.com a pam version with a higher release number than the last update of pam was delivered. This update releases pam with a higher release number to align it with this media. (bsc#1173593) From sle-updates at lists.suse.com Wed Sep 2 00:27:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:27:46 +0200 (CEST) Subject: SUSE-CU-2020:431-1: Recommended update of suse/sles12sp4 Message-ID: <20200902062746.95042FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:431-1 Container Tags : suse/sles12sp4:26.228 , suse/sles12sp4:latest Container Release : 26.228 Severity : low Type : recommended References : 1173593 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2410-1 Released: Tue Sep 1 13:15:48 2020 Summary: Recommended update for pam Type: recommended Severity: low References: 1173593 This update of pam fixes the following issue: - On some SUSE Linux Enterprise 12 SP5 based media from build.suse.com a pam version with a higher release number than the last update of pam was delivered. This update releases pam with a higher release number to align it with this media. (bsc#1173593) From sle-updates at lists.suse.com Wed Sep 2 00:32:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:32:47 +0200 (CEST) Subject: SUSE-CU-2020:432-1: Recommended update of suse/sles12sp5 Message-ID: <20200902063247.AD0E2FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:432-1 Container Tags : suse/sles12sp5:6.5.51 , suse/sles12sp5:latest Container Release : 6.5.51 Severity : moderate Type : recommended References : 1173593 1174673 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2410-1 Released: Tue Sep 1 13:15:48 2020 Summary: Recommended update for pam Type: recommended Severity: low References: 1173593 This update of pam fixes the following issue: - On some SUSE Linux Enterprise 12 SP5 based media from build.suse.com a pam version with a higher release number than the last update of pam was delivered. This update releases pam with a higher release number to align it with this media. (bsc#1173593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2428-1 Released: Tue Sep 1 22:07:35 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: - AddTrust External CA Root - AddTrust Class 1 CA Root - LuxTrust Global Root 2 - Staat der Nederlanden Root CA - G2 - Symantec Class 1 Public Primary Certification Authority - G4 - Symantec Class 2 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: - certSIGN Root CA G2 - e-Szigno Root CA 2017 - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 From sle-updates at lists.suse.com Wed Sep 2 00:44:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:44:07 +0200 (CEST) Subject: SUSE-CU-2020:433-1: Recommended update of suse/sle15 Message-ID: <20200902064407.3EF8CFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:433-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.259 Container Release : 4.22.259 Severity : moderate Type : recommended References : 1142733 1146991 1158336 1172195 1172824 1173539 1174551 1174736 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) From sle-updates at lists.suse.com Wed Sep 2 00:52:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:52:04 +0200 (CEST) Subject: SUSE-CU-2020:434-1: Recommended update of suse/sle15 Message-ID: <20200902065204.7BFACFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:434-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.298 Container Release : 6.2.298 Severity : moderate Type : recommended References : 1142733 1146991 1158336 1172195 1172824 1173539 1174551 1174736 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) From sle-updates at lists.suse.com Wed Sep 2 00:53:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:53:43 +0200 (CEST) Subject: SUSE-CU-2020:435-1: Recommended update of suse/sle15 Message-ID: <20200902065343.BBD71FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:435-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.735 Container Release : 8.2.735 Severity : moderate Type : recommended References : 1142733 1146991 1158336 1172195 1172824 1173539 1174551 1174736 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) From sle-updates at lists.suse.com Wed Sep 2 07:13:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:13:42 +0200 (CEST) Subject: SUSE-SU-2020:2446-1: moderate: Security update for curl Message-ID: <20200902131342.84873F794@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2446-1 Rating: moderate References: #1175109 Cross-References: CVE-2020-8231 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2446=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.32.1 curl-debuginfo-7.60.0-3.32.1 curl-debugsource-7.60.0-3.32.1 libcurl-devel-7.60.0-3.32.1 libcurl4-7.60.0-3.32.1 libcurl4-debuginfo-7.60.0-3.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcurl4-32bit-7.60.0-3.32.1 libcurl4-32bit-debuginfo-7.60.0-3.32.1 References: https://www.suse.com/security/cve/CVE-2020-8231.html https://bugzilla.suse.com/1175109 From sle-updates at lists.suse.com Wed Sep 2 07:14:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:14:32 +0200 (CEST) Subject: SUSE-RU-2020:2448-1: important: Recommended update for transactional-update Message-ID: <20200902131432.12116F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for transactional-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2448-1 Rating: important References: #1162320 Affected Products: SUSE Linux Enterprise Module for Transactional Server 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for transactional-update fixes the following issue: - Mount efivarfs on EFI systems. (bsc#1162320) If the EFI variables are not available, some incorrect parameters will be attached to grub2-install, writing the binary to a wrong location. Due to this, the system fails at reboot with a missing symbol error. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP2: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP2-2020-2448=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP2 (aarch64 ppc64le s390x x86_64): transactional-update-2.20.3-3.3.1 transactional-update-debuginfo-2.20.3-3.3.1 transactional-update-debugsource-2.20.3-3.3.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP2 (noarch): transactional-update-zypp-config-2.20.3-3.3.1 References: https://bugzilla.suse.com/1162320 From sle-updates at lists.suse.com Wed Sep 2 07:17:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:17:01 +0200 (CEST) Subject: SUSE-RU-2020:2447-1: moderate: Recommended update for crmsh Message-ID: <20200902131701.51407F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2447-1 Rating: moderate References: #1175057 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fixes an issue by 'ssh_merge' function for compatibility. (bsc#1175057) - Adjust sbd config process to fix bug on sbd stage. (bsc#1175057) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2447=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.1.0+git.1598258232.7580dd00-3.28.1 crmsh-scripts-4.1.0+git.1598258232.7580dd00-3.28.1 References: https://bugzilla.suse.com/1175057 From sle-updates at lists.suse.com Wed Sep 2 07:17:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:17:51 +0200 (CEST) Subject: SUSE-SU-2020:2444-1: moderate: Security update for curl Message-ID: <20200902131751.AF91FF794@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2444-1 Rating: moderate References: #1175109 Cross-References: CVE-2020-8231 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2444=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2444=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.6.1 curl-debugsource-7.60.0-11.6.1 libcurl-devel-7.60.0-11.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.6.1 curl-debuginfo-7.60.0-11.6.1 curl-debugsource-7.60.0-11.6.1 libcurl4-7.60.0-11.6.1 libcurl4-debuginfo-7.60.0-11.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.6.1 libcurl4-debuginfo-32bit-7.60.0-11.6.1 References: https://www.suse.com/security/cve/CVE-2020-8231.html https://bugzilla.suse.com/1175109 From sle-updates at lists.suse.com Wed Sep 2 07:18:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:18:44 +0200 (CEST) Subject: SUSE-SU-2020:2445-1: moderate: Security update for curl Message-ID: <20200902131844.495F8F794@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2445-1 Rating: moderate References: #1175109 Cross-References: CVE-2020-8231 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2445=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.6.1 curl-debuginfo-7.66.0-4.6.1 curl-debugsource-7.66.0-4.6.1 libcurl-devel-7.66.0-4.6.1 libcurl4-7.66.0-4.6.1 libcurl4-debuginfo-7.66.0-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcurl4-32bit-7.66.0-4.6.1 libcurl4-32bit-debuginfo-7.66.0-4.6.1 References: https://www.suse.com/security/cve/CVE-2020-8231.html https://bugzilla.suse.com/1175109 From sle-updates at lists.suse.com Wed Sep 2 07:19:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:19:36 +0200 (CEST) Subject: SUSE-SU-2020:2442-1: critical: Security update for squid Message-ID: <20200902131936.440C5F794@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2442-1 Rating: critical References: #1173455 #1175664 #1175665 #1175671 Cross-References: CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2442=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2442=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2442=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2442=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2442=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2442=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 References: https://www.suse.com/security/cve/CVE-2020-15049.html https://www.suse.com/security/cve/CVE-2020-15810.html https://www.suse.com/security/cve/CVE-2020-15811.html https://www.suse.com/security/cve/CVE-2020-24606.html https://bugzilla.suse.com/1173455 https://bugzilla.suse.com/1175664 https://bugzilla.suse.com/1175665 https://bugzilla.suse.com/1175671 From sle-updates at lists.suse.com Wed Sep 2 07:20:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:20:54 +0200 (CEST) Subject: SUSE-SU-2020:2450-1: moderate: Security update for apache2 Message-ID: <20200902132054.3BD8AF794@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2450-1 Rating: moderate References: #1175070 #1175071 #1175072 Cross-References: CVE-2020-11985 CVE-2020-11993 CVE-2020-9490 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2450=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2450=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2450=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2450=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2450=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2450=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2450=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2450=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2450=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2450=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2450=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2450=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2450=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2450=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2450=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2450=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2450=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE OpenStack Cloud 9 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE OpenStack Cloud 9 (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE OpenStack Cloud 8 (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE OpenStack Cloud 8 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE OpenStack Cloud 7 (s390x x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE OpenStack Cloud 7 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-devel-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Enterprise Storage 5 (noarch): apache2-doc-2.4.23-29.63.1 - HPE Helion Openstack 8 (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - HPE Helion Openstack 8 (noarch): apache2-doc-2.4.23-29.63.1 References: https://www.suse.com/security/cve/CVE-2020-11985.html https://www.suse.com/security/cve/CVE-2020-11993.html https://www.suse.com/security/cve/CVE-2020-9490.html https://bugzilla.suse.com/1175070 https://bugzilla.suse.com/1175071 https://bugzilla.suse.com/1175072 From sle-updates at lists.suse.com Wed Sep 2 07:22:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:22:03 +0200 (CEST) Subject: SUSE-SU-2020:2443-1: critical: Security update for squid Message-ID: <20200902132203.DA22DF794@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2443-1 Rating: critical References: #1173455 #1175664 #1175665 #1175671 Cross-References: CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2443=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): squid-4.13-4.15.1 squid-debuginfo-4.13-4.15.1 squid-debugsource-4.13-4.15.1 References: https://www.suse.com/security/cve/CVE-2020-15049.html https://www.suse.com/security/cve/CVE-2020-15810.html https://www.suse.com/security/cve/CVE-2020-15811.html https://www.suse.com/security/cve/CVE-2020-24606.html https://bugzilla.suse.com/1173455 https://bugzilla.suse.com/1175664 https://bugzilla.suse.com/1175665 https://bugzilla.suse.com/1175671 From sle-updates at lists.suse.com Wed Sep 2 10:14:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:14:01 +0200 (CEST) Subject: SUSE-SU-2020:2455-1: moderate: Security update for php7 Message-ID: <20200902161401.6EC01F403@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2455-1 Rating: moderate References: #1173786 #1174010 #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). - Do not install outdated README.SUSE (bsc#1174010). - Added tmpfiles.d for php-fpm to provide a base for a socket (bsc#1173786). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-2455=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2455=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.61.1 apache2-mod_php7-debuginfo-7.2.5-4.61.1 php7-7.2.5-4.61.1 php7-bcmath-7.2.5-4.61.1 php7-bcmath-debuginfo-7.2.5-4.61.1 php7-bz2-7.2.5-4.61.1 php7-bz2-debuginfo-7.2.5-4.61.1 php7-calendar-7.2.5-4.61.1 php7-calendar-debuginfo-7.2.5-4.61.1 php7-ctype-7.2.5-4.61.1 php7-ctype-debuginfo-7.2.5-4.61.1 php7-curl-7.2.5-4.61.1 php7-curl-debuginfo-7.2.5-4.61.1 php7-dba-7.2.5-4.61.1 php7-dba-debuginfo-7.2.5-4.61.1 php7-debuginfo-7.2.5-4.61.1 php7-debugsource-7.2.5-4.61.1 php7-devel-7.2.5-4.61.1 php7-dom-7.2.5-4.61.1 php7-dom-debuginfo-7.2.5-4.61.1 php7-enchant-7.2.5-4.61.1 php7-enchant-debuginfo-7.2.5-4.61.1 php7-exif-7.2.5-4.61.1 php7-exif-debuginfo-7.2.5-4.61.1 php7-fastcgi-7.2.5-4.61.1 php7-fastcgi-debuginfo-7.2.5-4.61.1 php7-fileinfo-7.2.5-4.61.1 php7-fileinfo-debuginfo-7.2.5-4.61.1 php7-fpm-7.2.5-4.61.1 php7-fpm-debuginfo-7.2.5-4.61.1 php7-ftp-7.2.5-4.61.1 php7-ftp-debuginfo-7.2.5-4.61.1 php7-gd-7.2.5-4.61.1 php7-gd-debuginfo-7.2.5-4.61.1 php7-gettext-7.2.5-4.61.1 php7-gettext-debuginfo-7.2.5-4.61.1 php7-gmp-7.2.5-4.61.1 php7-gmp-debuginfo-7.2.5-4.61.1 php7-iconv-7.2.5-4.61.1 php7-iconv-debuginfo-7.2.5-4.61.1 php7-intl-7.2.5-4.61.1 php7-intl-debuginfo-7.2.5-4.61.1 php7-json-7.2.5-4.61.1 php7-json-debuginfo-7.2.5-4.61.1 php7-ldap-7.2.5-4.61.1 php7-ldap-debuginfo-7.2.5-4.61.1 php7-mbstring-7.2.5-4.61.1 php7-mbstring-debuginfo-7.2.5-4.61.1 php7-mysql-7.2.5-4.61.1 php7-mysql-debuginfo-7.2.5-4.61.1 php7-odbc-7.2.5-4.61.1 php7-odbc-debuginfo-7.2.5-4.61.1 php7-opcache-7.2.5-4.61.1 php7-opcache-debuginfo-7.2.5-4.61.1 php7-openssl-7.2.5-4.61.1 php7-openssl-debuginfo-7.2.5-4.61.1 php7-pcntl-7.2.5-4.61.1 php7-pcntl-debuginfo-7.2.5-4.61.1 php7-pdo-7.2.5-4.61.1 php7-pdo-debuginfo-7.2.5-4.61.1 php7-pgsql-7.2.5-4.61.1 php7-pgsql-debuginfo-7.2.5-4.61.1 php7-phar-7.2.5-4.61.1 php7-phar-debuginfo-7.2.5-4.61.1 php7-posix-7.2.5-4.61.1 php7-posix-debuginfo-7.2.5-4.61.1 php7-readline-7.2.5-4.61.1 php7-readline-debuginfo-7.2.5-4.61.1 php7-shmop-7.2.5-4.61.1 php7-shmop-debuginfo-7.2.5-4.61.1 php7-snmp-7.2.5-4.61.1 php7-snmp-debuginfo-7.2.5-4.61.1 php7-soap-7.2.5-4.61.1 php7-soap-debuginfo-7.2.5-4.61.1 php7-sockets-7.2.5-4.61.1 php7-sockets-debuginfo-7.2.5-4.61.1 php7-sodium-7.2.5-4.61.1 php7-sodium-debuginfo-7.2.5-4.61.1 php7-sqlite-7.2.5-4.61.1 php7-sqlite-debuginfo-7.2.5-4.61.1 php7-sysvmsg-7.2.5-4.61.1 php7-sysvmsg-debuginfo-7.2.5-4.61.1 php7-sysvsem-7.2.5-4.61.1 php7-sysvsem-debuginfo-7.2.5-4.61.1 php7-sysvshm-7.2.5-4.61.1 php7-sysvshm-debuginfo-7.2.5-4.61.1 php7-tidy-7.2.5-4.61.1 php7-tidy-debuginfo-7.2.5-4.61.1 php7-tokenizer-7.2.5-4.61.1 php7-tokenizer-debuginfo-7.2.5-4.61.1 php7-wddx-7.2.5-4.61.1 php7-wddx-debuginfo-7.2.5-4.61.1 php7-xmlreader-7.2.5-4.61.1 php7-xmlreader-debuginfo-7.2.5-4.61.1 php7-xmlrpc-7.2.5-4.61.1 php7-xmlrpc-debuginfo-7.2.5-4.61.1 php7-xmlwriter-7.2.5-4.61.1 php7-xmlwriter-debuginfo-7.2.5-4.61.1 php7-xsl-7.2.5-4.61.1 php7-xsl-debuginfo-7.2.5-4.61.1 php7-zip-7.2.5-4.61.1 php7-zip-debuginfo-7.2.5-4.61.1 php7-zlib-7.2.5-4.61.1 php7-zlib-debuginfo-7.2.5-4.61.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): php7-pear-7.2.5-4.61.1 php7-pear-Archive_Tar-7.2.5-4.61.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.61.1 php7-debugsource-7.2.5-4.61.1 php7-embed-7.2.5-4.61.1 php7-embed-debuginfo-7.2.5-4.61.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1173786 https://bugzilla.suse.com/1174010 https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Wed Sep 2 10:15:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:15:04 +0200 (CEST) Subject: SUSE-SU-2020:2456-1: moderate: Security update for php7 Message-ID: <20200902161505.00738F794@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2456-1 Rating: moderate References: #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2456=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2456=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.6.1 apache2-mod_php7-debuginfo-7.4.6-3.6.1 php7-7.4.6-3.6.1 php7-bcmath-7.4.6-3.6.1 php7-bcmath-debuginfo-7.4.6-3.6.1 php7-bz2-7.4.6-3.6.1 php7-bz2-debuginfo-7.4.6-3.6.1 php7-calendar-7.4.6-3.6.1 php7-calendar-debuginfo-7.4.6-3.6.1 php7-ctype-7.4.6-3.6.1 php7-ctype-debuginfo-7.4.6-3.6.1 php7-curl-7.4.6-3.6.1 php7-curl-debuginfo-7.4.6-3.6.1 php7-dba-7.4.6-3.6.1 php7-dba-debuginfo-7.4.6-3.6.1 php7-debuginfo-7.4.6-3.6.1 php7-debugsource-7.4.6-3.6.1 php7-devel-7.4.6-3.6.1 php7-dom-7.4.6-3.6.1 php7-dom-debuginfo-7.4.6-3.6.1 php7-enchant-7.4.6-3.6.1 php7-enchant-debuginfo-7.4.6-3.6.1 php7-exif-7.4.6-3.6.1 php7-exif-debuginfo-7.4.6-3.6.1 php7-fastcgi-7.4.6-3.6.1 php7-fastcgi-debuginfo-7.4.6-3.6.1 php7-fileinfo-7.4.6-3.6.1 php7-fileinfo-debuginfo-7.4.6-3.6.1 php7-fpm-7.4.6-3.6.1 php7-fpm-debuginfo-7.4.6-3.6.1 php7-ftp-7.4.6-3.6.1 php7-ftp-debuginfo-7.4.6-3.6.1 php7-gd-7.4.6-3.6.1 php7-gd-debuginfo-7.4.6-3.6.1 php7-gettext-7.4.6-3.6.1 php7-gettext-debuginfo-7.4.6-3.6.1 php7-gmp-7.4.6-3.6.1 php7-gmp-debuginfo-7.4.6-3.6.1 php7-iconv-7.4.6-3.6.1 php7-iconv-debuginfo-7.4.6-3.6.1 php7-intl-7.4.6-3.6.1 php7-intl-debuginfo-7.4.6-3.6.1 php7-json-7.4.6-3.6.1 php7-json-debuginfo-7.4.6-3.6.1 php7-ldap-7.4.6-3.6.1 php7-ldap-debuginfo-7.4.6-3.6.1 php7-mbstring-7.4.6-3.6.1 php7-mbstring-debuginfo-7.4.6-3.6.1 php7-mysql-7.4.6-3.6.1 php7-mysql-debuginfo-7.4.6-3.6.1 php7-odbc-7.4.6-3.6.1 php7-odbc-debuginfo-7.4.6-3.6.1 php7-opcache-7.4.6-3.6.1 php7-opcache-debuginfo-7.4.6-3.6.1 php7-openssl-7.4.6-3.6.1 php7-openssl-debuginfo-7.4.6-3.6.1 php7-pcntl-7.4.6-3.6.1 php7-pcntl-debuginfo-7.4.6-3.6.1 php7-pdo-7.4.6-3.6.1 php7-pdo-debuginfo-7.4.6-3.6.1 php7-pgsql-7.4.6-3.6.1 php7-pgsql-debuginfo-7.4.6-3.6.1 php7-phar-7.4.6-3.6.1 php7-phar-debuginfo-7.4.6-3.6.1 php7-posix-7.4.6-3.6.1 php7-posix-debuginfo-7.4.6-3.6.1 php7-readline-7.4.6-3.6.1 php7-readline-debuginfo-7.4.6-3.6.1 php7-shmop-7.4.6-3.6.1 php7-shmop-debuginfo-7.4.6-3.6.1 php7-snmp-7.4.6-3.6.1 php7-snmp-debuginfo-7.4.6-3.6.1 php7-soap-7.4.6-3.6.1 php7-soap-debuginfo-7.4.6-3.6.1 php7-sockets-7.4.6-3.6.1 php7-sockets-debuginfo-7.4.6-3.6.1 php7-sodium-7.4.6-3.6.1 php7-sodium-debuginfo-7.4.6-3.6.1 php7-sqlite-7.4.6-3.6.1 php7-sqlite-debuginfo-7.4.6-3.6.1 php7-sysvmsg-7.4.6-3.6.1 php7-sysvmsg-debuginfo-7.4.6-3.6.1 php7-sysvsem-7.4.6-3.6.1 php7-sysvsem-debuginfo-7.4.6-3.6.1 php7-sysvshm-7.4.6-3.6.1 php7-sysvshm-debuginfo-7.4.6-3.6.1 php7-tidy-7.4.6-3.6.1 php7-tidy-debuginfo-7.4.6-3.6.1 php7-tokenizer-7.4.6-3.6.1 php7-tokenizer-debuginfo-7.4.6-3.6.1 php7-xmlreader-7.4.6-3.6.1 php7-xmlreader-debuginfo-7.4.6-3.6.1 php7-xmlrpc-7.4.6-3.6.1 php7-xmlrpc-debuginfo-7.4.6-3.6.1 php7-xmlwriter-7.4.6-3.6.1 php7-xmlwriter-debuginfo-7.4.6-3.6.1 php7-xsl-7.4.6-3.6.1 php7-xsl-debuginfo-7.4.6-3.6.1 php7-zip-7.4.6-3.6.1 php7-zip-debuginfo-7.4.6-3.6.1 php7-zlib-7.4.6-3.6.1 php7-zlib-debuginfo-7.4.6-3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.6.1 php7-debugsource-7.4.6-3.6.1 php7-embed-7.4.6-3.6.1 php7-embed-debuginfo-7.4.6-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Wed Sep 2 10:15:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:15:55 +0200 (CEST) Subject: SUSE-SU-2020:2452-1: important: Security update for xorg-x11-server Message-ID: <20200902161555.E5DF1F403@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2452-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2452=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2452=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2452=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.5.1 xorg-x11-server-debugsource-1.20.3-22.5.5.1 xorg-x11-server-wayland-1.20.3-22.5.5.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.5.1 xorg-x11-server-debugsource-1.20.3-22.5.5.1 xorg-x11-server-sdk-1.20.3-22.5.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.5.1 xorg-x11-server-debuginfo-1.20.3-22.5.5.1 xorg-x11-server-debugsource-1.20.3-22.5.5.1 xorg-x11-server-extra-1.20.3-22.5.5.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.5.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Wed Sep 2 10:16:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:16:51 +0200 (CEST) Subject: SUSE-SU-2020:2453-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20200902161651.CFE02F403@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2453-1 Rating: moderate References: #1174157 #1175259 Cross-References: CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2453=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2453=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2453=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2453=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1 References: https://www.suse.com/security/cve/CVE-2019-17639.html https://www.suse.com/security/cve/CVE-2020-14556.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14578.html https://www.suse.com/security/cve/CVE-2020-14579.html https://www.suse.com/security/cve/CVE-2020-14581.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 https://bugzilla.suse.com/1175259 From sle-updates at lists.suse.com Wed Sep 2 10:17:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:17:45 +0200 (CEST) Subject: SUSE-RU-2020:2451-1: important: Recommended update for dracut Message-ID: <20200902161745.95636F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2451-1 Rating: important References: #1167494 #996146 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dracut fixes the following issues: Update from version 049.1+suse.152.g8506e86f to version 049.1+suse.156.g7d852636: - net-lib.sh: support infiniband network mac addresses (bsc#996146) - 95nfs: use ip_params_for_remote_addr() (bsc#1167494) - 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) - dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2451=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.156.g7d852636-3.11.1 dracut-debuginfo-049.1+suse.156.g7d852636-3.11.1 dracut-debugsource-049.1+suse.156.g7d852636-3.11.1 dracut-fips-049.1+suse.156.g7d852636-3.11.1 dracut-ima-049.1+suse.156.g7d852636-3.11.1 References: https://bugzilla.suse.com/1167494 https://bugzilla.suse.com/996146 From sle-updates at lists.suse.com Wed Sep 2 10:18:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:18:42 +0200 (CEST) Subject: SUSE-SU-2020:14481-1: moderate: Security update for curl Message-ID: <20200902161842.14961F403@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14481-1 Rating: moderate References: #1175109 Cross-References: CVE-2020-8231 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-14481=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.37.0-70.52.2 libcurl4-openssl1-7.37.0-70.52.2 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.37.0-70.52.2 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.37.0-70.52.2 References: https://www.suse.com/security/cve/CVE-2020-8231.html https://bugzilla.suse.com/1175109 From sle-updates at lists.suse.com Wed Sep 2 13:13:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 21:13:33 +0200 (CEST) Subject: SUSE-SU-2020:2461-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20200902191333.6B3A6F794@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2461-1 Rating: moderate References: #1174157 #1175259 Cross-References: CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2461=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2461=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2461=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2461=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2461=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2461=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2461=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2461=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2461=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2461=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2461=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2461=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2461=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2461=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2461=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2461=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - HPE Helion Openstack 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 References: https://www.suse.com/security/cve/CVE-2019-17639.html https://www.suse.com/security/cve/CVE-2020-14556.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14578.html https://www.suse.com/security/cve/CVE-2020-14579.html https://www.suse.com/security/cve/CVE-2020-14581.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 https://bugzilla.suse.com/1175259 From sle-updates at lists.suse.com Wed Sep 2 13:14:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 21:14:32 +0200 (CEST) Subject: SUSE-RU-2020:2459-1: moderate: Recommended update for crmsh Message-ID: <20200902191432.C6611F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2459-1 Rating: moderate References: #1175057 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fixes an issue by 'ssh_merge' function for compatibility. (bsc#1175057) - Adjust sbd config process to fix bug on sbd stage. (bsc#1175057) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2459=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.1.0+git.1598258232.7580dd00-3.36.1 crmsh-scripts-4.1.0+git.1598258232.7580dd00-3.36.1 References: https://bugzilla.suse.com/1175057 From sle-updates at lists.suse.com Wed Sep 2 13:15:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 21:15:30 +0200 (CEST) Subject: SUSE-RU-2020:2458-1: moderate: Recommended update for iputils Message-ID: <20200902191530.2E624F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for iputils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2458-1 Rating: moderate References: #927831 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2458=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2458=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2458=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2458=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-s20161105-8.3.1 iputils-debugsource-s20161105-8.3.1 rarpd-debuginfo-s20161105-8.3.1 rarpd-s20161105-8.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-s20161105-8.3.1 iputils-debugsource-s20161105-8.3.1 rarpd-debuginfo-s20161105-8.3.1 rarpd-s20161105-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-s20161105-8.3.1 iputils-debugsource-s20161105-8.3.1 iputils-s20161105-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-s20161105-8.3.1 iputils-debugsource-s20161105-8.3.1 iputils-s20161105-8.3.1 References: https://bugzilla.suse.com/927831 From sle-updates at lists.suse.com Wed Sep 2 13:16:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 21:16:22 +0200 (CEST) Subject: SUSE-SU-2020:14482-1: moderate: Security update for java-1_7_0-ibm Message-ID: <20200902191622.EB90AF794@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14482-1 Rating: moderate References: #1171352 #1174157 #1175259 Cross-References: CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues: - Update to Java 7.0 Service Refresh 10 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - The pack200 and unpack200 alternatives should be slaves of java [bsc#1171352] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-14482=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr10.70-65.54.1 java-1_7_0-ibm-alsa-1.7.0_sr10.70-65.54.1 java-1_7_0-ibm-devel-1.7.0_sr10.70-65.54.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.70-65.54.1 java-1_7_0-ibm-plugin-1.7.0_sr10.70-65.54.1 References: https://www.suse.com/security/cve/CVE-2019-17639.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14578.html https://www.suse.com/security/cve/CVE-2020-14579.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1171352 https://bugzilla.suse.com/1174157 https://bugzilla.suse.com/1175259 From sle-updates at lists.suse.com Wed Sep 2 13:29:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 21:29:09 +0200 (CEST) Subject: SUSE-RU-2020:2457-1: important: Recommended update for grub2 Message-ID: <20200902192909.B2B77F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2457-1 Rating: important References: #1174567 #1175766 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - The GRUB_VERIFY_FLAGS_DEFER_AUTH is enabled regardless secure boot status (bsc#1175766) A secure boot status check has been added before requesting other verifiers to verify external module, therefore external module loading can work after shim_lock module is loaded and secure boot turned off. - Make consistent check to enable relative path on btrfs (bsc#1174567) This fix unified the test in grub-install and grub-mkconfig. The path to default or selected btrfs subvolume/snapshot is used if the root file system is btrfs and the config has enabled btrfs snapshot booting. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2457=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2457=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): grub2-x86_64-xen-2.04-9.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.04-9.18.1 grub2-debuginfo-2.04-9.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.04-9.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): grub2-arm64-efi-2.04-9.18.1 grub2-i386-pc-2.04-9.18.1 grub2-powerpc-ieee1275-2.04-9.18.1 grub2-snapper-plugin-2.04-9.18.1 grub2-systemd-sleep-plugin-2.04-9.18.1 grub2-x86_64-efi-2.04-9.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): grub2-s390x-emu-2.04-9.18.1 References: https://bugzilla.suse.com/1174567 https://bugzilla.suse.com/1175766 From sle-updates at lists.suse.com Wed Sep 2 19:13:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:13:29 +0200 (CEST) Subject: SUSE-RU-2020:2469-1: moderate: Recommended update for tomcat Message-ID: <20200903011329.6A733F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2469-1 Rating: moderate References: #1092163 #1172562 #1173103 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for tomcat fixes the following issues: - Fixed the package alternatives for tomcat-servlet-4_0-api to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar - We kept /usr/share/java/tomcat-servlet.jar as a symlink for compatibility reasons (bsc#1092163) - Removed write permissions on several files and directories for the tomcat group (bsc#1172562) - Changed the tomcat.pid location from /var/run to /run (bsc#1173103) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-2469=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): tomcat-9.0.36-4.44.3 tomcat-admin-webapps-9.0.36-4.44.3 tomcat-el-3_0-api-9.0.36-4.44.3 tomcat-jsp-2_3-api-9.0.36-4.44.3 tomcat-lib-9.0.36-4.44.3 tomcat-servlet-4_0-api-9.0.36-4.44.3 tomcat-webapps-9.0.36-4.44.3 References: https://bugzilla.suse.com/1092163 https://bugzilla.suse.com/1172562 https://bugzilla.suse.com/1173103 From sle-updates at lists.suse.com Wed Sep 2 19:14:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:14:29 +0200 (CEST) Subject: SUSE-RU-2020:2464-1: moderate: Recommended update for icewm Message-ID: <20200903011429.146DEF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for icewm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2464-1 Rating: moderate References: #1170420 #1173441 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for icewm fixes the following issues: - Fixes an issue where icewm updates could no longer be installed (bsc#1173441, bsc#1170420) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2464=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2464=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): icewm-1.4.2-7.12.1 icewm-debuginfo-1.4.2-7.12.1 icewm-debugsource-1.4.2-7.12.1 icewm-default-1.4.2-7.12.1 icewm-default-debuginfo-1.4.2-7.12.1 icewm-lite-1.4.2-7.12.1 icewm-lite-debuginfo-1.4.2-7.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): icewm-lang-1.4.2-7.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): icewm-1.4.2-7.12.1 icewm-debuginfo-1.4.2-7.12.1 icewm-debugsource-1.4.2-7.12.1 icewm-default-1.4.2-7.12.1 icewm-default-debuginfo-1.4.2-7.12.1 icewm-lite-1.4.2-7.12.1 icewm-lite-debuginfo-1.4.2-7.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): icewm-lang-1.4.2-7.12.1 References: https://bugzilla.suse.com/1170420 https://bugzilla.suse.com/1173441 From sle-updates at lists.suse.com Wed Sep 2 19:15:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:15:21 +0200 (CEST) Subject: SUSE-RU-2020:2463-1: moderate: Recommended update for oracleasm Message-ID: <20200903011521.3CD92F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2463-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2463=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_122.32-9.5.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_122.32-9.5.2 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Sep 2 19:16:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:16:07 +0200 (CEST) Subject: SUSE-RU-2020:2466-1: moderate: Recommended update for fwupdate Message-ID: <20200903011607.05C2DF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2466-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of fwupdate fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2466=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2466=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2466=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2466=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): fwupdate-9+git21.gcd8f7d7-6.5.1 fwupdate-debuginfo-9+git21.gcd8f7d7-6.5.1 fwupdate-debugsource-9+git21.gcd8f7d7-6.5.1 fwupdate-devel-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.5.1 libfwup1-9+git21.gcd8f7d7-6.5.1 libfwup1-debuginfo-9+git21.gcd8f7d7-6.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): fwupdate-9+git21.gcd8f7d7-6.5.1 fwupdate-debuginfo-9+git21.gcd8f7d7-6.5.1 fwupdate-debugsource-9+git21.gcd8f7d7-6.5.1 fwupdate-devel-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.5.1 libfwup1-9+git21.gcd8f7d7-6.5.1 libfwup1-debuginfo-9+git21.gcd8f7d7-6.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): fwupdate-9+git21.gcd8f7d7-6.5.1 fwupdate-debuginfo-9+git21.gcd8f7d7-6.5.1 fwupdate-debugsource-9+git21.gcd8f7d7-6.5.1 fwupdate-devel-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.5.1 libfwup1-9+git21.gcd8f7d7-6.5.1 libfwup1-debuginfo-9+git21.gcd8f7d7-6.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): fwupdate-9+git21.gcd8f7d7-6.5.1 fwupdate-debuginfo-9+git21.gcd8f7d7-6.5.1 fwupdate-debugsource-9+git21.gcd8f7d7-6.5.1 fwupdate-devel-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.5.1 libfwup1-9+git21.gcd8f7d7-6.5.1 libfwup1-debuginfo-9+git21.gcd8f7d7-6.5.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Sep 2 19:16:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:16:54 +0200 (CEST) Subject: SUSE-RU-2020:2470-1: moderate: Recommended update for lshw Message-ID: <20200903011654.5EA09F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for lshw ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2470-1 Rating: moderate References: #1168865 #1169668 #1172156 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for lshw fixes the following issues: - Fixes the detection of powerpc products (bsc#1172156) - Fixed an issue where lshw crashed on powerpc and aarch64 (bsc#1168865, bsc#1169668) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2470=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le x86_64): lshw-B.02.19.2-3.3.1 lshw-debuginfo-B.02.19.2-3.3.1 lshw-debugsource-B.02.19.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): lshw-lang-B.02.19.2-3.3.1 References: https://bugzilla.suse.com/1168865 https://bugzilla.suse.com/1169668 https://bugzilla.suse.com/1172156 From sle-updates at lists.suse.com Wed Sep 2 19:17:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:17:55 +0200 (CEST) Subject: SUSE-RU-2020:2467-1: moderate: Recommended update for aws-cli, python-boto3, and python-botocore Message-ID: <20200903011755.501FDF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-cli, python-boto3, and python-botocore ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2467-1 Rating: moderate References: #1075263 #1118021 #1118024 #1118027 #1146853 #1175147 #1175148 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for aws-cli, python-boto3, and python-botocore fixes the following issues: - This update mainly focuses on updating the API clients. Please refer to the rpm changelog of each package to receive a detailed list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2467=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2467=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2467=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2467=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2467=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2467=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): aws-cli-1.18.117-8.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): aws-cli-1.18.117-8.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-boto3-1.14.40-7.11.1 python2-botocore-1.17.40-7.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-boto3-1.14.40-7.11.1 python2-botocore-1.17.40-7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-boto3-1.14.40-7.11.1 python3-botocore-1.17.40-7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-boto3-1.14.40-7.11.1 python3-botocore-1.17.40-7.11.1 References: https://bugzilla.suse.com/1075263 https://bugzilla.suse.com/1118021 https://bugzilla.suse.com/1118024 https://bugzilla.suse.com/1118027 https://bugzilla.suse.com/1146853 https://bugzilla.suse.com/1175147 https://bugzilla.suse.com/1175148 From sle-updates at lists.suse.com Wed Sep 2 19:19:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:19:17 +0200 (CEST) Subject: SUSE-RU-2020:14483-1: moderate: Recommended update for oracleasm Message-ID: <20200903011917.15C74F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14483-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-oracleasm-14483=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-oracleasm-14483=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): oracleasm-2.0.5-7.44.4.1 oracleasm-kmp-default-2.0.5_3.0.101_108.117-7.44.4.1 oracleasm-kmp-trace-2.0.5_3.0.101_108.117-7.44.4.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): oracleasm-kmp-xen-2.0.5_3.0.101_108.117-7.44.4.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): oracleasm-kmp-bigmem-2.0.5_3.0.101_108.117-7.44.4.1 oracleasm-kmp-ppc64-2.0.5_3.0.101_108.117-7.44.4.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): oracleasm-kmp-pae-2.0.5_3.0.101_108.117-7.44.4.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): oracleasm-debuginfo-2.0.5-7.44.4.1 oracleasm-debugsource-2.0.5-7.44.4.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Sep 2 19:20:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:20:05 +0200 (CEST) Subject: SUSE-RU-2020:2465-1: moderate: Recommended update for fwupdate Message-ID: <20200903012005.BA2AAF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2465-1 Rating: moderate References: #1174543 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of fwupdate fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2465=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2465=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2465=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2465=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2465=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2465=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2465=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2465=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2465=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2465=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2465=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2465=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE OpenStack Cloud 9 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE OpenStack Cloud 8 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Enterprise Storage 5 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - HPE Helion Openstack 8 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Sep 2 19:20:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:20:56 +0200 (CEST) Subject: SUSE-RU-2020:2468-1: moderate: Recommended update for aws-cli, python-boto3, and python-botocore Message-ID: <20200903012056.22E06F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-cli, python-boto3, and python-botocore ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2468-1 Rating: moderate References: #1175147 #1175148 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Module for Public Cloud 12 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for aws-cli, python-boto3, and python-botocore fixes the following issues: - This update mainly focuses on updating the API clients. Please refer to the rpm changelog of each package to receive a detailed list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2468=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2468=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2468=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2468=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): aws-cli-1.18.117-22.20.1 python-botocore-1.17.40-28.26.1 - SUSE OpenStack Cloud 8 (noarch): aws-cli-1.18.117-22.20.1 python-botocore-1.17.40-28.26.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): aws-cli-1.18.117-22.20.1 python-boto3-1.14.40-14.20.1 python-botocore-1.17.40-28.26.1 python3-boto3-1.14.40-14.20.1 python3-botocore-1.17.40-28.26.1 - HPE Helion Openstack 8 (noarch): aws-cli-1.18.117-22.20.1 python-botocore-1.17.40-28.26.1 References: https://bugzilla.suse.com/1175147 https://bugzilla.suse.com/1175148 From sle-updates at lists.suse.com Thu Sep 3 00:45:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 08:45:09 +0200 (CEST) Subject: SUSE-CU-2020:436-1: Security update of suse/sle15 Message-ID: <20200903064509.6BEFBFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:436-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.260 Container Release : 4.22.260 Severity : moderate Type : security References : 1175109 CVE-2020-8231 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2446-1 Released: Wed Sep 2 09:33:22 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] From sle-updates at lists.suse.com Thu Sep 3 04:16:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 12:16:03 +0200 (CEST) Subject: SUSE-SU-2020:2471-1: critical: Security update for squid Message-ID: <20200903101603.AD7CBF794@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2471-1 Rating: critical References: #1175664 #1175665 #1175671 Cross-References: CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2471=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2471=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2471=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2471=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2471=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2471=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2471=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2471=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2471=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2471=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2471=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2471=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2471=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2471=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2471=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE OpenStack Cloud 9 (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE OpenStack Cloud 8 (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE OpenStack Cloud 7 (s390x x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - HPE Helion Openstack 8 (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 References: https://www.suse.com/security/cve/CVE-2020-15810.html https://www.suse.com/security/cve/CVE-2020-15811.html https://www.suse.com/security/cve/CVE-2020-24606.html https://bugzilla.suse.com/1175664 https://bugzilla.suse.com/1175665 https://bugzilla.suse.com/1175671 From sle-updates at lists.suse.com Thu Sep 3 07:14:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:14:21 +0200 (CEST) Subject: SUSE-SU-2020:14484-1: moderate: Security update for java-1_7_1-ibm Message-ID: <20200903131421.AFA9EF794@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14484-1 Rating: moderate References: #1174157 #1175259 Cross-References: CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-java-1_7_1-ibm-14484=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-26.58.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-26.58.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-26.58.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-26.58.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-26.58.1 References: https://www.suse.com/security/cve/CVE-2019-17639.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14578.html https://www.suse.com/security/cve/CVE-2020-14579.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 https://bugzilla.suse.com/1175259 From sle-updates at lists.suse.com Thu Sep 3 07:16:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:16:10 +0200 (CEST) Subject: SUSE-SU-2020:2474-1: moderate: Security update for libX11 Message-ID: <20200903131610.0F428F794@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2474-1 Rating: moderate References: #1175239 Cross-References: CVE-2020-14363 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2474=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2474=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-3.12.1 libX11-6-debuginfo-1.6.5-3.12.1 libX11-debugsource-1.6.5-3.12.1 libX11-devel-1.6.5-3.12.1 libX11-xcb1-1.6.5-3.12.1 libX11-xcb1-debuginfo-1.6.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libX11-6-32bit-1.6.5-3.12.1 libX11-6-32bit-debuginfo-1.6.5-3.12.1 libX11-xcb1-32bit-1.6.5-3.12.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libX11-data-1.6.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-3.12.1 libX11-6-debuginfo-1.6.5-3.12.1 libX11-debugsource-1.6.5-3.12.1 libX11-devel-1.6.5-3.12.1 libX11-xcb1-1.6.5-3.12.1 libX11-xcb1-debuginfo-1.6.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libX11-6-32bit-1.6.5-3.12.1 libX11-6-32bit-debuginfo-1.6.5-3.12.1 libX11-xcb1-32bit-1.6.5-3.12.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libX11-data-1.6.5-3.12.1 References: https://www.suse.com/security/cve/CVE-2020-14363.html https://bugzilla.suse.com/1175239 From sle-updates at lists.suse.com Thu Sep 3 07:16:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:16:58 +0200 (CEST) Subject: SUSE-RU-2020:2472-1: moderate: Recommended update for powerpc-utils Message-ID: <20200903131658.D0FACF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2472-1 Rating: moderate References: #1174666 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issue: - On SUSE the service is called kexec-load.service instead of kexec.service. (bsc#1174666) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2472=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2472=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le): powerpc-utils-1.3.7.1-3.21.1 powerpc-utils-debuginfo-1.3.7.1-3.21.1 powerpc-utils-debugsource-1.3.7.1-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le): powerpc-utils-1.3.7.1-3.21.1 powerpc-utils-debuginfo-1.3.7.1-3.21.1 powerpc-utils-debugsource-1.3.7.1-3.21.1 References: https://bugzilla.suse.com/1174666 From sle-updates at lists.suse.com Thu Sep 3 07:17:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:17:48 +0200 (CEST) Subject: SUSE-SU-2020:2475-1: moderate: Security update for libX11 Message-ID: <20200903131748.1C0CBF794@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2475-1 Rating: moderate References: #1175239 Cross-References: CVE-2020-14363 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2475=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2475=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-debugsource-1.6.2-12.15.1 libX11-devel-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libX11-data-1.6.2-12.15.1 References: https://www.suse.com/security/cve/CVE-2020-14363.html https://bugzilla.suse.com/1175239 From sle-updates at lists.suse.com Thu Sep 3 07:18:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:18:44 +0200 (CEST) Subject: SUSE-RU-2020:2473-1: moderate: Recommended update for gdm Message-ID: <20200903131844.43166F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2473-1 Rating: moderate References: #1172813 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issue: - gdm quit plymouth when xdmcp is the only allowed connection. (bsc#1172813) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2473=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2473=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2473=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2473=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2473=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2473=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2473=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2473=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2473=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2473=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2473=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2473=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2473=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2473=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2473=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2473=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2473=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 9 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 9 (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 8 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 8 (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 7 (s390x x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 7 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 gdm-devel-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Enterprise Storage 5 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - HPE Helion Openstack 8 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - HPE Helion Openstack 8 (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 References: https://bugzilla.suse.com/1172813 From sle-updates at lists.suse.com Thu Sep 3 07:19:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:19:39 +0200 (CEST) Subject: SUSE-SU-2020:2478-1: important: Security update for the Linux Kernel Message-ID: <20200903131939.E9DAEF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2478-1 Rating: important References: #1051510 #1058115 #1065600 #1065729 #1071995 #1082555 #1083647 #1085030 #1089895 #1103990 #1103991 #1103992 #1104745 #1104967 #1109837 #1111666 #1112178 #1112374 #1113956 #1114279 #1124278 #1127354 #1127355 #1127371 #1133021 #1137325 #1141558 #1142685 #1144333 #1145929 #1148868 #1150660 #1151794 #1151927 #1152107 #1152489 #1152624 #1154824 #1157169 #1158265 #1158983 #1159037 #1159058 #1159199 #1160388 #1160947 #1161016 #1162002 #1162063 #1163309 #1163403 #1163897 #1164284 #1164780 #1164871 #1165183 #1165478 #1165741 #1166780 #1166860 #1166861 #1166862 #1166864 #1166866 #1166867 #1166868 #1166870 #1166940 #1166969 #1166978 #1166985 #1167104 #1167288 #1167574 #1167851 #1167867 #1168081 #1168202 #1168332 #1168486 #1168503 #1168670 #1168760 #1168762 #1168763 #1168764 #1168765 #1168789 #1168881 #1168884 #1168952 #1168959 #1169005 #1169013 #1169020 #1169057 #1169194 #1169390 #1169514 #1169525 #1169625 #1169762 #1169771 #1169795 #1170011 #1170056 #1170125 #1170145 #1170284 #1170345 #1170442 #1170457 #1170522 #1170592 #1170617 #1170618 #1170620 #1170621 #1170770 #1170778 #1170791 #1170901 #1171078 #1171098 #1171118 #1171124 #1171189 #1171191 #1171195 #1171202 #1171205 #1171214 #1171217 #1171218 #1171219 #1171220 #1171244 #1171293 #1171417 #1171424 #1171527 #1171529 #1171530 #1171558 #1171599 #1171600 #1171601 #1171602 #1171604 #1171605 #1171606 #1171607 #1171608 #1171609 #1171610 #1171611 #1171612 #1171613 #1171614 #1171615 #1171616 #1171617 #1171618 #1171619 #1171620 #1171621 #1171622 #1171623 #1171624 #1171625 #1171626 #1171662 #1171673 #1171679 #1171691 #1171692 #1171694 #1171695 #1171732 #1171736 #1171739 #1171743 #1171753 #1171759 #1171761 #1171817 #1171835 #1171841 #1171868 #1171904 #1171948 #1171949 #1171951 #1171952 #1171979 #1171982 #1171983 #1172017 #1172096 #1172097 #1172098 #1172099 #1172101 #1172102 #1172103 #1172104 #1172127 #1172130 #1172185 #1172188 #1172199 #1172201 #1172202 #1172218 #1172221 #1172247 #1172249 #1172251 #1172253 #1172257 #1172317 #1172342 #1172343 #1172344 #1172366 #1172378 #1172391 #1172397 #1172453 #1172458 #1172472 #1172484 #1172537 #1172538 #1172687 #1172719 #1172759 #1172770 #1172775 #1172781 #1172782 #1172783 #1172999 #1173060 #1173074 #1173146 #1173265 #1173280 #1173284 #1173428 #1173462 #1173514 #1173567 #1173573 #1173659 #1173746 #1173818 #1173820 #1173825 #1173826 #1173833 #1173838 #1173839 #1173845 #1173857 #1174113 #1174115 #1174122 #1174123 #1174130 #1174186 #1174187 #1174296 Cross-References: CVE-2018-1000199 CVE-2019-16746 CVE-2019-19462 CVE-2019-20806 CVE-2019-20810 CVE-2019-20812 CVE-2019-20908 CVE-2019-9455 CVE-2020-0543 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-11669 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12659 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 39 vulnerabilities and has 234 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or "CrossTalk" (bsc#1154824). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which caused a memory leak, aka CID-9453264ef586 (bnc#1172458). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c, where the length of variable elements in a beacon head was not checked, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add br_netfilter to kernel-default-base (bsc#1169020) - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ahci: Add support for Amazon's Annapurna Labs SATA controller (bsc#1169013). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256 (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add driver blacklist (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda: Always use jackpoll helper for jack update after resume (bsc#1051510). - ALSA: hda: call runtime_allow() for all hda controllers (bsc#1051510). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Honor PM disablement in PM freeze and thaw_noirq ops (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda: Match both PCI ID and SSID for driver blacklist (bsc#1111666). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA (git-fixes). - ALSA: hda/realtek - Add HP new mute led supported for ALC236 (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Notebook (git-fixes). - ALSA: hda/realtek - Add supported new mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295 (git-fixes). - ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295 (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Enable the headset mic on Asus FX505DT (bsc#1051510). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (bsc#1111666). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hda: Release resources at error in delayed probe (bsc#1051510). - ALSA: hda: Remove ASUS ROG Zenith from the blacklist (bsc#1051510). - ALSA: hda: Skip controller resume if not needed (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add connector notifier delegation (bsc#1051510). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: add mapping for ASRock TRX40 Creator (git-fixes). - ALSA: usb-audio: Add mixer workaround for TRX40 and co (bsc#1051510). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: Add quirk for Focusrite Scarlett 2i2 (bsc#1051510). - ALSA: usb-audio: Add static mapping table for ALC1220-VB-based mobos (bsc#1051510). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Apply async workaround for Scarlett 2i4 2nd gen (bsc#1051510). - ALSA: usb-audio: Check mapping at creating connector controls, too (bsc#1051510). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not create jack controls for PCM terminals (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Filter error from connector kctl ops, too (bsc#1051510). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert "bcache: shrink btree node cache after bch_btree_check()" (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - blk-mq: honor IO scheduler for multiqueue devices (bsc#1165478). - blk-mq: simplify blk_mq_make_request() (bsc#1165478). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF (bsc#1104745). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bnxt_en: Return error if bnxt_alloc_ctx_mem() fails (bsc#1104745 ). - bnxt_en: Return error when allocating zero size context memory (bsc#1104745). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - bpf: Fix sk_psock refcnt leak when receiving message (bsc#1083647). - bpf: Forbid XADD on spilled pointers for unprivileged users (bsc#1083647). - brcmfmac: abort and release host after error (bsc#1051510). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - Btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - Btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - Btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - Btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: move the dio_sem higher up the callchain (bsc#1171761). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: relocation: add error injection points for cancelling balance (bsc#1171417). - btrfs: relocation: Check cancel request after each data page read (bsc#1171417). - btrfs: relocation: Check cancel request after each extent found (bsc#1171417). - btrfs: relocation: Clear the DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417). - btrfs: relocation: Fix reloc root leakage and the NULL pointer reference caused by the leakage (bsc#1171417). - btrfs: relocation: Work around dead relocation stage loop (bsc#1171417). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - Btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - Btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - Btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - can: add missing attribute validation for termination (networking-stable-20_03_14). - carl9170: remove P2P_GO support (bsc#1111666). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: check if file lock exists before sending unlock request (bsc#1168789). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: demote quotarealm lookup warning to a debug message (bsc#1171692). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: CIFSpdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - CIFS: ignore cached share root handle closing errors (bsc#1166780). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620, bsc#1170621). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - copy_{to,from}_user(): consolidate object size checks (git fixes). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Change a message to reflect status instead of failure (bsc#1172218). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - cxgb4: fix MPS index overwrite when setting MAC address (bsc#1127355). - cxgb4: fix Txq restart check during backpressure (bsc#1127354 bsc#1127371). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - devlink: fix return value after hitting end in region read (bsc#1109837). - devlink: validate length of param values (bsc#1109837). - devlink: validate length of region addr/len (bsc#1109837). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm-raid1: fix invalid return value from dm_mirror (bsc#1172378). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172249, bsc#1172251). - Drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618). - Drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - Drivers: w1: add hwmon support structures (jsc#SLE-11048). - Drivers: w1: add hwmon temp support for w1_therm (jsc#SLE-11048). - Drivers: w1: refactor w1_slave_show to make the temp reading functionality separate (jsc#SLE-11048). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) (bsc#1111666). - drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event (bsc#1111666). - drm/amd/powerplay: force the trim of the mclk dpm_levels if OD is (bsc#1113956) - drm/atomic: Take the atomic toys away from X (bsc#1112178) * context changes - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/etnaviv: fix perfmon domain interation (bsc#1113956) - drm/etnaviv: rework perfmon query infrastructure (bsc#1112178) - drm/i915: Apply Wa_1406680159:icl,ehl as an engine workaround (bsc#1112178) * rename gt/intel_workarounds.c to intel_workarounds.c * context changes - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1112178) * rename display/intel_hdmi.c to intel_hdmi.c * context changes - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - drm/sun4i: dsi: Allow binding the host without a panel (bsc#1113956) - drm/sun4i: dsi: Avoid hotplug race with DRM driver bind (bsc#1113956) - drm/sun4i: dsi: Remove incorrect use of runtime PM (bsc#1113956) * context changes - drm/sun4i: dsi: Remove unused drv from driver context (bsc#1113956) * context changes * keep include of sun4i_drv.h - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Add family ops for Family 19h Models 00h-0Fh (jsc#SLE-11833). - EDAC/amd64: Drop some family checks for newer systems (jsc#SLE-11833). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - EDAC/mce_amd: Always load on SMCA systems (jsc#SLE-11833). - EDAC/mce_amd: Make fam_ops static global (jsc#SLE-11833). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - Fix a backport bug, where btrfs_put_root() -> btrfs_put_fs_root() modification is not needed due to missing dependency - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172249, bsc#1172251). - HID: hyperv: Add a module description line (bsc#1172253). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/ipoib: Add child to parent list only if device initialized (bsc#1168503). - IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503). - IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503). - IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503). - IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503). - IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503). - IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503). - IB/ipoib: Move init code to ndo_init (bsc#1168503). - IB/ipoib: Replace printk with pr_warn (bsc#1168503). - IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503). - IB/ipoib: Warn when one port fails to initialize (bsc#1168503). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (bsc#1103991). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172249, bsc#1172251). - Input: hyperv-keyboard - add module description (bsc#1172253). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174130). - ip6_tunnel: Allow rcv/xmit even if remote address is a local address (bsc#1166978). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: fix restrict IPV6_ADDRFORM operation (bsc#1171662). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - ixgbe: do not check firmware errors (bsc#1170284). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi fix for (bsc#1168202). - kabi fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kabi, protect struct ib_device (bsc#1168503). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locks: print unsigned ino in /proc/locks (bsc#1171951). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211: add option for setting control flags (bsc#1111666). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - make some Fujitsu systems run (bsc#1141558). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: si2157: Better check for running tuner in init (bsc#1111666). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mlxsw: spectrum_mr: Fix list iteration in error path (bsc#1112374). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: core: Check request type before completing the request (git-fixes). - mmc: core: Fix recursive locking issue in CQE recovery path (git-fixes). - mmc: cqhci: Avoid false "cqhci: CQE stuck on" by not open-coding timeout loop (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: fix compilation of user API (bsc#1051510). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - mm: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mvpp2: remove misleading comment (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - net/ethernet: add Google GVE driver (jsc#SLE-10538) - net: fec: add phy_reset_after_clk_enable() support (git-fixes). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net: hns3: fix "tc qdisc del" failed issue (bsc#1109837). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net: macsec: update SCI upon MAC address change (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix ethtool self test: link speed (bsc#1171118). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix failing fw tracer allocation on s390 (bsc#1103990 ). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (networking-stable-20_05_27). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (bsc#1109837). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - nfc: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfp: abm: fix a memory leak bug (bsc#1109837). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - nfs: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - nfs: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - nfs: Fix memory leaks and corruption in readdir (git-fixes). - nfs: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - nfs: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - nfs/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - nfs/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - nfs: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: Remove broken queue flushing (git-fixes). - padata: reorder work kABI fixup (git-fixes). - Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()" (git fixes (block drivers)). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201, bsc#1172202). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172201, bsc#1172202). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - PCI: sanity test on PCI vendor to be sure we do not touch everything (bsc#1141558). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix bad use of igrab() (git fixes (dependent patch)). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Add support for Large Increment per Cycle Events (jsc#SLE-11831). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (jsc#SLE-11831). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - RDMA/ipoib: Fix use of sizeof() (bsc#1168503). - RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503). - RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503). - RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503). - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - resolve KABI warning for perf-pt-coresight (git-fixes). - rpm/kernel-docs.spec.in: Require python-packaging for build. - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/cpum_cf: Add new extended counters for IBM z15 (bsc#1169762 LTC#185291). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: do not set affinity for floating irqs (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164780). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164780). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164780). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164780). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164780). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164780). - scsi: lpfc: remove duplicate unloading checks (bsc#1164780). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164780). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164780). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/powerpc: Fix build errors in powerpc ptrace selftests (boo#1124278). - Separate one more kABI fixup from the functional change: - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - snb3: Additional compression structures (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - SUNRPC: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - supported.conf: Add br_netfilter to base (bsc#1169020). - supported.conf: support w1 core and thermometer support - svcrdma: Fix double svc_rdma_send_ctxt_put() in an error path (bsc#1103992). - svcrdma: Fix leak of transport addresses (git-fixes). - svcrdma: Fix trace point use-after-free race (bsc#1103992 ). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tty: rocket, avoid OOB access (git-fixes). - tun: Do not put_page() for all negative return values from XDP program (bsc#1109837). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - ubifs: remove broken lazytime support (bsc#1173826). - Update config files: Build w1 bus on arm64 (jsc#SLE-11048) - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - USB: cdc-acm: restore capability check order (git-fixes). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - USB: core: Fix misleading driver bug report (bsc#1051510). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usbnet: silence an unnecessary warning (bsc#1170770). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - w1: Add subsystem kernel public interface (jsc#SLE-11048). - w1: Fix slave count on 1-Wire bus (resend) (jsc#SLE-11048). - w1: keep balance of mutex locks and refcnts (jsc#SLE-11048). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - w1: use put_device() if device_register() fail (jsc#SLE-11048). - watchdog: reset last_hw_keepalive time at start (git-fixes). - watchdog: sp805: fix restart handler (bsc#1111666). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/amd_nb: Add Family 19h PCI IDs (jsc#SLE-11834). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170617, bsc#1170618). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618). - x86/Hyper-V: report value of misc_features (git fixes). - x86/Hyper-V: report value of misc_features (git-fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170617, bsc#1170618). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170617, bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618). - x86/Hyperv-V: Allow guests to enable InvariantTSC (bsc#1170621, bsc#1170620). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/MCE/AMD: Add a KABI workaround for enum smca_bank_types (jsc#SLE-11833). - x86/MCE/AMD, EDAC/mce_amd: Add new Load Store unit McaType (jsc#SLE-11833). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE (bsc#1169005). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes). - xfs: clear PF_MEMALLOC before exiting xfsaild thread (git-fixes). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2020-2478=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.13.1 kernel-source-rt-4.12.14-10.13.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.13.1 dlm-kmp-rt-4.12.14-10.13.1 gfs2-kmp-rt-4.12.14-10.13.1 kernel-rt-4.12.14-10.13.1 kernel-rt-base-4.12.14-10.13.1 kernel-rt-devel-4.12.14-10.13.1 kernel-rt_debug-4.12.14-10.13.1 kernel-rt_debug-devel-4.12.14-10.13.1 kernel-syms-rt-4.12.14-10.13.1 ocfs2-kmp-rt-4.12.14-10.13.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19462.html https://www.suse.com/security/cve/CVE-2019-20806.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20812.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2019-9455.html https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-10690.html https://www.suse.com/security/cve/CVE-2020-10711.html https://www.suse.com/security/cve/CVE-2020-10720.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10751.html https://www.suse.com/security/cve/CVE-2020-10757.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-11669.html https://www.suse.com/security/cve/CVE-2020-12114.html https://www.suse.com/security/cve/CVE-2020-12464.html https://www.suse.com/security/cve/CVE-2020-12652.html https://www.suse.com/security/cve/CVE-2020-12653.html https://www.suse.com/security/cve/CVE-2020-12654.html https://www.suse.com/security/cve/CVE-2020-12655.html https://www.suse.com/security/cve/CVE-2020-12656.html https://www.suse.com/security/cve/CVE-2020-12657.html https://www.suse.com/security/cve/CVE-2020-12659.html https://www.suse.com/security/cve/CVE-2020-12769.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13143.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1089895 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1124278 https://bugzilla.suse.com/1127354 https://bugzilla.suse.com/1127355 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1137325 https://bugzilla.suse.com/1141558 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1145929 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1151794 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1154824 https://bugzilla.suse.com/1157169 https://bugzilla.suse.com/1158265 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159037 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1159199 https://bugzilla.suse.com/1160388 https://bugzilla.suse.com/1160947 https://bugzilla.suse.com/1161016 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1163309 https://bugzilla.suse.com/1163403 https://bugzilla.suse.com/1163897 https://bugzilla.suse.com/1164284 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1164871 https://bugzilla.suse.com/1165183 https://bugzilla.suse.com/1165478 https://bugzilla.suse.com/1165741 https://bugzilla.suse.com/1166780 https://bugzilla.suse.com/1166860 https://bugzilla.suse.com/1166861 https://bugzilla.suse.com/1166862 https://bugzilla.suse.com/1166864 https://bugzilla.suse.com/1166866 https://bugzilla.suse.com/1166867 https://bugzilla.suse.com/1166868 https://bugzilla.suse.com/1166870 https://bugzilla.suse.com/1166940 https://bugzilla.suse.com/1166969 https://bugzilla.suse.com/1166978 https://bugzilla.suse.com/1166985 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1167288 https://bugzilla.suse.com/1167574 https://bugzilla.suse.com/1167851 https://bugzilla.suse.com/1167867 https://bugzilla.suse.com/1168081 https://bugzilla.suse.com/1168202 https://bugzilla.suse.com/1168332 https://bugzilla.suse.com/1168486 https://bugzilla.suse.com/1168503 https://bugzilla.suse.com/1168670 https://bugzilla.suse.com/1168760 https://bugzilla.suse.com/1168762 https://bugzilla.suse.com/1168763 https://bugzilla.suse.com/1168764 https://bugzilla.suse.com/1168765 https://bugzilla.suse.com/1168789 https://bugzilla.suse.com/1168881 https://bugzilla.suse.com/1168884 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169005 https://bugzilla.suse.com/1169013 https://bugzilla.suse.com/1169020 https://bugzilla.suse.com/1169057 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169390 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169525 https://bugzilla.suse.com/1169625 https://bugzilla.suse.com/1169762 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170056 https://bugzilla.suse.com/1170125 https://bugzilla.suse.com/1170145 https://bugzilla.suse.com/1170284 https://bugzilla.suse.com/1170345 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170457 https://bugzilla.suse.com/1170522 https://bugzilla.suse.com/1170592 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1170620 https://bugzilla.suse.com/1170621 https://bugzilla.suse.com/1170770 https://bugzilla.suse.com/1170778 https://bugzilla.suse.com/1170791 https://bugzilla.suse.com/1170901 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1171098 https://bugzilla.suse.com/1171118 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171189 https://bugzilla.suse.com/1171191 https://bugzilla.suse.com/1171195 https://bugzilla.suse.com/1171202 https://bugzilla.suse.com/1171205 https://bugzilla.suse.com/1171214 https://bugzilla.suse.com/1171217 https://bugzilla.suse.com/1171218 https://bugzilla.suse.com/1171219 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1171244 https://bugzilla.suse.com/1171293 https://bugzilla.suse.com/1171417 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171527 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171599 https://bugzilla.suse.com/1171600 https://bugzilla.suse.com/1171601 https://bugzilla.suse.com/1171602 https://bugzilla.suse.com/1171604 https://bugzilla.suse.com/1171605 https://bugzilla.suse.com/1171606 https://bugzilla.suse.com/1171607 https://bugzilla.suse.com/1171608 https://bugzilla.suse.com/1171609 https://bugzilla.suse.com/1171610 https://bugzilla.suse.com/1171611 https://bugzilla.suse.com/1171612 https://bugzilla.suse.com/1171613 https://bugzilla.suse.com/1171614 https://bugzilla.suse.com/1171615 https://bugzilla.suse.com/1171616 https://bugzilla.suse.com/1171617 https://bugzilla.suse.com/1171618 https://bugzilla.suse.com/1171619 https://bugzilla.suse.com/1171620 https://bugzilla.suse.com/1171621 https://bugzilla.suse.com/1171622 https://bugzilla.suse.com/1171623 https://bugzilla.suse.com/1171624 https://bugzilla.suse.com/1171625 https://bugzilla.suse.com/1171626 https://bugzilla.suse.com/1171662 https://bugzilla.suse.com/1171673 https://bugzilla.suse.com/1171679 https://bugzilla.suse.com/1171691 https://bugzilla.suse.com/1171692 https://bugzilla.suse.com/1171694 https://bugzilla.suse.com/1171695 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171736 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171753 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171761 https://bugzilla.suse.com/1171817 https://bugzilla.suse.com/1171835 https://bugzilla.suse.com/1171841 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1171948 https://bugzilla.suse.com/1171949 https://bugzilla.suse.com/1171951 https://bugzilla.suse.com/1171952 https://bugzilla.suse.com/1171979 https://bugzilla.suse.com/1171982 https://bugzilla.suse.com/1171983 https://bugzilla.suse.com/1172017 https://bugzilla.suse.com/1172096 https://bugzilla.suse.com/1172097 https://bugzilla.suse.com/1172098 https://bugzilla.suse.com/1172099 https://bugzilla.suse.com/1172101 https://bugzilla.suse.com/1172102 https://bugzilla.suse.com/1172103 https://bugzilla.suse.com/1172104 https://bugzilla.suse.com/1172127 https://bugzilla.suse.com/1172130 https://bugzilla.suse.com/1172185 https://bugzilla.suse.com/1172188 https://bugzilla.suse.com/1172199 https://bugzilla.suse.com/1172201 https://bugzilla.suse.com/1172202 https://bugzilla.suse.com/1172218 https://bugzilla.suse.com/1172221 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172249 https://bugzilla.suse.com/1172251 https://bugzilla.suse.com/1172253 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172317 https://bugzilla.suse.com/1172342 https://bugzilla.suse.com/1172343 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172366 https://bugzilla.suse.com/1172378 https://bugzilla.suse.com/1172391 https://bugzilla.suse.com/1172397 https://bugzilla.suse.com/1172453 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172472 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172537 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172770 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173146 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173462 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173857 https://bugzilla.suse.com/1174113 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174122 https://bugzilla.suse.com/1174123 https://bugzilla.suse.com/1174130 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174187 https://bugzilla.suse.com/1174296 From sle-updates at lists.suse.com Thu Sep 3 07:49:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:49:21 +0200 (CEST) Subject: SUSE-SU-2020:2477-1: moderate: Security update for php5 Message-ID: <20200903134921.00DA0F3D7@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2477-1 Rating: moderate References: #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php5 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2477=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.79.1 apache2-mod_php5-debuginfo-5.5.14-109.79.1 php5-5.5.14-109.79.1 php5-bcmath-5.5.14-109.79.1 php5-bcmath-debuginfo-5.5.14-109.79.1 php5-bz2-5.5.14-109.79.1 php5-bz2-debuginfo-5.5.14-109.79.1 php5-calendar-5.5.14-109.79.1 php5-calendar-debuginfo-5.5.14-109.79.1 php5-ctype-5.5.14-109.79.1 php5-ctype-debuginfo-5.5.14-109.79.1 php5-curl-5.5.14-109.79.1 php5-curl-debuginfo-5.5.14-109.79.1 php5-dba-5.5.14-109.79.1 php5-dba-debuginfo-5.5.14-109.79.1 php5-debuginfo-5.5.14-109.79.1 php5-debugsource-5.5.14-109.79.1 php5-dom-5.5.14-109.79.1 php5-dom-debuginfo-5.5.14-109.79.1 php5-enchant-5.5.14-109.79.1 php5-enchant-debuginfo-5.5.14-109.79.1 php5-exif-5.5.14-109.79.1 php5-exif-debuginfo-5.5.14-109.79.1 php5-fastcgi-5.5.14-109.79.1 php5-fastcgi-debuginfo-5.5.14-109.79.1 php5-fileinfo-5.5.14-109.79.1 php5-fileinfo-debuginfo-5.5.14-109.79.1 php5-fpm-5.5.14-109.79.1 php5-fpm-debuginfo-5.5.14-109.79.1 php5-ftp-5.5.14-109.79.1 php5-ftp-debuginfo-5.5.14-109.79.1 php5-gd-5.5.14-109.79.1 php5-gd-debuginfo-5.5.14-109.79.1 php5-gettext-5.5.14-109.79.1 php5-gettext-debuginfo-5.5.14-109.79.1 php5-gmp-5.5.14-109.79.1 php5-gmp-debuginfo-5.5.14-109.79.1 php5-iconv-5.5.14-109.79.1 php5-iconv-debuginfo-5.5.14-109.79.1 php5-imap-5.5.14-109.79.1 php5-imap-debuginfo-5.5.14-109.79.1 php5-intl-5.5.14-109.79.1 php5-intl-debuginfo-5.5.14-109.79.1 php5-json-5.5.14-109.79.1 php5-json-debuginfo-5.5.14-109.79.1 php5-ldap-5.5.14-109.79.1 php5-ldap-debuginfo-5.5.14-109.79.1 php5-mbstring-5.5.14-109.79.1 php5-mbstring-debuginfo-5.5.14-109.79.1 php5-mcrypt-5.5.14-109.79.1 php5-mcrypt-debuginfo-5.5.14-109.79.1 php5-mysql-5.5.14-109.79.1 php5-mysql-debuginfo-5.5.14-109.79.1 php5-odbc-5.5.14-109.79.1 php5-odbc-debuginfo-5.5.14-109.79.1 php5-opcache-5.5.14-109.79.1 php5-opcache-debuginfo-5.5.14-109.79.1 php5-openssl-5.5.14-109.79.1 php5-openssl-debuginfo-5.5.14-109.79.1 php5-pcntl-5.5.14-109.79.1 php5-pcntl-debuginfo-5.5.14-109.79.1 php5-pdo-5.5.14-109.79.1 php5-pdo-debuginfo-5.5.14-109.79.1 php5-pgsql-5.5.14-109.79.1 php5-pgsql-debuginfo-5.5.14-109.79.1 php5-phar-5.5.14-109.79.1 php5-phar-debuginfo-5.5.14-109.79.1 php5-posix-5.5.14-109.79.1 php5-posix-debuginfo-5.5.14-109.79.1 php5-pspell-5.5.14-109.79.1 php5-pspell-debuginfo-5.5.14-109.79.1 php5-shmop-5.5.14-109.79.1 php5-shmop-debuginfo-5.5.14-109.79.1 php5-snmp-5.5.14-109.79.1 php5-snmp-debuginfo-5.5.14-109.79.1 php5-soap-5.5.14-109.79.1 php5-soap-debuginfo-5.5.14-109.79.1 php5-sockets-5.5.14-109.79.1 php5-sockets-debuginfo-5.5.14-109.79.1 php5-sqlite-5.5.14-109.79.1 php5-sqlite-debuginfo-5.5.14-109.79.1 php5-suhosin-5.5.14-109.79.1 php5-suhosin-debuginfo-5.5.14-109.79.1 php5-sysvmsg-5.5.14-109.79.1 php5-sysvmsg-debuginfo-5.5.14-109.79.1 php5-sysvsem-5.5.14-109.79.1 php5-sysvsem-debuginfo-5.5.14-109.79.1 php5-sysvshm-5.5.14-109.79.1 php5-sysvshm-debuginfo-5.5.14-109.79.1 php5-tokenizer-5.5.14-109.79.1 php5-tokenizer-debuginfo-5.5.14-109.79.1 php5-wddx-5.5.14-109.79.1 php5-wddx-debuginfo-5.5.14-109.79.1 php5-xmlreader-5.5.14-109.79.1 php5-xmlreader-debuginfo-5.5.14-109.79.1 php5-xmlrpc-5.5.14-109.79.1 php5-xmlrpc-debuginfo-5.5.14-109.79.1 php5-xmlwriter-5.5.14-109.79.1 php5-xmlwriter-debuginfo-5.5.14-109.79.1 php5-xsl-5.5.14-109.79.1 php5-xsl-debuginfo-5.5.14-109.79.1 php5-zip-5.5.14-109.79.1 php5-zip-debuginfo-5.5.14-109.79.1 php5-zlib-5.5.14-109.79.1 php5-zlib-debuginfo-5.5.14-109.79.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.79.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Thu Sep 3 10:13:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 18:13:42 +0200 (CEST) Subject: SUSE-RU-2020:2479-1: moderate: Recommended update for crmsh Message-ID: <20200903161342.A0FA4F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2479-1 Rating: moderate References: #1175057 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fixes an issue by 'ssh_merge' function for compatibility. (bsc#1175057) - Adjust sbd config process to fix bug on sbd stage. (bsc#1175057) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2479=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.2.0+git.1598257562.570eb99d-5.12.1 crmsh-scripts-4.2.0+git.1598257562.570eb99d-5.12.1 References: https://bugzilla.suse.com/1175057 From sle-updates at lists.suse.com Thu Sep 3 10:14:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 18:14:31 +0200 (CEST) Subject: SUSE-RU-2020:2480-1: moderate: Recommended update for python-kiwi Message-ID: <20200903161431.0AC26F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2480-1 Rating: moderate References: #1174009 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issues: - Fix string formatting to match flake8 criteria - Skip filesystem check for XFS as it is not strictly necessary before resizing, and in some cases it may even prevent resizing by giving an error. (bsc#1174009) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2480=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kiwi-pxeboot-9.17.18-3.22.1 References: https://bugzilla.suse.com/1174009 From sle-updates at lists.suse.com Thu Sep 3 13:13:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 21:13:46 +0200 (CEST) Subject: SUSE-RU-2020:14485-1: moderate: Recommended update for openssl-certs Message-ID: <20200903191346.76C11F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-certs ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14485-1 Rating: moderate References: #1174673 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-certs fixes the following issues: - update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: - LuxTrust Global Root 2 - Staat der Nederlanden Root CA - G2 - Symantec Class 1 Public Primary Certification Authority - G4 - Symantec Class 2 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: - certSIGN Root CA G2 - e-Szigno Root CA 2017 - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssl-certs-14485=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-certs-14485=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): openssl-certs-2.42-0.7.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): openssl-certs-2.42-0.7.18.1 References: https://bugzilla.suse.com/1174673 From sle-updates at lists.suse.com Thu Sep 3 13:14:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 21:14:38 +0200 (CEST) Subject: SUSE-SU-2020:2482-1: moderate: Security update for java-1_7_1-ibm Message-ID: <20200903191438.DE323F794@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2482-1 Rating: moderate References: #1174157 #1175259 Cross-References: CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2482=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2482=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2482=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2482=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2482=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2482=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2482=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2482=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2482=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2482=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2482=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2482=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2482=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2482=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2482=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2482=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2482=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Enterprise Storage 5 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - HPE Helion Openstack 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 References: https://www.suse.com/security/cve/CVE-2019-17639.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14578.html https://www.suse.com/security/cve/CVE-2020-14579.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 https://bugzilla.suse.com/1175259 From sle-updates at lists.suse.com Thu Sep 3 13:15:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 21:15:38 +0200 (CEST) Subject: SUSE-SU-2020:2485-1: important: Security update for the Linux Kernel Message-ID: <20200903191538.0FA9EF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2485-1 Rating: important References: #1065600 #1065729 #1071995 #1085030 #1120163 #1133021 #1149032 #1152472 #1152489 #1154353 #1154492 #1155518 #1156395 #1159058 #1160634 #1167773 #1169790 #1171634 #1171688 #1172108 #1172197 #1172247 #1172418 #1172871 #1172963 #1173468 #1173485 #1173798 #1173813 #1173954 #1174002 #1174003 #1174026 #1174387 #1174484 #1174625 #1174645 #1174689 #1174699 #1174737 #1174757 #1174762 #1174770 #1174771 #1174777 #1174805 #1174824 #1174825 #1174852 #1174865 #1174880 #1174897 #1174906 #1174969 #1175009 #1175010 #1175011 #1175012 #1175013 #1175014 #1175015 #1175016 #1175017 #1175018 #1175019 #1175020 #1175021 #1175052 #1175112 #1175116 #1175128 #1175149 #1175175 #1175176 #1175180 #1175181 #1175182 #1175183 #1175184 #1175185 #1175186 #1175187 #1175188 #1175189 #1175190 #1175191 #1175192 #1175195 #1175199 #1175213 #1175232 #1175263 #1175284 #1175296 #1175344 #1175345 #1175346 #1175347 #1175367 #1175377 #1175440 #1175493 #1175546 #1175550 #1175654 #1175691 #1175768 #1175769 #1175770 #1175771 #1175772 #1175774 #1175775 #1175834 #1175873 Cross-References: CVE-2020-14314 CVE-2020-14356 CVE-2020-16166 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 112 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in ext4 (bsc#1173798). - CVE-2020-14356: Fixed a NULL pointer dereference in the cgroupv2 subsystem (bsc#1175213). - CVE-2020-16166: Fixed an information leak in the network RNG (bnc#1174757). The following non-security bugs were fixed: - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: atmel: Remove invalid "fall through" comments (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (git-fixes). - ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes). - ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes). - ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes). - ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes). - ALSA: echoaudio: Race conditions around "opencount" (git-fixes). - ALSA: echoaudio: Remove redundant check (git-fixes). - ALSA: echoaudio: re-enable IRQs on failure path (git-fixes). - ALSA: firewire: fix kernel-doc (git-fixes). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes). - ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes). - ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes). - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes). - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes). - ALSA: hda/realtek - Fix unused variable warning (git-fixes). - ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes). - ALSA: hda/tegra: Disable sync-write operation (git-fixes). - ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes). - ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: hda: avoid reset of sdo_limit (git-fixes). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes). - ALSA: isa/gus: remove 'set but not used' warning (git-fixes). - ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes). - ALSA: isa: fix spelling mistakes in the comments (git-fixes). - ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes). - ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes). - ALSA: pci/asihpi: fix kernel-doc (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes). - ALSA: pci/au88x0: remove "defined but not used" warnings (git-fixes). - ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes). - ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes). - ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes). - ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes). - ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes). - ALSA: pci/es1938: remove 'set but not used' warning (git-fixes). - ALSA: pci/fm801: fix kernel-doc (git-fixes). - ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes). - ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes). - ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes). - ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes). - ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes). - ALSA: seq: oss: Serialize ioctls (git-fixes). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes). - ALSA: usb-audio: Fix some typos (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes). - ALSA: usb-audio: add startech usb audio dock name (git-fixes). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (git-fixes). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb/line6: remove 'defined but not used' warning (git-fixes). - ALSA: vx_core: remove warning for empty loop body (git-fixes). - ALSA: xen: Remove superfluous fall through comments (git-fixes). - ALSA: xen: remove 'set but not used' warning (git-fixes). - ARM: percpu.h: fix build error (git-fixes). - ARM: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906). - ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes). - ASoC: SOF: nocodec: add missing .owner field (git-fixes). - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes). - ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes). - ASoC: meson: axg-tdmin: fix g12a skew (git-fixes). - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes). - ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes). - ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes). - ASoC: q6routing: add dummy register read/write function (git-fixes). - ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes). - Bluetooth: btusb: fix up firmware download sequence (git-fixes). - Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes). - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes). - Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes). - HID: alps: support devices with report id 2 (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes). - HID: input: Fix devices that return multiple bytes in battery report (git-fixes). - HID: steam: fixes race in handling device list (git-fixes). - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770). - Input: elan_i2c - only increment wakeup count on touch (git-fixes). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: Play nice with read-only memslots when querying host page size (bsc#1133021). - KVM: Reinstall old memslots if arch preparation fails (bsc#1133021). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190). - KVM: arm64: Correct PSTATE on exception entry (bsc#1133021). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021). - KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021). - KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021). - KVM: x86: Fix APIC page invalidation race (bsc#1133021). - Mark the SLE15-SP2 kernel properly released. There perhaps was a typo, when SUSE_KERNEL_RELEASED missed the trailing "D" - this leads to our kernels being marked as "Unreleased kernel". SUSE_KERNEL_RELEASED is defined in rpm/kernel-binary.spec.in. To fix that, it should be enough to switch from SUSE_KERNEL_RELEASE to SUSE_KERNEL_RELEASED. - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix runtime PM imbalance on error (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes). - RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix typo in enum name (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (git-fixes). - Revert "drm/amd/display: Expose connector VRR range via debugfs" (bsc#1152489) * refreshed for context changes - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (git-fixes). - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - appletalk: Fix atalk_proc_init() return path (git-fixes). - arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185). - arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906). - arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180). - arm64: cacheflush: Fix KGDB trap detection (bsc#1175188). - arm64: csum: Fix handling of bad packets (bsc#1175192). - arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016). - arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347). - arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346). - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345). - arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013). - arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012). - arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes). - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015). - arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards (none bsc#1175014). - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021). - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020). - arm64: dts: uDPU: fix broken ethernet (bsc#1175344). - arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011). - arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184). - arm64: hugetlb: avoid potential NULL dereference (bsc#1175183). - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186). - arm64: kexec_file: print appropriate variable (bsc#1175187). - arm64: kgdb: Fix single-step exception handling oops (bsc#1175191). - arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010). - arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009). - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017). - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018). - arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182). - arm64: vdso: do not free unallocated pages (bsc#1175181). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes). - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bdc: Fix bug causing crash after multiple disconnects (git-fixes). - bfq: fix blkio cgroup leakage v4 (bsc#1175775). - block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518). - bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518). - bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518). - bpfilter: Initialize pos variable (bsc#1155518). - bpfilter: fix up a sparse annotation (bsc#1155518). - bpfilter: reject kernel addresses (bsc#1155518). - bpfilter: switch to kernel_write (bsc#1155518). - brcmfmac: Set timeout value when configuring power save (bsc#1173468). - brcmfmac: To fix Bss Info flag definition Bug (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes). - btmrvl: Fix firmware filename for sd8977 chipset (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (git-fixes). - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263). - btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149). - btrfs: Remove leftover of in-band dedupe (bsc#1175149). - btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377). - btrfs: add helper to get the end offset of a file extent item (bsc#1175546). - btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: delete the ordered isize update code (bsc#1175377). - btrfs: do not set path->leave_spinning for truncate (bsc#1175377). - btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix lost i_size update after cloning inline extent (bsc#1175377). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix race between shrinking truncate and fiemap (bsc#1175377). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: introduce per-inode file extent tree (bsc#1175377). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: make full fsyncs always operate on the entire file again (bsc#1175546). - btrfs: make ranged full fsyncs more efficient (bsc#1175546). - btrfs: move extent_io_tree defs to their own header (bsc#1175377). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377). - btrfs: remove useless check for copy_items() return value (bsc#1175546). - btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377). - btrfs: separate out the extent io init function (bsc#1175377). - btrfs: separate out the extent leak code (bsc#1175377). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263). - btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377). - btrfs: use the file extent tree infrastructure (bsc#1175377). - cfg80211: check vendor command doit pointer before use (git-fixes). - clk: actions: Fix h_clk for Actions S500 SoC (git-fixes). - clk: at91: clk-generated: check best_rate against ranges (git-fixes). - clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes). - clk: at91: sam9x60-pll: check fcore against ranges (git-fixes). - clk: at91: sam9x60-pll: use logical or for range check (git-fixes). - clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes). - clk: at91: sckc: register slow_rc with accuracy option (git-fixes). - clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865). - clk: bcm63xx-gate: fix last clock availability (git-fixes). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes). - clk: iproc: round clock rate to the closest (git-fixes). - clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes). - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes). - clk: rockchip: Revert "fix wrong mmc sample phase shift for rk3328" (git-fixes). - clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes). - crc-t10dif: Fix potential crypto notify dead-lock (git-fixes). - crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes). - crypto: aesni - add compatibility with IAS (git-fixes). - crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: ccree - fix resource leak on error path (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (git-fixes). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes). - dmaengine: ioat setting ioat timeout as module parameter (git-fixes). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes). - docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.) - drbd: Remove uninitialized_var() usage (git-fixes). - driver core: Avoid binding drivers to dead devices (git-fixes). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes). - drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes). - drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes). - drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0 - drm/amdgpu/gfx10: fix race condition for kiq (git-fixes). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes). - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes). - drm/amdgpu: fix preemption unit test (git-fixes). - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes). - drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c - drm/debugfs: fix plain echo to connector "force" attribute (git-fixes). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes). - drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes). - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes). - drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737). - drm/i915/gt: Move new timelines to the end of active_list (git-fixes). - drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes). - drm/i915: Actually emit the await_start (bsc#1174737). - drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737). - drm/i915: Do not poison i915_request.link on removal (bsc#1174737). - drm/i915: Drop no-semaphore boosting (bsc#1174737). - drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737). - drm/i915: Flush execution tasklets before checking request status (bsc#1174737). - drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737). - drm/i915: Ignore submit-fences on the same timeline (bsc#1174737). - drm/i915: Improve the start alignment of bonded pairs (bsc#1174737). - drm/i915: Keep track of request among the scheduling lists (bsc#1174737). - drm/i915: Lock signaler timeline while navigating (bsc#1174737). - drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737). - drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737). - drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737). - drm/i915: Peel dma-fence-chains for await (bsc#1174737). - drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737). - drm/i915: Protect i915_request_await_start from early waits (bsc#1174737). - drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737). - drm/i915: Rely on direct submission to the queue (bsc#1174737). - drm/i915: Remove wait priority boosting (bsc#1174737). - drm/i915: Reorder await_execution before await_request (bsc#1174737). - drm/i915: Return early for await_start on same timeline (bsc#1174737). - drm/i915: Use EAGAIN for trylock failures (bsc#1174737). - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (git-fixes). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes). - drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (git-fixes). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes). - drm/radeon: disable AGP by default (git-fixes). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/stm: repair runtime power management (git-fixes). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes - drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes). - drm: hold gem reference until object is no longer accessed (git-fixes). - drm: msm: a6xx: fix gpu failure after system resume (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes). - enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28). - ext2: fix missing percpu_counter_inc (bsc#1175774). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not BUG on inconsistent journal feature (bsc#1171634). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins (git-fixes). - firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: Fix a reference count leak (git-fixes). - firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes). - firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes). - firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906). - firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906). - firmware: smccc: Add function to fetch SMCCC version (bsc#1174906). - firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906). - firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906). - firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906). - firmware: smccc: Update link to latest SMCCC specification (bsc#1174906). - firmware_loader: fix memory leak for paged buffer (bsc#1175367). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176). - fuse: fix weird page warning (bsc#1175175). - genetlink: remove genl_bind (networking-stable-20_07_17). - genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090). - genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090). - genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090). - gfs2: Another gfs2_find_jhead fix (bsc#1174824). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825). - go7007: add sanity checking for endpoints (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: arizona: put pm_runtime in case of failure (git-fixes). - gpio: max77620: Fix missing release of interrupt (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes). - hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes). - i2c: also convert placeholder function to return errno (git-fixes). - i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411). - i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411). - i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - i2c: iproc: fix race between client unreg and isr (git-fixes). - i2c: rcar: avoid race when unregistering slave (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes). - i2c: slave: add sanity check when unregistering (git-fixes). - i2c: slave: improve sanity check when registering (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ice: Clear and free XLT entries on reset (jsc#SLE-7926). - ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926). - ide: Remove uninitialized_var() usage (git-fixes). - igc: Fix PTP initialization (bsc#1160634). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ionic: unlock queue mutex in error path (bsc#1167773). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17). - ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1175195). - iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI workaround for enum cpuhp_state (git-fixes). - kABI workaround for struct kvm_device (git-fixes). Just change an variable to "const" type in kvm_device. - kABI workaround for struct kvm_vcpu_arch (git-fixes). Add a struct variable to the end of kvm_vcpu_arch and kvm_vcpu_arch is embedded into kvm_vcpu at the end. It is usually used by pointer and allocated dynamically, so this change should be fine even for external kvm module. - kABI/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - kABI/severities: ignore qla2xxx as all symbols are internal - kABI: genetlink: remove genl_bind (kabi). - kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645). - kernel.h: remove duplicate include of asm/div64.h (git-fixes). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: gpio: Fix semantic error (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: lm36274: fix use-after-free on unbind (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - locktorture: Print ratio of acquisitions, not failures (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix misplaced while instead of if (git-fixes). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: camss: fix memory leaks on error handling paths in probe (git-fixes). - media: cxusb-analog: fix V4L2 dependency (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes). - media: media-request: Fix crash if memory allocation fails (git-fixes). - media: nuvoton-cir: remove setting tx carrier functions (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes). - media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes). - media: sur40: Remove uninitialized_var() usage (git-fixes). - media: vpss: clean up resources in init (git-fixes). - media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mm: Fix protection usage propagation (bsc#1174002). - mm: filemap: clear idle flag for writes (bsc#1175769). - mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes). - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes). - mtd: rawnand: qcom: avoid write to unavailable register (git-fixes). - mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28). - mwifiex: Fix firmware filename for sd8977 chipset (git-fixes). - mwifiex: Fix firmware filename for sd8997 chipset (git-fixes). - mwifiex: Prevent memory corruption handling keys (git-fixes). - ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518). - net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518). - net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518). - net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17). - net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: Make missed_tx stat incremental (git-fixes). - net: ena: Make some functions static (bsc#1174852). - net: ena: Prevent reset after device destruction (git-fixes). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid memory access violation by validating req_id properly (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: fix continuous keep-alive resets (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: lan78xx: replace bogus endpoint lookup (git-fixes). - net: mvneta: fix use of state->speed (networking-stable-20_07_17). - net: phy: Check harder for errors in get_phy_id() (git-fixes). - net: phy: fix memory leak in device-create error path (git-fixes). - net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme-multipath: set bdi capabilities once (bsc#1159058). - nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058). - nvme-rdma: Add warning on state change failure at (bsc#1159058). - nvme-tcp: Add warning on state change failure at (bsc#1159058). - nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058). - nvme: Fix controller creation races with teardown flow (bsc#1159058). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058). - nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058). - nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058). - nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes). - nvme: always search for namespace head (bsc#1159058). - nvme: avoid an Identify Controller command for each namespace (bsc#1159058). - nvme: check namespace head shared property (bsc#1159058). - nvme: clean up nvme_scan_work (bsc#1159058). - nvme: cleanup namespace identifier reporting in (bsc#1159058). - nvme: consolidate chunk_sectors settings (bsc#1159058). - nvme: consolodate io settings (bsc#1159058). - nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058). - nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058). - nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058). - nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058). - nvme: fix identify error status silent ignore (git-fixes, bsc#1159058). - nvme: fix possible hang when ns scanning fails during error (bsc#1159058). - nvme: kABI fixes for nvme_ctrl (bsc#1159058). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058). - nvme: provide num dword helper (bsc#1159058). - nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058). - nvme: refine the Qemu Identify CNS quirk (bsc#1159058). - nvme: release ida resources (bsc#1159058). - nvme: release namespace head reference on error (bsc#1159058). - nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058). - nvme: remove unused parameter (bsc#1159058). - nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058). - nvme: revalidate after verifying identifiers (bsc#1159058). - nvme: revalidate namespace stream parameters (bsc#1159058). - nvme: unlink head after removing last namespace (bsc#1159058). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (git-fixes). - openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28). - phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes). - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes). - phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes). - platform/x86: ISST: Add new PCI device ids (git-fixes). - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395). - powerpc/iommu: Allow bypass-only for DMA (bsc#1156395). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - r8169: fix jumbo configuration for RTL8168evl (bsc#1175296). - r8169: fix jumbo packet handling on resume from suspend (bsc#1175296). - r8169: fix resume on cable plug-in (bsc#1175296). - r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296). - r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296). - r8169: read common register for PCI commit (bsc#1175296). - random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes). - random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes). - random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes). - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes). - rhashtable: Document the right function parameters (bsc#1174880). - rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880). - rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880). - rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880). - rhashtable: drop duplicated word in (bsc#1174880). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/modules.fips: * add ecdh_generic (boo#1173813) - rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtw88: fix LDPC field for RA info (git-fixes). - rtw88: fix short GI capability based on current bandwidth (git-fixes). - sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28). - sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: ipr: remove unneeded semicolon (jsc#SLE-13654). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes). - serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes). - serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes). - serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - serial: tegra: fix CREAD handling for PIO (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834). - soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116). - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes). - spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - spi: rockchip: Fix error in SPI slave pio read (git-fixes). - spi: spi-geni-qcom: Actually use our FIFO (git-fixes). - spi: spidev: Align buffers for DMA (git-fixes). - spi: stm32: fixes suspend/resume management (git-fixes). - staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging: rtl8712: handle firmware load failure (git-fixes). - staging: vchiq_arm: Add a matching unregister call (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes). - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - ubsan: check panic_on_warn (bsc#1174805). - uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762). - update upstream reference - usb: bdc: Halt controller on suspend (git-fixes). - usb: core: fix quirks_param_set() writing to a const pointer (git-fixes). - usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes). - usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes). - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (git-fixes). - usb: iowarrior: fix up report size handling for some devices (git-fixes). - usb: mtu3: clear dual mode of u3port when disable device (git-fixes). - usb: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - usb: serial: cp210x: re-enable auto-RTS on open (git-fixes). - usb: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - usb: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes). - watchdog: initialize device before misc_register (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - wl1251: fix always return 0 error (git-fixes). - x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes). - xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600). - xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645). - xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2485=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.15.1 kernel-azure-debuginfo-5.3.18-18.15.1 kernel-azure-debugsource-5.3.18-18.15.1 kernel-azure-devel-5.3.18-18.15.1 kernel-azure-devel-debuginfo-5.3.18-18.15.1 kernel-syms-azure-5.3.18-18.15.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.15.1 kernel-source-azure-5.3.18-18.15.1 References: https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-16166.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154492 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1171634 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172197 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173468 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173813 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174002 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174645 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174737 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174762 https://bugzilla.suse.com/1174770 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174777 https://bugzilla.suse.com/1174805 https://bugzilla.suse.com/1174824 https://bugzilla.suse.com/1174825 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174865 https://bugzilla.suse.com/1174880 https://bugzilla.suse.com/1174897 https://bugzilla.suse.com/1174906 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175009 https://bugzilla.suse.com/1175010 https://bugzilla.suse.com/1175011 https://bugzilla.suse.com/1175012 https://bugzilla.suse.com/1175013 https://bugzilla.suse.com/1175014 https://bugzilla.suse.com/1175015 https://bugzilla.suse.com/1175016 https://bugzilla.suse.com/1175017 https://bugzilla.suse.com/1175018 https://bugzilla.suse.com/1175019 https://bugzilla.suse.com/1175020 https://bugzilla.suse.com/1175021 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175116 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175175 https://bugzilla.suse.com/1175176 https://bugzilla.suse.com/1175180 https://bugzilla.suse.com/1175181 https://bugzilla.suse.com/1175182 https://bugzilla.suse.com/1175183 https://bugzilla.suse.com/1175184 https://bugzilla.suse.com/1175185 https://bugzilla.suse.com/1175186 https://bugzilla.suse.com/1175187 https://bugzilla.suse.com/1175188 https://bugzilla.suse.com/1175189 https://bugzilla.suse.com/1175190 https://bugzilla.suse.com/1175191 https://bugzilla.suse.com/1175192 https://bugzilla.suse.com/1175195 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175263 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175296 https://bugzilla.suse.com/1175344 https://bugzilla.suse.com/1175345 https://bugzilla.suse.com/1175346 https://bugzilla.suse.com/1175347 https://bugzilla.suse.com/1175367 https://bugzilla.suse.com/1175377 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175546 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175774 https://bugzilla.suse.com/1175775 https://bugzilla.suse.com/1175834 https://bugzilla.suse.com/1175873 From sle-updates at lists.suse.com Thu Sep 3 13:27:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 21:27:14 +0200 (CEST) Subject: SUSE-SU-2020:2481-1: important: Security update for xorg-x11-server Message-ID: <20200903192714.47946F794@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2481-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2481=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2481=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2481=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): xorg-x11-server-debuginfo-1.20.3-14.5.5.2 xorg-x11-server-debugsource-1.20.3-14.5.5.2 xorg-x11-server-wayland-1.20.3-14.5.5.2 xorg-x11-server-wayland-debuginfo-1.20.3-14.5.5.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-14.5.5.2 xorg-x11-server-debugsource-1.20.3-14.5.5.2 xorg-x11-server-sdk-1.20.3-14.5.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-14.5.5.2 xorg-x11-server-debuginfo-1.20.3-14.5.5.2 xorg-x11-server-debugsource-1.20.3-14.5.5.2 xorg-x11-server-extra-1.20.3-14.5.5.2 xorg-x11-server-extra-debuginfo-1.20.3-14.5.5.2 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Thu Sep 3 13:28:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 21:28:16 +0200 (CEST) Subject: SUSE-RU-2020:2484-1: moderate: Recommended update for libsoup Message-ID: <20200903192816.1AC8FF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsoup ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2484-1 Rating: moderate References: #1175207 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: libsoup was updated to ship libsoup-devel also to the LTSS channels (bsc#1175207). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2484=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2484=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2484=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2484=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2484=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2484=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2484=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2484=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2484=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2484=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2484=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2484=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2484=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2484=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2484=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2484=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2484=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE OpenStack Cloud 9 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE OpenStack Cloud 9 (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE OpenStack Cloud 8 (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE OpenStack Cloud 8 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE OpenStack Cloud 7 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Enterprise Storage 5 (x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Enterprise Storage 5 (noarch): libsoup-lang-2.62.2-5.9.1 - HPE Helion Openstack 8 (noarch): libsoup-lang-2.62.2-5.9.1 - HPE Helion Openstack 8 (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 References: https://bugzilla.suse.com/1175207 From sle-updates at lists.suse.com Thu Sep 3 16:13:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 00:13:31 +0200 (CEST) Subject: SUSE-SU-2020:2486-1: important: Security update for the Linux Kernel Message-ID: <20200903221331.5B95CF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2486-1 Rating: important References: #1065600 #1065729 #1071995 #1085030 #1120163 #1133021 #1149032 #1152472 #1152489 #1153274 #1154353 #1154488 #1154492 #1155518 #1156395 #1159058 #1160634 #1167773 #1169790 #1171634 #1171688 #1172108 #1172197 #1172247 #1172418 #1172871 #1172963 #1173468 #1173485 #1173798 #1173813 #1173954 #1174002 #1174003 #1174026 #1174205 #1174247 #1174362 #1174387 #1174484 #1174625 #1174645 #1174689 #1174699 #1174737 #1174757 #1174762 #1174770 #1174771 #1174777 #1174805 #1174824 #1174825 #1174852 #1174865 #1174880 #1174897 #1174906 #1174969 #1175009 #1175010 #1175011 #1175012 #1175013 #1175014 #1175015 #1175016 #1175017 #1175018 #1175019 #1175020 #1175021 #1175052 #1175112 #1175116 #1175128 #1175149 #1175175 #1175176 #1175180 #1175181 #1175182 #1175183 #1175184 #1175185 #1175186 #1175187 #1175188 #1175189 #1175190 #1175191 #1175192 #1175195 #1175199 #1175213 #1175232 #1175263 #1175284 #1175296 #1175344 #1175345 #1175346 #1175347 #1175367 #1175377 #1175440 #1175493 #1175546 #1175550 #1175654 #1175691 #1175768 #1175769 #1175770 #1175771 #1175772 #1175774 #1175775 #1175834 #1175873 Cross-References: CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-16166 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has 116 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in ext4 (bsc#1173798). - CVE-2020-14331: Fixed a missing check in scrollback handling (bsc#1174205 bsc#1174247). - CVE-2020-14356: Fixed a NULL pointer dereference in the cgroupv2 subsystem (bsc#1175213). - CVE-2020-16166: Fixed an information leak in the network RNG (bsc#1174757). The following non-security bugs were fixed: - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: atmel: Remove invalid "fall through" comments (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (git-fixes). - ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes). - ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes). - ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes). - ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes). - ALSA: echoaudio: Race conditions around "opencount" (git-fixes). - ALSA: echoaudio: re-enable IRQs on failure path (git-fixes). - ALSA: echoaudio: Remove redundant check (git-fixes). - ALSA: firewire: fix kernel-doc (git-fixes). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes). - ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes). - ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes). - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes). - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes). - ALSA: hda/realtek - Fix unused variable warning (git-fixes). - ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes). - ALSA: hda/tegra: Disable sync-write operation (git-fixes). - ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes). - ALSA: hda: avoid reset of sdo_limit (git-fixes). - ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: isa/gus: remove 'set but not used' warning (git-fixes). - ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes). - ALSA: isa: fix spelling mistakes in the comments (git-fixes). - ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes). - ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes). - ALSA: pci/asihpi: fix kernel-doc (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes). - ALSA: pci/au88x0: remove "defined but not used" warnings (git-fixes). - ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes). - ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes). - ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes). - ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes). - ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes). - ALSA: pci/es1938: remove 'set but not used' warning (git-fixes). - ALSA: pci/fm801: fix kernel-doc (git-fixes). - ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes). - ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes). - ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes). - ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes). - ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes). - ALSA: seq: oss: Serialize ioctls (git-fixes). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes). - ALSA: usb-audio: add startech usb audio dock name (git-fixes). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: Fix some typos (git-fixes). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (git-fixes). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb/line6: remove 'defined but not used' warning (git-fixes). - ALSA: vx_core: remove warning for empty loop body (git-fixes). - ALSA: xen: remove 'set but not used' warning (git-fixes). - ALSA: xen: Remove superfluous fall through comments (git-fixes). - appletalk: Fix atalk_proc_init() return path (git-fixes). - arm/arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906). - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906). - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180). - arm64: cacheflush: Fix KGDB trap detection (bsc#1175188). - arm64: csum: Fix handling of bad packets (bsc#1175192). - arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016). - arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347). - arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346). - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345). - arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013). - arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012). - arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes). - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021). - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020). - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015). - arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards (none bsc#1175014). - arm64: dts: uDPU: fix broken ethernet (bsc#1175344). - arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011). - arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185). - arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184). - arm64: hugetlb: avoid potential NULL dereference (bsc#1175183). - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186). - arm64: kexec_file: print appropriate variable (bsc#1175187). - arm64: kgdb: Fix single-step exception handling oops (bsc#1175191). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010). - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017). - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018). - arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009). - arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182). - arm64: vdso: do not free unallocated pages (bsc#1175181). - arm: percpu.h: fix build error (git-fixes). - arm: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906). - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes). - ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes). - ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes). - ASoC: meson: axg-tdmin: fix g12a skew (git-fixes). - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes). - ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes). - ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes). - ASoC: q6routing: add dummy register read/write function (git-fixes). - ASoC: SOF: nocodec: add missing .owner field (git-fixes). - ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix regression with Atheros 9271 (git-fixes). - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bdc: Fix bug causing crash after multiple disconnects (git-fixes). - bfq: fix blkio cgroup leakage v4 (bsc#1175775). - block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes). - Bluetooth: btusb: fix up firmware download sequence (git-fixes). - Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes). - Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518). - bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518). - bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518). - bpfilter: fix up a sparse annotation (bsc#1155518). - bpfilter: Initialize pos variable (bsc#1155518). - bpfilter: reject kernel addresses (bsc#1155518). - bpfilter: switch to kernel_write (bsc#1155518). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes). - brcmfmac: Set timeout value when configuring power save (bsc#1173468). - brcmfmac: To fix Bss Info flag definition Bug (git-fixes). - btmrvl: Fix firmware filename for sd8977 chipset (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (git-fixes). - btrfs: add helper to get the end offset of a file extent item (bsc#1175546). - btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: delete the ordered isize update code (bsc#1175377). - btrfs: do not set path->leave_spinning for truncate (bsc#1175377). - btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix lost i_size update after cloning inline extent (bsc#1175377). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix race between shrinking truncate and fiemap (bsc#1175377). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: introduce per-inode file extent tree (bsc#1175377). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: make full fsyncs always operate on the entire file again (bsc#1175546). - btrfs: make ranged full fsyncs more efficient (bsc#1175546). - btrfs: move extent_io_tree defs to their own header (bsc#1175377). - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149). - btrfs: Remove leftover of in-band dedupe (bsc#1175149). - btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377). - btrfs: remove useless check for copy_items() return value (bsc#1175546). - btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377). - btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377). - btrfs: separate out the extent io init function (bsc#1175377). - btrfs: separate out the extent leak code (bsc#1175377). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263). - btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377). - btrfs: use the file extent tree infrastructure (bsc#1175377). - cfg80211: check vendor command doit pointer before use (git-fixes). - clk: actions: Fix h_clk for Actions S500 SoC (git-fixes). - clk: at91: clk-generated: check best_rate against ranges (git-fixes). - clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes). - clk: at91: sam9x60-pll: check fcore against ranges (git-fixes). - clk: at91: sam9x60-pll: use logical or for range check (git-fixes). - clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes). - clk: at91: sckc: register slow_rc with accuracy option (git-fixes). - clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865). - clk: bcm63xx-gate: fix last clock availability (git-fixes). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes). - clk: iproc: round clock rate to the closest (git-fixes). - clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes). - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes). - clk: rockchip: Revert "fix wrong mmc sample phase shift for rk3328" (git-fixes). - clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes). - crc-t10dif: Fix potential crypto notify dead-lock (git-fixes). - crypto: aesni - add compatibility with IAS (git-fixes). - crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes). - crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: ccree - fix resource leak on error path (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (git-fixes). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes). - dmaengine: ioat setting ioat timeout as module parameter (git-fixes). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes). - docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.) - drbd: Remove uninitialized_var() usage (git-fixes). - driver core: Avoid binding drivers to dead devices (git-fixes). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes). - drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes). - drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472) - drm/amd/powerplay: fix a crash when overclocking Vega M (git-fixes). - drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes). - drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0 - drm/amdgpu/gfx10: fix race condition for kiq (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes). - drm/amdgpu: fix preemption unit test (git-fixes). - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes). - drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c - drm/debugfs: fix plain echo to connector "force" attribute (git-fixes). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes). - drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes). - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) * context changes - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes). - drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737). - drm/i915/gt: Move new timelines to the end of active_list (git-fixes). - drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) * context changes - drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes). - drm/i915: Actually emit the await_start (bsc#1174737). - drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737). - drm/i915: Do not poison i915_request.link on removal (bsc#1174737). - drm/i915: Drop no-semaphore boosting (bsc#1174737). - drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737). - drm/i915: Flush execution tasklets before checking request status (bsc#1174737). - drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737). - drm/i915: Ignore submit-fences on the same timeline (bsc#1174737). - drm/i915: Improve the start alignment of bonded pairs (bsc#1174737). - drm/i915: Keep track of request among the scheduling lists (bsc#1174737). - drm/i915: Lock signaler timeline while navigating (bsc#1174737). - drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737). - drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737). - drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737). - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) * context changes - drm/i915: Peel dma-fence-chains for await (bsc#1174737). - drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737). - drm/i915: Protect i915_request_await_start from early waits (bsc#1174737). - drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737). - drm/i915: Rely on direct submission to the queue (bsc#1174737). - drm/i915: Remove wait priority boosting (bsc#1174737). - drm/i915: Reorder await_execution before await_request (bsc#1174737). - drm/i915: Return early for await_start on same timeline (bsc#1174737). - drm/i915: Use EAGAIN for trylock failures (bsc#1174737). - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (git-fixes). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes). - drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (git-fixes). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm/radeon: disable AGP by default (git-fixes). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes). - drm/stm: repair runtime power management (git-fixes). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes - drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes). - drm: hold gem reference until object is no longer accessed (git-fixes). - drm: msm: a6xx: fix gpu failure after system resume (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes). - dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes). - enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28). - ext2: fix missing percpu_counter_inc (bsc#1175774). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: do not BUG on inconsistent journal feature (bsc#1171634). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins (git-fixes). - firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes). - firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes). - firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: Fix a reference count leak (git-fixes). - firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906). - firmware: smccc: Add function to fetch SMCCC version (bsc#1174906). - firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906). - firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906). - firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906). - firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906). - firmware: smccc: Update link to latest SMCCC specification (bsc#1174906). - firmware_loader: fix memory leak for paged buffer (bsc#1175367). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176). - fuse: fix weird page warning (bsc#1175175). - genetlink: remove genl_bind (networking-stable-20_07_17). - geneve: fix an uninitialized value in geneve_changelink() (git-fixes). - genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090). - genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090). - genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090). - gfs2: Another gfs2_find_jhead fix (bsc#1174824). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825). - go7007: add sanity checking for endpoints (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: arizona: put pm_runtime in case of failure (git-fixes). - gpio: max77620: Fix missing release of interrupt (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes). - habanalabs: increase timeout during reset (git-fixes). - HID: alps: support devices with report id 2 (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes). - HID: input: Fix devices that return multiple bytes in battery report (git-fixes). - HID: steam: fixes race in handling device list (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes). - i2c: also convert placeholder function to return errno (git-fixes). - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes). - i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411). - i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411). - i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - i2c: iproc: fix race between client unreg and isr (git-fixes). - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes). - i2c: rcar: avoid race when unregistering slave (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes). - i2c: slave: add sanity check when unregistering (git-fixes). - i2c: slave: improve sanity check when registering (git-fixes). - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes). - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes). - i40iw: Report correct firmware version (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (git-fixes). - IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes). - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes). - IB/hfi1: Ensure pq is not left on waitlist (git-fixes). - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes). - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes). - IB/mad: Fix use after free when destroying MAD agent (git-fixes). - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes). - IB/mlx5: Fix 50G per lane indication (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes). - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes). - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes). - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes). - IB/rdmavt: Delete unused routine (git-fixes). - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770). - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ice: Clear and free XLT entries on reset (jsc#SLE-7926). - ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926). - ide: Remove uninitialized_var() usage (git-fixes). - ieee802154: fix one possible memleak in adf7242_probe (git-fixes). - igc: Fix PTP initialization (bsc#1160634). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - Input: elan_i2c - only increment wakeup count on touch (git-fixes). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ionic: fix up filter locks and debug msgs (bsc#1167773). - ionic: keep rss hash after fw update (bsc#1167773). - ionic: unlock queue mutex in error path (bsc#1167773). - ionic: update filter id after replay (bsc#1167773). - ionic: use mutex to protect queue operations (bsc#1167773). - ionic: use offset for ethtool regs data (bsc#1167773). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17). - ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1175195). - iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI workaround for enum cpuhp_state (git-fixes). - kABI workaround for struct kvm_device (git-fixes). Just change an variable to "const" type in kvm_device. - kABI workaround for struct kvm_vcpu_arch (git-fixes). Add a struct variable to the end of kvm_vcpu_arch and kvm_vcpu_arch is embedded into kvm_vcpu at the end. It is usually used by pointer and allocated dynamically, so this change should be fine even for external kvm module. - kABI/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - kABI/severities: ignore qla2xxx as all symbols are internal - kABI: genetlink: remove genl_bind (kabi). - kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645). - kernel.h: remove duplicate include of asm/div64.h (git-fixes). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190). - KVM: arm64: Correct PSTATE on exception entry (bsc#1133021). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021). - KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021). - KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593). - KVM: Play nice with read-only memslots when querying host page size (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: Reinstall old memslots if arch preparation fails (bsc#1133021). - KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021). - KVM: x86: Fix APIC page invalidation race (bsc#1133021). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: gpio: Fix semantic error (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: lm36274: fix use-after-free on unbind (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - locktorture: Print ratio of acquisitions, not failures (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix misplaced while instead of if (git-fixes). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - Mark the SLE15-SP2 kernel properly released. There perhaps was a typo, when SUSE_KERNEL_RELEASED missed the trailing "D" - this leads to our kernels being marked as "Unreleased kernel". SUSE_KERNEL_RELEASED is defined in rpm/kernel-binary.spec.in. To fix that, it should be enough to switch from SUSE_KERNEL_RELEASE to SUSE_KERNEL_RELEASED. - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: camss: fix memory leaks on error handling paths in probe (git-fixes). - media: cxusb-analog: fix V4L2 dependency (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes). - media: media-request: Fix crash if memory allocation fails (git-fixes). - media: nuvoton-cir: remove setting tx carrier functions (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes). - media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes). - media: sur40: Remove uninitialized_var() usage (git-fixes). - media: vpss: clean up resources in init (git-fixes). - media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488). - mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm: Fix protection usage propagation (bsc#1174002). - mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes). - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes). - mtd: rawnand: qcom: avoid write to unavailable register (git-fixes). - mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28). - mwifiex: Fix firmware filename for sd8977 chipset (git-fixes). - mwifiex: Fix firmware filename for sd8997 chipset (git-fixes). - mwifiex: Prevent memory corruption handling keys (git-fixes). - ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518). - net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518). - net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518). - net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17). - net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid memory access violation by validating req_id properly (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: fix continuous keep-alive resets (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: Make missed_tx stat incremental (git-fixes). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: Prevent reset after device destruction (git-fixes). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: hns3: fix error handling for desc filling (git-fixes). - net: hns3: fix for not calculating TX BD send size correctly (git-fixes). - net: hns3: fix return value error when query MAC link status fail (git-fixes). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: lan78xx: replace bogus endpoint lookup (git-fixes). - net: mvneta: fix use of state->speed (networking-stable-20_07_17). - net: phy: Check harder for errors in get_phy_id() (git-fixes). - net: phy: fix memory leak in device-create error path (git-fixes). - net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17). - netdevsim: fix unbalaced locking in nsim_create() (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - ntb: Fix static check warning in perf_clear_test (git-fixes). - ntb: Fix the default port and peer numbers for legacy drivers (git-fixes). - ntb: hw: remove the code that sets the DMA mask (git-fixes). - ntb: ntb_pingpong: Choose doorbells based on port number (git-fixes). - ntb: ntb_test: Fix bug when counting remote files (git-fixes). - ntb: ntb_tool: reading the link file should not end in a NULL byte (git-fixes). - ntb: perf: Do not require one more memory window than number of peers (git-fixes). - ntb: perf: Fix race condition when run with ntb_test (git-fixes). - ntb: perf: Fix support for hardware that does not have port numbers (git-fixes). - ntb: Revert the change to use the NTB device dev for DMA allocations (git-fixes). - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes). - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme-multipath: set bdi capabilities once (bsc#1159058). - nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058). - nvme-rdma: Add warning on state change failure at (bsc#1159058). - nvme-tcp: Add warning on state change failure at (bsc#1159058). - nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058). - nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes). - nvme: always search for namespace head (bsc#1159058). - nvme: avoid an Identify Controller command for each namespace (bsc#1159058). - nvme: check namespace head shared property (bsc#1159058). - nvme: clean up nvme_scan_work (bsc#1159058). - nvme: cleanup namespace identifier reporting in (bsc#1159058). - nvme: consolidate chunk_sectors settings (bsc#1159058). - nvme: consolodate io settings (bsc#1159058). - nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058). - nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058). - nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058). - nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058). - nvme: Fix controller creation races with teardown flow (bsc#1159058). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058). - nvme: fix identify error status silent ignore (git-fixes, bsc#1159058). - nvme: fix possible hang when ns scanning fails during error (bsc#1159058). - nvme: kABI fixes for nvme_ctrl (bsc#1159058). - nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058). - nvme: provide num dword helper (bsc#1159058). - nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058). - nvme: refine the Qemu Identify CNS quirk (bsc#1159058). - nvme: release ida resources (bsc#1159058). - nvme: release namespace head reference on error (bsc#1159058). - nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058). - nvme: remove unused parameter (bsc#1159058). - nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058). - nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058). - nvme: revalidate after verifying identifiers (bsc#1159058). - nvme: revalidate namespace stream parameters (bsc#1159058). - nvme: unlink head after removing last namespace (bsc#1159058). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (git-fixes). - openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix runtime PM imbalance on error (git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes). - phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes). - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes). - phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes). - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: ISST: Add new PCI device ids (git-fixes). - PM: wakeup: Show statistics for deleted wakeup sources again (git-fixes). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395). - powerpc/iommu: Allow bypass-only for DMA (bsc#1156395). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - qed: suppress "do not support RoCE & iWARP" flooding on HW init (git-fixes). - qed: suppress false-positives interrupt error messages on HW init (git-fixes). - r8169: fix jumbo configuration for RTL8168evl (bsc#1175296). - r8169: fix jumbo packet handling on resume from suspend (bsc#1175296). - r8169: fix resume on cable plug-in (bsc#1175296). - r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296). - r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296). - r8169: read common register for PCI commit (bsc#1175296). - random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes). - random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes). - random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes). - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes). - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes). - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes). - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes). - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes). - RDMA/cm: Remove a race freeing timewait_info (git-fixes). - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes). - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes). - RDMA/core: Fix double destruction of uobject (git-fixes). - RDMA/core: Fix double put of resource (git-fixes). - RDMA/core: Fix missing error check on dev_set_name() (git-fixes). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes). - RDMA/core: Fix race between destroy and release FD object (git-fixes). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes). - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes). - RDMA/counter: Query a counter before release (git-fixes). - RDMA/efa: Set maximum pkeys device attribute (git-fixes). - RDMA/hns: Bugfix for querying qkey (git-fixes). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes). - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes). - RDMA/iwcm: Fix iwcm work deallocation (git-fixes). - RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes). - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes). - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes). - RDMA/mlx5: Add init2init as a modify command (git-fixes). - RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446). - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes). - RDMA/mlx5: Fix typo in enum name (git-fixes). - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes). - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes). - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes). - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes). - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes). - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes). - RDMA/rxe: Set default vendor ID (git-fixes). - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes). - RDMA/siw: Fix failure handling during device creation (git-fixes). - RDMA/siw: Fix passive connection establishment (git-fixes). - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes). - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes). - RDMA/siw: Fix reporting vendor_part_id (git-fixes). - RDMA/siw: Fix setting active_mtu attribute (git-fixes). - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes). - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes). - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - remoteproc: qcom: q6v5: Update running state before requesting stop (git-fixes). - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes). - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (git-fixes). - Revert "drm/amd/display: Expose connector VRR range via debugfs" (bsc#1152489) * refreshed for context changes - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (git-fixes). - Revert "i2c: cadence: Fix the hold bit setting" (git-fixes). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (git-fixes). - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - rhashtable: Document the right function parameters (bsc#1174880). - rhashtable: drop duplicated word in (bsc#1174880). - rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880). - rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880). - rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/modules.fips: * add ecdh_generic (boo#1173813) - rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - rtw88: fix LDPC field for RA info (git-fixes). - rtw88: fix short GI capability based on current bandwidth (git-fixes). - sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28). - sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: remove unneeded semicolon (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes). - serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes). - serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes). - serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - serial: tegra: fix CREAD handling for PIO (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834). - soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116). - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes). - spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - spi: rockchip: Fix error in SPI slave pio read (git-fixes). - spi: spi-geni-qcom: Actually use our FIFO (git-fixes). - spi: spidev: Align buffers for DMA (git-fixes). - spi: stm32: fixes suspend/resume management (git-fixes). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging: rtl8712: handle firmware load failure (git-fixes). - staging: vchiq_arm: Add a matching unregister call (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes). - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes). - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - ubsan: check panic_on_warn (bsc#1174805). - uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762). - update upstream reference - usb: bdc: Halt controller on suspend (git-fixes). - usb: core: fix quirks_param_set() writing to a const pointer (git-fixes). - usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes). - usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes). - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: iowarrior: fix up report size handling for some devices (git-fixes). - usb: mtu3: clear dual mode of u3port when disable device (git-fixes). - usb: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - usb: serial: cp210x: re-enable auto-RTS on open (git-fixes). - usb: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - usb: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: tegra: Fix allocation for the FPCI context (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes). - watchdog: initialize device before misc_register (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - wl1251: fix always return 0 error (git-fixes). - x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes). - xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600). - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645). - xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645). - xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2486=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 kernel-default-livepatch-5.3.18-24.12.1 kernel-default-livepatch-devel-5.3.18-24.12.1 kernel-livepatch-5_3_18-24_12-default-1-5.3.1 kernel-livepatch-5_3_18-24_12-default-debuginfo-1-5.3.1 kernel-livepatch-SLE15-SP2_Update_2-debugsource-1-5.3.1 References: https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-16166.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154488 https://bugzilla.suse.com/1154492 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1171634 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172197 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173468 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173813 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174002 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174247 https://bugzilla.suse.com/1174362 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174645 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174737 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174762 https://bugzilla.suse.com/1174770 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174777 https://bugzilla.suse.com/1174805 https://bugzilla.suse.com/1174824 https://bugzilla.suse.com/1174825 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174865 https://bugzilla.suse.com/1174880 https://bugzilla.suse.com/1174897 https://bugzilla.suse.com/1174906 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175009 https://bugzilla.suse.com/1175010 https://bugzilla.suse.com/1175011 https://bugzilla.suse.com/1175012 https://bugzilla.suse.com/1175013 https://bugzilla.suse.com/1175014 https://bugzilla.suse.com/1175015 https://bugzilla.suse.com/1175016 https://bugzilla.suse.com/1175017 https://bugzilla.suse.com/1175018 https://bugzilla.suse.com/1175019 https://bugzilla.suse.com/1175020 https://bugzilla.suse.com/1175021 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175116 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175175 https://bugzilla.suse.com/1175176 https://bugzilla.suse.com/1175180 https://bugzilla.suse.com/1175181 https://bugzilla.suse.com/1175182 https://bugzilla.suse.com/1175183 https://bugzilla.suse.com/1175184 https://bugzilla.suse.com/1175185 https://bugzilla.suse.com/1175186 https://bugzilla.suse.com/1175187 https://bugzilla.suse.com/1175188 https://bugzilla.suse.com/1175189 https://bugzilla.suse.com/1175190 https://bugzilla.suse.com/1175191 https://bugzilla.suse.com/1175192 https://bugzilla.suse.com/1175195 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175263 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175296 https://bugzilla.suse.com/1175344 https://bugzilla.suse.com/1175345 https://bugzilla.suse.com/1175346 https://bugzilla.suse.com/1175347 https://bugzilla.suse.com/1175367 https://bugzilla.suse.com/1175377 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175546 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175774 https://bugzilla.suse.com/1175775 https://bugzilla.suse.com/1175834 https://bugzilla.suse.com/1175873 From sle-updates at lists.suse.com Thu Sep 3 16:25:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 00:25:32 +0200 (CEST) Subject: SUSE-SU-2020:2486-1: important: Security update for the Linux Kernel Message-ID: <20200903222532.E75D0F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2486-1 Rating: important References: #1065600 #1065729 #1071995 #1085030 #1120163 #1133021 #1149032 #1152472 #1152489 #1153274 #1154353 #1154488 #1154492 #1155518 #1156395 #1159058 #1160634 #1167773 #1169790 #1171634 #1171688 #1172108 #1172197 #1172247 #1172418 #1172871 #1172963 #1173468 #1173485 #1173798 #1173813 #1173954 #1174002 #1174003 #1174026 #1174205 #1174247 #1174362 #1174387 #1174484 #1174625 #1174645 #1174689 #1174699 #1174737 #1174757 #1174762 #1174770 #1174771 #1174777 #1174805 #1174824 #1174825 #1174852 #1174865 #1174880 #1174897 #1174906 #1174969 #1175009 #1175010 #1175011 #1175012 #1175013 #1175014 #1175015 #1175016 #1175017 #1175018 #1175019 #1175020 #1175021 #1175052 #1175112 #1175116 #1175128 #1175149 #1175175 #1175176 #1175180 #1175181 #1175182 #1175183 #1175184 #1175185 #1175186 #1175187 #1175188 #1175189 #1175190 #1175191 #1175192 #1175195 #1175199 #1175213 #1175232 #1175263 #1175284 #1175296 #1175344 #1175345 #1175346 #1175347 #1175367 #1175377 #1175440 #1175493 #1175546 #1175550 #1175654 #1175691 #1175768 #1175769 #1175770 #1175771 #1175772 #1175774 #1175775 #1175834 #1175873 Cross-References: CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-16166 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has 116 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in ext4 (bsc#1173798). - CVE-2020-14331: Fixed a missing check in scrollback handling (bsc#1174205 bsc#1174247). - CVE-2020-14356: Fixed a NULL pointer dereference in the cgroupv2 subsystem (bsc#1175213). - CVE-2020-16166: Fixed an information leak in the network RNG (bsc#1174757). The following non-security bugs were fixed: - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: atmel: Remove invalid "fall through" comments (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (git-fixes). - ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes). - ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes). - ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes). - ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes). - ALSA: echoaudio: Race conditions around "opencount" (git-fixes). - ALSA: echoaudio: re-enable IRQs on failure path (git-fixes). - ALSA: echoaudio: Remove redundant check (git-fixes). - ALSA: firewire: fix kernel-doc (git-fixes). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes). - ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes). - ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes). - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes). - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes). - ALSA: hda/realtek - Fix unused variable warning (git-fixes). - ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes). - ALSA: hda/tegra: Disable sync-write operation (git-fixes). - ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes). - ALSA: hda: avoid reset of sdo_limit (git-fixes). - ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: isa/gus: remove 'set but not used' warning (git-fixes). - ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes). - ALSA: isa: fix spelling mistakes in the comments (git-fixes). - ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes). - ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes). - ALSA: pci/asihpi: fix kernel-doc (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes). - ALSA: pci/au88x0: remove "defined but not used" warnings (git-fixes). - ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes). - ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes). - ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes). - ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes). - ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes). - ALSA: pci/es1938: remove 'set but not used' warning (git-fixes). - ALSA: pci/fm801: fix kernel-doc (git-fixes). - ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes). - ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes). - ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes). - ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes). - ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes). - ALSA: seq: oss: Serialize ioctls (git-fixes). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes). - ALSA: usb-audio: add startech usb audio dock name (git-fixes). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: Fix some typos (git-fixes). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (git-fixes). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb/line6: remove 'defined but not used' warning (git-fixes). - ALSA: vx_core: remove warning for empty loop body (git-fixes). - ALSA: xen: remove 'set but not used' warning (git-fixes). - ALSA: xen: Remove superfluous fall through comments (git-fixes). - appletalk: Fix atalk_proc_init() return path (git-fixes). - arm/arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906). - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906). - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180). - arm64: cacheflush: Fix KGDB trap detection (bsc#1175188). - arm64: csum: Fix handling of bad packets (bsc#1175192). - arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016). - arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347). - arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346). - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345). - arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013). - arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012). - arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes). - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021). - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020). - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015). - arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards (none bsc#1175014). - arm64: dts: uDPU: fix broken ethernet (bsc#1175344). - arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011). - arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185). - arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184). - arm64: hugetlb: avoid potential NULL dereference (bsc#1175183). - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186). - arm64: kexec_file: print appropriate variable (bsc#1175187). - arm64: kgdb: Fix single-step exception handling oops (bsc#1175191). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010). - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017). - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018). - arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009). - arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182). - arm64: vdso: do not free unallocated pages (bsc#1175181). - arm: percpu.h: fix build error (git-fixes). - arm: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906). - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes). - ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes). - ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes). - ASoC: meson: axg-tdmin: fix g12a skew (git-fixes). - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes). - ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes). - ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes). - ASoC: q6routing: add dummy register read/write function (git-fixes). - ASoC: SOF: nocodec: add missing .owner field (git-fixes). - ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix regression with Atheros 9271 (git-fixes). - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bdc: Fix bug causing crash after multiple disconnects (git-fixes). - bfq: fix blkio cgroup leakage v4 (bsc#1175775). - block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes). - Bluetooth: btusb: fix up firmware download sequence (git-fixes). - Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes). - Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518). - bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518). - bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518). - bpfilter: fix up a sparse annotation (bsc#1155518). - bpfilter: Initialize pos variable (bsc#1155518). - bpfilter: reject kernel addresses (bsc#1155518). - bpfilter: switch to kernel_write (bsc#1155518). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes). - brcmfmac: Set timeout value when configuring power save (bsc#1173468). - brcmfmac: To fix Bss Info flag definition Bug (git-fixes). - btmrvl: Fix firmware filename for sd8977 chipset (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (git-fixes). - btrfs: add helper to get the end offset of a file extent item (bsc#1175546). - btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: delete the ordered isize update code (bsc#1175377). - btrfs: do not set path->leave_spinning for truncate (bsc#1175377). - btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix lost i_size update after cloning inline extent (bsc#1175377). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix race between shrinking truncate and fiemap (bsc#1175377). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: introduce per-inode file extent tree (bsc#1175377). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: make full fsyncs always operate on the entire file again (bsc#1175546). - btrfs: make ranged full fsyncs more efficient (bsc#1175546). - btrfs: move extent_io_tree defs to their own header (bsc#1175377). - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149). - btrfs: Remove leftover of in-band dedupe (bsc#1175149). - btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377). - btrfs: remove useless check for copy_items() return value (bsc#1175546). - btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377). - btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377). - btrfs: separate out the extent io init function (bsc#1175377). - btrfs: separate out the extent leak code (bsc#1175377). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263). - btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377). - btrfs: use the file extent tree infrastructure (bsc#1175377). - cfg80211: check vendor command doit pointer before use (git-fixes). - clk: actions: Fix h_clk for Actions S500 SoC (git-fixes). - clk: at91: clk-generated: check best_rate against ranges (git-fixes). - clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes). - clk: at91: sam9x60-pll: check fcore against ranges (git-fixes). - clk: at91: sam9x60-pll: use logical or for range check (git-fixes). - clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes). - clk: at91: sckc: register slow_rc with accuracy option (git-fixes). - clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865). - clk: bcm63xx-gate: fix last clock availability (git-fixes). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes). - clk: iproc: round clock rate to the closest (git-fixes). - clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes). - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes). - clk: rockchip: Revert "fix wrong mmc sample phase shift for rk3328" (git-fixes). - clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes). - crc-t10dif: Fix potential crypto notify dead-lock (git-fixes). - crypto: aesni - add compatibility with IAS (git-fixes). - crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes). - crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: ccree - fix resource leak on error path (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (git-fixes). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes). - dmaengine: ioat setting ioat timeout as module parameter (git-fixes). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes). - docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.) - drbd: Remove uninitialized_var() usage (git-fixes). - driver core: Avoid binding drivers to dead devices (git-fixes). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes). - drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes). - drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472) - drm/amd/powerplay: fix a crash when overclocking Vega M (git-fixes). - drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes). - drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0 - drm/amdgpu/gfx10: fix race condition for kiq (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes). - drm/amdgpu: fix preemption unit test (git-fixes). - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes). - drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c - drm/debugfs: fix plain echo to connector "force" attribute (git-fixes). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes). - drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes). - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) * context changes - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes). - drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737). - drm/i915/gt: Move new timelines to the end of active_list (git-fixes). - drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) * context changes - drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes). - drm/i915: Actually emit the await_start (bsc#1174737). - drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737). - drm/i915: Do not poison i915_request.link on removal (bsc#1174737). - drm/i915: Drop no-semaphore boosting (bsc#1174737). - drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737). - drm/i915: Flush execution tasklets before checking request status (bsc#1174737). - drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737). - drm/i915: Ignore submit-fences on the same timeline (bsc#1174737). - drm/i915: Improve the start alignment of bonded pairs (bsc#1174737). - drm/i915: Keep track of request among the scheduling lists (bsc#1174737). - drm/i915: Lock signaler timeline while navigating (bsc#1174737). - drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737). - drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737). - drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737). - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) * context changes - drm/i915: Peel dma-fence-chains for await (bsc#1174737). - drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737). - drm/i915: Protect i915_request_await_start from early waits (bsc#1174737). - drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737). - drm/i915: Rely on direct submission to the queue (bsc#1174737). - drm/i915: Remove wait priority boosting (bsc#1174737). - drm/i915: Reorder await_execution before await_request (bsc#1174737). - drm/i915: Return early for await_start on same timeline (bsc#1174737). - drm/i915: Use EAGAIN for trylock failures (bsc#1174737). - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (git-fixes). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes). - drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (git-fixes). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm/radeon: disable AGP by default (git-fixes). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes). - drm/stm: repair runtime power management (git-fixes). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes - drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes). - drm: hold gem reference until object is no longer accessed (git-fixes). - drm: msm: a6xx: fix gpu failure after system resume (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes). - dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes). - enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28). - ext2: fix missing percpu_counter_inc (bsc#1175774). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: do not BUG on inconsistent journal feature (bsc#1171634). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins (git-fixes). - firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes). - firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes). - firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: Fix a reference count leak (git-fixes). - firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906). - firmware: smccc: Add function to fetch SMCCC version (bsc#1174906). - firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906). - firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906). - firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906). - firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906). - firmware: smccc: Update link to latest SMCCC specification (bsc#1174906). - firmware_loader: fix memory leak for paged buffer (bsc#1175367). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176). - fuse: fix weird page warning (bsc#1175175). - genetlink: remove genl_bind (networking-stable-20_07_17). - geneve: fix an uninitialized value in geneve_changelink() (git-fixes). - genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090). - genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090). - genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090). - gfs2: Another gfs2_find_jhead fix (bsc#1174824). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825). - go7007: add sanity checking for endpoints (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: arizona: put pm_runtime in case of failure (git-fixes). - gpio: max77620: Fix missing release of interrupt (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes). - habanalabs: increase timeout during reset (git-fixes). - HID: alps: support devices with report id 2 (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes). - HID: input: Fix devices that return multiple bytes in battery report (git-fixes). - HID: steam: fixes race in handling device list (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes). - i2c: also convert placeholder function to return errno (git-fixes). - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes). - i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411). - i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411). - i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - i2c: iproc: fix race between client unreg and isr (git-fixes). - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes). - i2c: rcar: avoid race when unregistering slave (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes). - i2c: slave: add sanity check when unregistering (git-fixes). - i2c: slave: improve sanity check when registering (git-fixes). - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes). - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes). - i40iw: Report correct firmware version (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (git-fixes). - IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes). - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes). - IB/hfi1: Ensure pq is not left on waitlist (git-fixes). - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes). - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes). - IB/mad: Fix use after free when destroying MAD agent (git-fixes). - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes). - IB/mlx5: Fix 50G per lane indication (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes). - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes). - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes). - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes). - IB/rdmavt: Delete unused routine (git-fixes). - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770). - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ice: Clear and free XLT entries on reset (jsc#SLE-7926). - ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926). - ide: Remove uninitialized_var() usage (git-fixes). - ieee802154: fix one possible memleak in adf7242_probe (git-fixes). - igc: Fix PTP initialization (bsc#1160634). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - Input: elan_i2c - only increment wakeup count on touch (git-fixes). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ionic: fix up filter locks and debug msgs (bsc#1167773). - ionic: keep rss hash after fw update (bsc#1167773). - ionic: unlock queue mutex in error path (bsc#1167773). - ionic: update filter id after replay (bsc#1167773). - ionic: use mutex to protect queue operations (bsc#1167773). - ionic: use offset for ethtool regs data (bsc#1167773). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17). - ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1175195). - iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI workaround for enum cpuhp_state (git-fixes). - kABI workaround for struct kvm_device (git-fixes). Just change an variable to "const" type in kvm_device. - kABI workaround for struct kvm_vcpu_arch (git-fixes). Add a struct variable to the end of kvm_vcpu_arch and kvm_vcpu_arch is embedded into kvm_vcpu at the end. It is usually used by pointer and allocated dynamically, so this change should be fine even for external kvm module. - kABI/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - kABI/severities: ignore qla2xxx as all symbols are internal - kABI: genetlink: remove genl_bind (kabi). - kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645). - kernel.h: remove duplicate include of asm/div64.h (git-fixes). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190). - KVM: arm64: Correct PSTATE on exception entry (bsc#1133021). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021). - KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021). - KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593). - KVM: Play nice with read-only memslots when querying host page size (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: Reinstall old memslots if arch preparation fails (bsc#1133021). - KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021). - KVM: x86: Fix APIC page invalidation race (bsc#1133021). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: gpio: Fix semantic error (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: lm36274: fix use-after-free on unbind (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - locktorture: Print ratio of acquisitions, not failures (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix misplaced while instead of if (git-fixes). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - Mark the SLE15-SP2 kernel properly released. There perhaps was a typo, when SUSE_KERNEL_RELEASED missed the trailing "D" - this leads to our kernels being marked as "Unreleased kernel". SUSE_KERNEL_RELEASED is defined in rpm/kernel-binary.spec.in. To fix that, it should be enough to switch from SUSE_KERNEL_RELEASE to SUSE_KERNEL_RELEASED. - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: camss: fix memory leaks on error handling paths in probe (git-fixes). - media: cxusb-analog: fix V4L2 dependency (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes). - media: media-request: Fix crash if memory allocation fails (git-fixes). - media: nuvoton-cir: remove setting tx carrier functions (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes). - media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes). - media: sur40: Remove uninitialized_var() usage (git-fixes). - media: vpss: clean up resources in init (git-fixes). - media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488). - mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm: Fix protection usage propagation (bsc#1174002). - mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes). - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes). - mtd: rawnand: qcom: avoid write to unavailable register (git-fixes). - mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28). - mwifiex: Fix firmware filename for sd8977 chipset (git-fixes). - mwifiex: Fix firmware filename for sd8997 chipset (git-fixes). - mwifiex: Prevent memory corruption handling keys (git-fixes). - ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518). - net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518). - net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518). - net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17). - net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid memory access violation by validating req_id properly (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: fix continuous keep-alive resets (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: Make missed_tx stat incremental (git-fixes). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: Prevent reset after device destruction (git-fixes). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: hns3: fix error handling for desc filling (git-fixes). - net: hns3: fix for not calculating TX BD send size correctly (git-fixes). - net: hns3: fix return value error when query MAC link status fail (git-fixes). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: lan78xx: replace bogus endpoint lookup (git-fixes). - net: mvneta: fix use of state->speed (networking-stable-20_07_17). - net: phy: Check harder for errors in get_phy_id() (git-fixes). - net: phy: fix memory leak in device-create error path (git-fixes). - net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17). - netdevsim: fix unbalaced locking in nsim_create() (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - ntb: Fix static check warning in perf_clear_test (git-fixes). - ntb: Fix the default port and peer numbers for legacy drivers (git-fixes). - ntb: hw: remove the code that sets the DMA mask (git-fixes). - ntb: ntb_pingpong: Choose doorbells based on port number (git-fixes). - ntb: ntb_test: Fix bug when counting remote files (git-fixes). - ntb: ntb_tool: reading the link file should not end in a NULL byte (git-fixes). - ntb: perf: Do not require one more memory window than number of peers (git-fixes). - ntb: perf: Fix race condition when run with ntb_test (git-fixes). - ntb: perf: Fix support for hardware that does not have port numbers (git-fixes). - ntb: Revert the change to use the NTB device dev for DMA allocations (git-fixes). - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes). - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme-multipath: set bdi capabilities once (bsc#1159058). - nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058). - nvme-rdma: Add warning on state change failure at (bsc#1159058). - nvme-tcp: Add warning on state change failure at (bsc#1159058). - nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058). - nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes). - nvme: always search for namespace head (bsc#1159058). - nvme: avoid an Identify Controller command for each namespace (bsc#1159058). - nvme: check namespace head shared property (bsc#1159058). - nvme: clean up nvme_scan_work (bsc#1159058). - nvme: cleanup namespace identifier reporting in (bsc#1159058). - nvme: consolidate chunk_sectors settings (bsc#1159058). - nvme: consolodate io settings (bsc#1159058). - nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058). - nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058). - nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058). - nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058). - nvme: Fix controller creation races with teardown flow (bsc#1159058). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058). - nvme: fix identify error status silent ignore (git-fixes, bsc#1159058). - nvme: fix possible hang when ns scanning fails during error (bsc#1159058). - nvme: kABI fixes for nvme_ctrl (bsc#1159058). - nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058). - nvme: provide num dword helper (bsc#1159058). - nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058). - nvme: refine the Qemu Identify CNS quirk (bsc#1159058). - nvme: release ida resources (bsc#1159058). - nvme: release namespace head reference on error (bsc#1159058). - nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058). - nvme: remove unused parameter (bsc#1159058). - nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058). - nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058). - nvme: revalidate after verifying identifiers (bsc#1159058). - nvme: revalidate namespace stream parameters (bsc#1159058). - nvme: unlink head after removing last namespace (bsc#1159058). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (git-fixes). - openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix runtime PM imbalance on error (git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes). - phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes). - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes). - phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes). - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: ISST: Add new PCI device ids (git-fixes). - PM: wakeup: Show statistics for deleted wakeup sources again (git-fixes). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395). - powerpc/iommu: Allow bypass-only for DMA (bsc#1156395). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - qed: suppress "do not support RoCE & iWARP" flooding on HW init (git-fixes). - qed: suppress false-positives interrupt error messages on HW init (git-fixes). - r8169: fix jumbo configuration for RTL8168evl (bsc#1175296). - r8169: fix jumbo packet handling on resume from suspend (bsc#1175296). - r8169: fix resume on cable plug-in (bsc#1175296). - r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296). - r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296). - r8169: read common register for PCI commit (bsc#1175296). - random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes). - random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes). - random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes). - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes). - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes). - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes). - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes). - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes). - RDMA/cm: Remove a race freeing timewait_info (git-fixes). - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes). - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes). - RDMA/core: Fix double destruction of uobject (git-fixes). - RDMA/core: Fix double put of resource (git-fixes). - RDMA/core: Fix missing error check on dev_set_name() (git-fixes). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes). - RDMA/core: Fix race between destroy and release FD object (git-fixes). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes). - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes). - RDMA/counter: Query a counter before release (git-fixes). - RDMA/efa: Set maximum pkeys device attribute (git-fixes). - RDMA/hns: Bugfix for querying qkey (git-fixes). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes). - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes). - RDMA/iwcm: Fix iwcm work deallocation (git-fixes). - RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes). - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes). - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes). - RDMA/mlx5: Add init2init as a modify command (git-fixes). - RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446). - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes). - RDMA/mlx5: Fix typo in enum name (git-fixes). - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes). - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes). - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes). - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes). - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes). - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes). - RDMA/rxe: Set default vendor ID (git-fixes). - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes). - RDMA/siw: Fix failure handling during device creation (git-fixes). - RDMA/siw: Fix passive connection establishment (git-fixes). - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes). - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes). - RDMA/siw: Fix reporting vendor_part_id (git-fixes). - RDMA/siw: Fix setting active_mtu attribute (git-fixes). - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes). - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes). - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - remoteproc: qcom: q6v5: Update running state before requesting stop (git-fixes). - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes). - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (git-fixes). - Revert "drm/amd/display: Expose connector VRR range via debugfs" (bsc#1152489) * refreshed for context changes - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (git-fixes). - Revert "i2c: cadence: Fix the hold bit setting" (git-fixes). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (git-fixes). - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - rhashtable: Document the right function parameters (bsc#1174880). - rhashtable: drop duplicated word in (bsc#1174880). - rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880). - rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880). - rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/modules.fips: * add ecdh_generic (boo#1173813) - rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - rtw88: fix LDPC field for RA info (git-fixes). - rtw88: fix short GI capability based on current bandwidth (git-fixes). - sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28). - sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: remove unneeded semicolon (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes). - serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes). - serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes). - serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - serial: tegra: fix CREAD handling for PIO (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834). - soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116). - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes). - spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - spi: rockchip: Fix error in SPI slave pio read (git-fixes). - spi: spi-geni-qcom: Actually use our FIFO (git-fixes). - spi: spidev: Align buffers for DMA (git-fixes). - spi: stm32: fixes suspend/resume management (git-fixes). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging: rtl8712: handle firmware load failure (git-fixes). - staging: vchiq_arm: Add a matching unregister call (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes). - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes). - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - ubsan: check panic_on_warn (bsc#1174805). - uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762). - update upstream reference - usb: bdc: Halt controller on suspend (git-fixes). - usb: core: fix quirks_param_set() writing to a const pointer (git-fixes). - usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes). - usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes). - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: iowarrior: fix up report size handling for some devices (git-fixes). - usb: mtu3: clear dual mode of u3port when disable device (git-fixes). - usb: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - usb: serial: cp210x: re-enable auto-RTS on open (git-fixes). - usb: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - usb: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: tegra: Fix allocation for the FPCI context (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes). - watchdog: initialize device before misc_register (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - wl1251: fix always return 0 error (git-fixes). - x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes). - xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600). - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645). - xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645). - xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2486=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2486=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2486=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2486=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2486=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2486=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 kernel-default-extra-5.3.18-24.12.1 kernel-default-extra-debuginfo-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 kernel-default-livepatch-5.3.18-24.12.1 kernel-default-livepatch-devel-5.3.18-24.12.1 kernel-livepatch-5_3_18-24_12-default-1-5.3.1 kernel-livepatch-5_3_18-24_12-default-debuginfo-1-5.3.1 kernel-livepatch-SLE15-SP2_Update_2-debugsource-1-5.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 reiserfs-kmp-default-5.3.18-24.12.1 reiserfs-kmp-default-debuginfo-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.12.1 kernel-obs-build-debugsource-5.3.18-24.12.1 kernel-syms-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.12.1 kernel-preempt-debugsource-5.3.18-24.12.1 kernel-preempt-devel-5.3.18-24.12.1 kernel-preempt-devel-debuginfo-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.12.1 kernel-source-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.12.1 kernel-default-base-5.3.18-24.12.1.9.4.1 kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 kernel-default-devel-5.3.18-24.12.1 kernel-default-devel-debuginfo-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.12.1 kernel-preempt-debuginfo-5.3.18-24.12.1 kernel-preempt-debugsource-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.12.1 kernel-macros-5.3.18-24.12.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.12.1 cluster-md-kmp-default-debuginfo-5.3.18-24.12.1 dlm-kmp-default-5.3.18-24.12.1 dlm-kmp-default-debuginfo-5.3.18-24.12.1 gfs2-kmp-default-5.3.18-24.12.1 gfs2-kmp-default-debuginfo-5.3.18-24.12.1 kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 ocfs2-kmp-default-5.3.18-24.12.1 ocfs2-kmp-default-debuginfo-5.3.18-24.12.1 References: https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-16166.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154488 https://bugzilla.suse.com/1154492 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1171634 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172197 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173468 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173813 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174002 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174247 https://bugzilla.suse.com/1174362 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174645 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174737 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174762 https://bugzilla.suse.com/1174770 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174777 https://bugzilla.suse.com/1174805 https://bugzilla.suse.com/1174824 https://bugzilla.suse.com/1174825 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174865 https://bugzilla.suse.com/1174880 https://bugzilla.suse.com/1174897 https://bugzilla.suse.com/1174906 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175009 https://bugzilla.suse.com/1175010 https://bugzilla.suse.com/1175011 https://bugzilla.suse.com/1175012 https://bugzilla.suse.com/1175013 https://bugzilla.suse.com/1175014 https://bugzilla.suse.com/1175015 https://bugzilla.suse.com/1175016 https://bugzilla.suse.com/1175017 https://bugzilla.suse.com/1175018 https://bugzilla.suse.com/1175019 https://bugzilla.suse.com/1175020 https://bugzilla.suse.com/1175021 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175116 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175175 https://bugzilla.suse.com/1175176 https://bugzilla.suse.com/1175180 https://bugzilla.suse.com/1175181 https://bugzilla.suse.com/1175182 https://bugzilla.suse.com/1175183 https://bugzilla.suse.com/1175184 https://bugzilla.suse.com/1175185 https://bugzilla.suse.com/1175186 https://bugzilla.suse.com/1175187 https://bugzilla.suse.com/1175188 https://bugzilla.suse.com/1175189 https://bugzilla.suse.com/1175190 https://bugzilla.suse.com/1175191 https://bugzilla.suse.com/1175192 https://bugzilla.suse.com/1175195 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175263 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175296 https://bugzilla.suse.com/1175344 https://bugzilla.suse.com/1175345 https://bugzilla.suse.com/1175346 https://bugzilla.suse.com/1175347 https://bugzilla.suse.com/1175367 https://bugzilla.suse.com/1175377 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175546 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175774 https://bugzilla.suse.com/1175775 https://bugzilla.suse.com/1175834 https://bugzilla.suse.com/1175873 From sle-updates at lists.suse.com Fri Sep 4 04:13:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 12:13:54 +0200 (CEST) Subject: SUSE-SU-2020:2487-1: important: Security update for the Linux Kernel Message-ID: <20200904101354.67465F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2487-1 Rating: important References: #1051510 #1058115 #1065600 #1065729 #1071995 #1082555 #1083647 #1085030 #1089895 #1090036 #1103990 #1103991 #1103992 #1104745 #1109837 #1111666 #1112178 #1112374 #1113956 #1114279 #1124278 #1127354 #1127355 #1127371 #1133021 #1137325 #1142685 #1144333 #1145929 #1148868 #1150660 #1151794 #1151927 #1152489 #1152624 #1154824 #1157169 #1158265 #1158983 #1159037 #1159058 #1159199 #1160388 #1160947 #1161016 #1162002 #1162063 #1163309 #1163403 #1163897 #1164284 #1164780 #1164871 #1165183 #1165478 #1165741 #1166780 #1166860 #1166861 #1166862 #1166864 #1166866 #1166867 #1166868 #1166870 #1166940 #1166969 #1166978 #1166985 #1167104 #1167288 #1167574 #1167851 #1167867 #1168081 #1168202 #1168332 #1168486 #1168670 #1168760 #1168762 #1168763 #1168764 #1168765 #1168789 #1168881 #1168884 #1168952 #1168959 #1169020 #1169057 #1169194 #1169390 #1169514 #1169525 #1169625 #1169762 #1169771 #1169795 #1170011 #1170056 #1170125 #1170145 #1170284 #1170345 #1170442 #1170457 #1170522 #1170592 #1170617 #1170618 #1170620 #1170621 #1170770 #1170778 #1170791 #1170901 #1171078 #1171098 #1171118 #1171124 #1171189 #1171191 #1171195 #1171202 #1171205 #1171214 #1171217 #1171218 #1171219 #1171220 #1171244 #1171293 #1171417 #1171424 #1171527 #1171529 #1171530 #1171558 #1171599 #1171600 #1171601 #1171602 #1171604 #1171605 #1171606 #1171607 #1171608 #1171609 #1171610 #1171611 #1171612 #1171613 #1171614 #1171615 #1171616 #1171617 #1171618 #1171619 #1171620 #1171621 #1171622 #1171623 #1171624 #1171625 #1171626 #1171662 #1171679 #1171691 #1171692 #1171694 #1171695 #1171732 #1171736 #1171739 #1171743 #1171753 #1171759 #1171817 #1171835 #1171841 #1171868 #1171904 #1171948 #1171949 #1171951 #1171952 #1171979 #1171982 #1171983 #1171988 #1172017 #1172096 #1172097 #1172098 #1172099 #1172101 #1172102 #1172103 #1172104 #1172127 #1172130 #1172185 #1172188 #1172199 #1172201 #1172202 #1172221 #1172247 #1172249 #1172251 #1172257 #1172317 #1172342 #1172343 #1172344 #1172366 #1172378 #1172391 #1172397 #1172453 #1172458 #1172484 #1172537 #1172538 #1172687 #1172719 #1172759 #1172775 #1172781 #1172782 #1172783 #1172871 #1172872 #1172999 #1173060 #1173074 #1173146 #1173265 #1173280 #1173284 #1173428 #1173514 #1173567 #1173573 #1173746 #1173818 #1173820 #1173825 #1173826 #1173833 #1173838 #1173839 #1173845 #1173857 #1174113 #1174115 #1174122 #1174123 #1174186 #1174187 #1174296 #1174343 #1174356 #1174409 #1174438 #1174462 Cross-References: CVE-2018-1000199 CVE-2019-19462 CVE-2019-20806 CVE-2019-20810 CVE-2019-20812 CVE-2019-20908 CVE-2019-9455 CVE-2020-0305 CVE-2020-0543 CVE-2020-10135 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-11669 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12659 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that solves 40 vulnerabilities and has 227 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or "CrossTalk" (bsc#1154824). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which caused a memory leak, aka CID-9453264ef586 (bnc#1172458). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add br_netfilter to kernel-default-base (bsc#1169020) - Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE. - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256 (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add driver blacklist (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda: Always use jackpoll helper for jack update after resume (bsc#1051510). - ALSA: hda: call runtime_allow() for all hda controllers (bsc#1051510). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Honor PM disablement in PM freeze and thaw_noirq ops (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda: Match both PCI ID and SSID for driver blacklist (bsc#1111666). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA (git-fixes). - ALSA: hda/realtek - Add HP new mute led supported for ALC236 (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Notebook (git-fixes). - ALSA: hda/realtek - Add supported new mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295 (git-fixes). - ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295 (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Enable the headset mic on Asus FX505DT (bsc#1051510). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (bsc#1111666). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hda: Release resources at error in delayed probe (bsc#1051510). - ALSA: hda: Remove ASUS ROG Zenith from the blacklist (bsc#1051510). - ALSA: hda: Skip controller resume if not needed (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add connector notifier delegation (bsc#1051510). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: add mapping for ASRock TRX40 Creator (git-fixes). - ALSA: usb-audio: Add mixer workaround for TRX40 and co (bsc#1051510). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: Add quirk for Focusrite Scarlett 2i2 (bsc#1051510). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Add static mapping table for ALC1220-VB-based mobos (bsc#1051510). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Apply async workaround for Scarlett 2i4 2nd gen (bsc#1051510). - ALSA: usb-audio: Check mapping at creating connector controls, too (bsc#1051510). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not create jack controls for PCM terminals (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Filter error from connector kctl ops, too (bsc#1051510). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510). - batman-adv: Do not schedule OGM for disabled interface (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert "bcache: shrink btree node cache after bch_btree_check()" (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - blk-mq: honor IO scheduler for multiqueue devices (bsc#1165478). - blk-mq: simplify blk_mq_make_request() (bsc#1165478). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF (bsc#1104745). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bnxt_en: Return error if bnxt_alloc_ctx_mem() fails (bsc#1104745 ). - bnxt_en: Return error when allocating zero size context memory (bsc#1104745). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - bpf: Fix sk_psock refcnt leak when receiving message (bsc#1083647). - bpf: Forbid XADD on spilled pointers for unprivileged users (bsc#1083647). - brcmfmac: abort and release host after error (bsc#1051510). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - Btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: relocation: add error injection points for cancelling balance (bsc#1171417). - btrfs: relocation: Check cancel request after each data page read (bsc#1171417). - btrfs: relocation: Check cancel request after each extent found (bsc#1171417). - btrfs: relocation: Clear the DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417). - btrfs: relocation: Fix reloc root leakage and the NULL pointer reference caused by the leakage (bsc#1171417). - btrfs: relocation: Work around dead relocation stage loop (bsc#1171417). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - Btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - Btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - can: add missing attribute validation for termination (networking-stable-20_03_14). - carl9170: remove P2P_GO support (bsc#1111666). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: check if file lock exists before sending unlock request (bsc#1168789). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: demote quotarealm lookup warning to a debug message (bsc#1171692). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - CIFS: ignore cached share root handle closing errors (bsc#1166780). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620, bsc#1170621). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - config: Enable CONFIG_RCU_BOOST - configfs: Fix bool initialization/comparison (bsc#1051510). - copy_{to,from}_user(): consolidate object size checks (git fixes). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - cpuidle: Do not unset the driver if it is there already (bsc#1051510). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: arm64/sha-ce - implement export/import (bsc#1051510). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510). - cxgb4: fix MPS index overwrite when setting MAC address (bsc#1127355). - cxgb4: fix Txq restart check during backpressure (bsc#1127354 bsc#1127371). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - devlink: fix return value after hitting end in region read (bsc#1109837). - devlink: validate length of param values (bsc#1109837). - devlink: validate length of region addr/len (bsc#1109837). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm-raid1: fix invalid return value from dm_mirror (bsc#1172378). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172249, bsc#1172251). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drivers: w1: add hwmon support structures (jsc#SLE-11048). - drivers: w1: add hwmon temp support for w1_therm (jsc#SLE-11048). - drivers: w1: refactor w1_slave_show to make the temp reading functionality separate (jsc#SLE-11048). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) (bsc#1111666). - drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event (bsc#1111666). - drm/amd/powerplay: force the trim of the mclk dpm_levels if OD is (bsc#1113956) - drm/atomic: Take the atomic toys away from X (bsc#1112178) * context changes - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/etnaviv: fix perfmon domain interation (bsc#1113956) - drm/etnaviv: rework perfmon query infrastructure (bsc#1112178) - drm/i915: Apply Wa_1406680159:icl,ehl as an engine workaround (bsc#1112178) * rename gt/intel_workarounds.c to intel_workarounds.c * context changes - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1112178) * rename display/intel_hdmi.c to intel_hdmi.c * context changes - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - drm/sun4i: dsi: Allow binding the host without a panel (bsc#1113956) - drm/sun4i: dsi: Avoid hotplug race with DRM driver bind (bsc#1113956) - drm/sun4i: dsi: Remove incorrect use of runtime PM (bsc#1113956) * context changes - drm/sun4i: dsi: Remove unused drv from driver context (bsc#1113956) * context changes * keep include of sun4i_drv.h - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fat: fix uninit-memory access for partial initialized inode (bsc#1051510). - fat: work around race with userspace's read via blockdev while mounting (bsc#1051510). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - Fix boot crash with MD (bsc#1174343) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172249, bsc#1172251). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: jz4780: silence log flood on txabrt (bsc#1051510). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (bsc#1103991). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172249, bsc#1172251). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ip6_tunnel: Allow rcv/xmit even if remote address is a local address (bsc#1166978). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: fix restrict IPV6_ADDRFORM operation (bsc#1171662). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - ixgbe: do not check firmware errors (bsc#1170284). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi fix for (bsc#1168202). - kabi fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6).++ kernel-source-rt.spec (revision 4)Release: <RELEASE>.g93af9dfProvides: %name-srchash-93af9df3581407689c1ac5b0aa06fcfb62b08f1c - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locks: print unsigned ino in /proc/locks (bsc#1171951). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211: add option for setting control flags (bsc#1111666). - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: dib0700: fix rc endpoint lookup (bsc#1051510). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: go7007: Fix URB type for interrupt handling (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: si2157: Better check for running tuner in init (bsc#1111666). - media: tda10071: fix unsigned sign extension overflow (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - media: usbtv: fix control-message timeouts (bsc#1051510). - media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510). - media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510). - media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510). - mei: release me_cl object reference (bsc#1051510). - mfd: dln2: Fix sanity checking for endpoints (bsc#1051510). - misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mlxsw: spectrum_mr: Fix list iteration in error path (bsc#1112374). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: core: Check request type before completing the request (git-fixes). - mmc: core: Fix recursive locking issue in CQE recovery path (git-fixes). - mmc: cqhci: Avoid false "cqhci: CQE stuck on" by not open-coding timeout loop (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: fix compilation of user API (bsc#1051510). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - mm: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mvpp2: remove misleading comment (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - net/ethernet: add Google GVE driver (jsc#SLE-10538) - net: fec: add phy_reset_after_clk_enable() support (git-fixes). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net: hns3: fix "tc qdisc del" failed issue (bsc#1109837). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix failing fw tracer allocation on s390 (bsc#1103990 ). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (networking-stable-20_05_27). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (bsc#1109837). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - nfc: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfp: abm: fix a memory leak bug (bsc#1109837). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - nfs: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - nfs: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - nfs: Fix memory leaks and corruption in readdir (git-fixes). - nfs: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - nfs: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - nfs/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - nfs/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - nfs: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: Remove broken queue flushing (git-fixes). - padata: reorder work kABI fixup (git-fixes). - Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()" (git fixes (block drivers)). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510). - PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201, bsc#1172202). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172201, bsc#1172202). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - pxa168fb: fix release function mismatch in probe failure (bsc#1051510). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - README.BRANCH: Replace Matt Fleming with Davidlohr Bueso as maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert "ALSA: hda/realtek: Fix pop noise on ALC225" (git-fixes). - Revert "bcache: ignore pending signals when creating gc and allocator thread" (git fixes (block drivers)). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (bsc#1111666). - Revert "dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues" (git fixes (block drivers)). - Revert "drm/panel: simple: Add support for Sharp LQ150X1LG11 panels" (bsc#1114279) * offset changes - Revert "HID: i2c-hid: add Trekstor Primebook C11B to descriptor override" Depends on 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert "HID: i2c-hid: override HID descriptors for certain devices" This broke i2c-hid.ko's build, there is no way around it without a big file rename or renaming the kernel module. - Revert "i2c-hid: properly terminate i2c_hid_dmi_desc_override_table" Fixed 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()" (bsc#1172221). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (bsc#1103992). - Revert "thermal: mediatek: fix register index error" (bsc#1111666). - Revert "tools lib traceevent: Remove unneeded qsort and uses memmove" - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/cpum_cf: Add new extended counters for IBM z15 (bsc#1169762 LTC#185291). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: do not set affinity for floating irqs (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164780). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164780). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164780). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164780). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164780). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164780). - scsi: lpfc: remove duplicate unloading checks (bsc#1164780). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164780). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164780). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/powerpc: Fix build errors in powerpc ptrace selftests (boo#1124278). - Separate one more kABI fixup from the functional change: - seq_file: fix problem when seeking mid-record (bsc#1170125). - serdev: ttyport: restore client ops on deregistration (bsc#1051510). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510). - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510). - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - SUNRPC: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - supported.conf: Add br_netfilter to base (bsc#1169020). - svcrdma: Fix double svc_rdma_send_ctxt_put() in an error path (bsc#1103992). - svcrdma: Fix leak of transport addresses (git-fixes). - svcrdma: Fix trace point use-after-free race (bsc#1103992 ). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tty: rocket, avoid OOB access (git-fixes). - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510). - tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510). - tun: Do not put_page() for all negative return values from XDP program (bsc#1109837). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - ubifs: remove broken lazytime support (bsc#1173826). - Update config files: Build w1 bus on arm64 (jsc#SLE-11048) - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - USB: cdc-acm: restore capability check order (git-fixes). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - USB: core: Fix misleading driver bug report (bsc#1051510). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - USBnet: silence an unnecessary warning (bsc#1170770). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add GosunCn GM500 series (bsc#1111666). - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - w1: Add subsystem kernel public interface (jsc#SLE-11048). - w1: Fix slave count on 1-Wire bus (resend) (jsc#SLE-11048). - w1: keep balance of mutex locks and refcnts (jsc#SLE-11048). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - w1: use put_device() if device_register() fail (jsc#SLE-11048). - watchdog: reset last_hw_keepalive time at start (git-fixes). - watchdog: sp805: fix restart handler (bsc#1111666). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/hyperv: Allow guests to enable InvariantTSC (bsc#1170621, bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170617, bsc#1170618). - x86: hyperv: report value of misc_features (git fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170617, bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170617, bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes). - xfs: clear PF_MEMALLOC before exiting xfsaild thread (git-fixes). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-2487=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): cluster-md-kmp-rt-4.12.14-14.28.1 cluster-md-kmp-rt-debuginfo-4.12.14-14.28.1 dlm-kmp-rt-4.12.14-14.28.1 dlm-kmp-rt-debuginfo-4.12.14-14.28.1 gfs2-kmp-rt-4.12.14-14.28.1 gfs2-kmp-rt-debuginfo-4.12.14-14.28.1 kernel-rt-4.12.14-14.28.1 kernel-rt-base-4.12.14-14.28.1 kernel-rt-base-debuginfo-4.12.14-14.28.1 kernel-rt-debuginfo-4.12.14-14.28.1 kernel-rt-debugsource-4.12.14-14.28.1 kernel-rt-devel-4.12.14-14.28.1 kernel-rt-devel-debuginfo-4.12.14-14.28.1 kernel-rt_debug-debuginfo-4.12.14-14.28.1 kernel-rt_debug-debugsource-4.12.14-14.28.1 kernel-rt_debug-devel-4.12.14-14.28.1 kernel-rt_debug-devel-debuginfo-4.12.14-14.28.1 kernel-syms-rt-4.12.14-14.28.1 ocfs2-kmp-rt-4.12.14-14.28.1 ocfs2-kmp-rt-debuginfo-4.12.14-14.28.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (noarch): kernel-devel-rt-4.12.14-14.28.1 kernel-source-rt-4.12.14-14.28.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://www.suse.com/security/cve/CVE-2019-19462.html https://www.suse.com/security/cve/CVE-2019-20806.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20812.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2019-9455.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-10690.html https://www.suse.com/security/cve/CVE-2020-10711.html https://www.suse.com/security/cve/CVE-2020-10720.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10751.html https://www.suse.com/security/cve/CVE-2020-10757.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-11669.html https://www.suse.com/security/cve/CVE-2020-12114.html https://www.suse.com/security/cve/CVE-2020-12464.html https://www.suse.com/security/cve/CVE-2020-12652.html https://www.suse.com/security/cve/CVE-2020-12653.html https://www.suse.com/security/cve/CVE-2020-12654.html https://www.suse.com/security/cve/CVE-2020-12655.html https://www.suse.com/security/cve/CVE-2020-12656.html https://www.suse.com/security/cve/CVE-2020-12657.html https://www.suse.com/security/cve/CVE-2020-12659.html https://www.suse.com/security/cve/CVE-2020-12769.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13143.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1089895 https://bugzilla.suse.com/1090036 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1124278 https://bugzilla.suse.com/1127354 https://bugzilla.suse.com/1127355 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1137325 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1145929 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1151794 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1154824 https://bugzilla.suse.com/1157169 https://bugzilla.suse.com/1158265 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159037 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1159199 https://bugzilla.suse.com/1160388 https://bugzilla.suse.com/1160947 https://bugzilla.suse.com/1161016 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1163309 https://bugzilla.suse.com/1163403 https://bugzilla.suse.com/1163897 https://bugzilla.suse.com/1164284 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1164871 https://bugzilla.suse.com/1165183 https://bugzilla.suse.com/1165478 https://bugzilla.suse.com/1165741 https://bugzilla.suse.com/1166780 https://bugzilla.suse.com/1166860 https://bugzilla.suse.com/1166861 https://bugzilla.suse.com/1166862 https://bugzilla.suse.com/1166864 https://bugzilla.suse.com/1166866 https://bugzilla.suse.com/1166867 https://bugzilla.suse.com/1166868 https://bugzilla.suse.com/1166870 https://bugzilla.suse.com/1166940 https://bugzilla.suse.com/1166969 https://bugzilla.suse.com/1166978 https://bugzilla.suse.com/1166985 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1167288 https://bugzilla.suse.com/1167574 https://bugzilla.suse.com/1167851 https://bugzilla.suse.com/1167867 https://bugzilla.suse.com/1168081 https://bugzilla.suse.com/1168202 https://bugzilla.suse.com/1168332 https://bugzilla.suse.com/1168486 https://bugzilla.suse.com/1168670 https://bugzilla.suse.com/1168760 https://bugzilla.suse.com/1168762 https://bugzilla.suse.com/1168763 https://bugzilla.suse.com/1168764 https://bugzilla.suse.com/1168765 https://bugzilla.suse.com/1168789 https://bugzilla.suse.com/1168881 https://bugzilla.suse.com/1168884 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169020 https://bugzilla.suse.com/1169057 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169390 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169525 https://bugzilla.suse.com/1169625 https://bugzilla.suse.com/1169762 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170056 https://bugzilla.suse.com/1170125 https://bugzilla.suse.com/1170145 https://bugzilla.suse.com/1170284 https://bugzilla.suse.com/1170345 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170457 https://bugzilla.suse.com/1170522 https://bugzilla.suse.com/1170592 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1170620 https://bugzilla.suse.com/1170621 https://bugzilla.suse.com/1170770 https://bugzilla.suse.com/1170778 https://bugzilla.suse.com/1170791 https://bugzilla.suse.com/1170901 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1171098 https://bugzilla.suse.com/1171118 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171189 https://bugzilla.suse.com/1171191 https://bugzilla.suse.com/1171195 https://bugzilla.suse.com/1171202 https://bugzilla.suse.com/1171205 https://bugzilla.suse.com/1171214 https://bugzilla.suse.com/1171217 https://bugzilla.suse.com/1171218 https://bugzilla.suse.com/1171219 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1171244 https://bugzilla.suse.com/1171293 https://bugzilla.suse.com/1171417 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171527 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171599 https://bugzilla.suse.com/1171600 https://bugzilla.suse.com/1171601 https://bugzilla.suse.com/1171602 https://bugzilla.suse.com/1171604 https://bugzilla.suse.com/1171605 https://bugzilla.suse.com/1171606 https://bugzilla.suse.com/1171607 https://bugzilla.suse.com/1171608 https://bugzilla.suse.com/1171609 https://bugzilla.suse.com/1171610 https://bugzilla.suse.com/1171611 https://bugzilla.suse.com/1171612 https://bugzilla.suse.com/1171613 https://bugzilla.suse.com/1171614 https://bugzilla.suse.com/1171615 https://bugzilla.suse.com/1171616 https://bugzilla.suse.com/1171617 https://bugzilla.suse.com/1171618 https://bugzilla.suse.com/1171619 https://bugzilla.suse.com/1171620 https://bugzilla.suse.com/1171621 https://bugzilla.suse.com/1171622 https://bugzilla.suse.com/1171623 https://bugzilla.suse.com/1171624 https://bugzilla.suse.com/1171625 https://bugzilla.suse.com/1171626 https://bugzilla.suse.com/1171662 https://bugzilla.suse.com/1171679 https://bugzilla.suse.com/1171691 https://bugzilla.suse.com/1171692 https://bugzilla.suse.com/1171694 https://bugzilla.suse.com/1171695 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171736 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171753 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171817 https://bugzilla.suse.com/1171835 https://bugzilla.suse.com/1171841 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1171948 https://bugzilla.suse.com/1171949 https://bugzilla.suse.com/1171951 https://bugzilla.suse.com/1171952 https://bugzilla.suse.com/1171979 https://bugzilla.suse.com/1171982 https://bugzilla.suse.com/1171983 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172017 https://bugzilla.suse.com/1172096 https://bugzilla.suse.com/1172097 https://bugzilla.suse.com/1172098 https://bugzilla.suse.com/1172099 https://bugzilla.suse.com/1172101 https://bugzilla.suse.com/1172102 https://bugzilla.suse.com/1172103 https://bugzilla.suse.com/1172104 https://bugzilla.suse.com/1172127 https://bugzilla.suse.com/1172130 https://bugzilla.suse.com/1172185 https://bugzilla.suse.com/1172188 https://bugzilla.suse.com/1172199 https://bugzilla.suse.com/1172201 https://bugzilla.suse.com/1172202 https://bugzilla.suse.com/1172221 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172249 https://bugzilla.suse.com/1172251 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172317 https://bugzilla.suse.com/1172342 https://bugzilla.suse.com/1172343 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172366 https://bugzilla.suse.com/1172378 https://bugzilla.suse.com/1172391 https://bugzilla.suse.com/1172397 https://bugzilla.suse.com/1172453 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172537 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173146 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173857 https://bugzilla.suse.com/1174113 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174122 https://bugzilla.suse.com/1174123 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174187 https://bugzilla.suse.com/1174296 https://bugzilla.suse.com/1174343 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 From sle-updates at lists.suse.com Fri Sep 4 07:13:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 15:13:31 +0200 (CEST) Subject: SUSE-RU-2020:2488-1: moderate: Recommended update for fwupdate Message-ID: <20200904131331.3BD1FFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2488-1 Rating: moderate References: #1174543 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of fwupdate fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2488=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2488=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2488=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2488=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): fwupdate-0.5-7.2.1 fwupdate-debuginfo-0.5-7.2.1 fwupdate-debugsource-0.5-7.2.1 fwupdate-efi-0.5-7.2.1 fwupdate-efi-debuginfo-0.5-7.2.1 libfwup0-0.5-7.2.1 libfwup0-debuginfo-0.5-7.2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): fwupdate-0.5-7.2.1 fwupdate-debuginfo-0.5-7.2.1 fwupdate-debugsource-0.5-7.2.1 fwupdate-efi-0.5-7.2.1 fwupdate-efi-debuginfo-0.5-7.2.1 libfwup0-0.5-7.2.1 libfwup0-debuginfo-0.5-7.2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): fwupdate-0.5-7.2.1 fwupdate-debuginfo-0.5-7.2.1 fwupdate-debugsource-0.5-7.2.1 fwupdate-efi-0.5-7.2.1 fwupdate-efi-debuginfo-0.5-7.2.1 libfwup0-0.5-7.2.1 libfwup0-debuginfo-0.5-7.2.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): fwupdate-0.5-7.2.1 fwupdate-debuginfo-0.5-7.2.1 fwupdate-debugsource-0.5-7.2.1 fwupdate-efi-0.5-7.2.1 fwupdate-efi-debuginfo-0.5-7.2.1 libfwup0-0.5-7.2.1 libfwup0-debuginfo-0.5-7.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Fri Sep 4 07:14:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 15:14:20 +0200 (CEST) Subject: SUSE-RU-2020:2489-1: moderate: Recommended update for fwupdate Message-ID: <20200904131420.676EBFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2489-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of fwupdate fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2489=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2489=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): fwupdate-12-11.5.1 fwupdate-debuginfo-12-11.5.1 fwupdate-debugsource-12-11.5.1 fwupdate-devel-12-11.5.1 fwupdate-efi-12-11.5.1 fwupdate-efi-debuginfo-12-11.5.1 libfwup1-12-11.5.1 libfwup1-debuginfo-12-11.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 x86_64): fwupdate-12-11.5.1 fwupdate-debuginfo-12-11.5.1 fwupdate-debugsource-12-11.5.1 fwupdate-devel-12-11.5.1 fwupdate-efi-12-11.5.1 fwupdate-efi-debuginfo-12-11.5.1 libfwup1-12-11.5.1 libfwup1-debuginfo-12-11.5.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Fri Sep 4 10:14:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:14:51 +0200 (CEST) Subject: SUSE-SU-2020:2531-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1) Message-ID: <20200904161451.7AC7BF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2531-1 Rating: important References: #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_37 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2530=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-2531=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2514=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_34-default-5-2.2 kernel-livepatch-4_12_14-197_37-default-5-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_17-default-5-2.2 References: https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:15:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:15:58 +0200 (CEST) Subject: SUSE-SU-2020:2525-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15) Message-ID: <20200904161558.3C7DDF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2525-1 Rating: important References: #1165631 #1173942 #1174247 Cross-References: CVE-2020-11668 CVE-2020-14331 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_55 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2525=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_55-default-2-2.2 kernel-livepatch-4_12_14-150_55-default-debuginfo-2-2.2 References: https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:16:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:16:57 +0200 (CEST) Subject: SUSE-SU-2020:2506-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP4) Message-ID: <20200904161657.315EFF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2506-1 Rating: important References: #1173100 #1173659 #1173661 #1173869 #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_45 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2512=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2506=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le x86_64): kgraft-patch-4_12_14-122_7-default-6-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_45-default-6-2.2 References: https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:18:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:18:36 +0200 (CEST) Subject: SUSE-SU-2020:2505-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15) Message-ID: <20200904161836.95D5EF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2505-1 Rating: important References: #1173100 #1173659 #1173661 #1173663 #1173869 #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-0155 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_35 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2527=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-2528=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2520=1 SUSE-SLE-Module-Live-Patching-15-2020-2521=1 SUSE-SLE-Module-Live-Patching-15-2020-2522=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2511=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2503=1 SUSE-SLE-Live-Patching-12-SP4-2020-2504=1 SUSE-SLE-Live-Patching-12-SP4-2020-2505=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_21-default-8-2.2 kernel-livepatch-4_12_14-197_26-default-6-2.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_35-default-8-2.2 kernel-livepatch-4_12_14-150_35-default-debuginfo-8-2.2 kernel-livepatch-4_12_14-150_38-default-8-2.2 kernel-livepatch-4_12_14-150_38-default-debuginfo-8-2.2 kernel-livepatch-4_12_14-150_41-default-6-2.2 kernel-livepatch-4_12_14-150_41-default-debuginfo-6-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le x86_64): kgraft-patch-4_12_14-120-default-6-15.2 kgraft-patch-4_12_14-120-default-debuginfo-6-15.2 kgraft-patch-SLE12-SP5_Update_0-debugsource-6-15.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_32-default-8-2.2 kgraft-patch-4_12_14-95_37-default-7-2.2 kgraft-patch-4_12_14-95_40-default-6-2.2 References: https://www.suse.com/security/cve/CVE-2019-0155.html https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173663 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:20:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:20:13 +0200 (CEST) Subject: SUSE-SU-2020:2507-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP4) Message-ID: <20200904162013.0E60FF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2507-1 Rating: important References: #1173659 #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-16746 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_48 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2507=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_48-default-5-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:21:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:21:24 +0200 (CEST) Subject: SUSE-SU-2020:2524-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 15) Message-ID: <20200904162124.9E0AFF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2524-1 Rating: important References: #1165631 #1173659 #1173942 #1174186 #1174247 Cross-References: CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_52 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2524=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_52-default-2-2.2 kernel-livepatch-4_12_14-150_52-default-debuginfo-2-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:22:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:22:34 +0200 (CEST) Subject: SUSE-SU-2020:2513-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP5) Message-ID: <20200904162234.2AB5CF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2513-1 Rating: important References: #1173100 #1173659 #1173869 #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-14895 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_12 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2529=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2523=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2513=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_29-default-6-2.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_47-default-6-2.2 kernel-livepatch-4_12_14-150_47-default-debuginfo-6-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le x86_64): kgraft-patch-4_12_14-122_12-default-6-2.2 References: https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:23:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:23:57 +0200 (CEST) Subject: SUSE-SU-2020:2502-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) Message-ID: <20200904162357.8E972F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2502-1 Rating: important References: #1165631 #1173659 #1173942 #1174247 Cross-References: CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_127 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2500=1 SUSE-SLE-SAP-12-SP3-2020-2501=1 SUSE-SLE-SAP-12-SP3-2020-2502=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2494=1 SUSE-SLE-SAP-12-SP2-2020-2495=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2500=1 SUSE-SLE-SERVER-12-SP3-2020-2501=1 SUSE-SLE-SERVER-12-SP3-2020-2502=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2494=1 SUSE-SLE-SERVER-12-SP2-2020-2495=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_121-default-2-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-2-2.2 kgraft-patch-4_4_180-94_124-default-2-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-2-2.2 kgraft-patch-4_4_180-94_127-default-2-2.2 kgraft-patch-4_4_180-94_127-default-debuginfo-2-2.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_135-default-2-2.2 kgraft-patch-4_4_121-92_138-default-2-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_121-default-2-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-2-2.2 kgraft-patch-4_4_180-94_124-default-2-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-2-2.2 kgraft-patch-4_4_180-94_127-default-2-2.2 kgraft-patch-4_4_180-94_127-default-debuginfo-2-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_135-default-2-2.2 kgraft-patch-4_4_121-92_138-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:25:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:25:03 +0200 (CEST) Subject: SUSE-SU-2020:2492-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) Message-ID: <20200904162503.595A4F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2492-1 Rating: important References: #1173100 #1173659 #1173661 #1173869 #1173942 #1173963 #1174247 Cross-References: CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2492=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2492=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_125-default-7-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_125-default-7-2.2 References: https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:26:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:26:23 +0200 (CEST) Subject: SUSE-SU-2020:2509-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP4) Message-ID: <20200904162623.66883F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2509-1 Rating: important References: #1165631 #1173659 #1174186 #1174247 Cross-References: CVE-2019-16746 CVE-2020-14331 CVE-2020-15780 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_54 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2509=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_54-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:27:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:27:28 +0200 (CEST) Subject: SUSE-SU-2020:2499-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) Message-ID: <20200904162728.89086F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2499-1 Rating: important References: #1173659 #1173942 #1174247 Cross-References: CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_116 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2499=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2493=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2499=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2493=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_116-default-3-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-3-2.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_129-default-4-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_116-default-3-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-3-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_129-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:28:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:28:26 +0200 (CEST) Subject: SUSE-SU-2020:2497-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP3) Message-ID: <20200904162826.492B6F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2497-1 Rating: important References: #1173100 #1173659 #1173661 #1173663 #1173867 #1173869 #1173942 #1173963 #1174247 Cross-References: CVE-2019-0155 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-18680 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_107 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-18680: Fixed a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c (bsc#1173867). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2497=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2497=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_107-default-7-2.2 kgraft-patch-4_4_180-94_107-default-debuginfo-7-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_107-default-7-2.2 kgraft-patch-4_4_180-94_107-default-debuginfo-7-2.2 References: https://www.suse.com/security/cve/CVE-2019-0155.html https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-18680.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173663 https://bugzilla.suse.com/1173867 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:29:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:29:57 +0200 (CEST) Subject: SUSE-SU-2020:2526-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1) Message-ID: <20200904162957.B8B9AF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2526-1 Rating: important References: #1173100 #1173659 #1173661 #1173663 #1173869 #1173934 #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-0155 CVE-2019-14895 CVE-2019-14901 CVE-2019-15117 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_18 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-15117: Fixed an OOB memory access in the USB sound mixer (bsc#1173934). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2526=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_18-default-8-2.2 References: https://www.suse.com/security/cve/CVE-2019-0155.html https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173663 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173934 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:32:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:32:28 +0200 (CEST) Subject: SUSE-SU-2020:2517-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP5) Message-ID: <20200904163228.2E0EFF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2517-1 Rating: important References: #1165631 #1174186 #1174247 Cross-References: CVE-2020-14331 CVE-2020-15780 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_26 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2533=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2516=1 SUSE-SLE-Live-Patching-12-SP5-2020-2517=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_45-default-2-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_23-default-2-2.2 kgraft-patch-4_12_14-122_26-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:33:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:33:27 +0200 (CEST) Subject: SUSE-SU-2020:2491-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) Message-ID: <20200904163327.B3FEDF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2491-1 Rating: important References: #1173100 #1173659 #1173661 #1173663 #1173664 #1173665 #1173666 #1173867 #1173869 #1173942 #1173963 #1174247 Cross-References: CVE-2019-0155 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-18680 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-18680: Fixed a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c (bsc#1173867). - CVE-2019-14816: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173666). - CVE-2019-14814: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173664). - CVE-2019-14815: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173665). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2496=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2491=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2496=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2491=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_103-default-9-2.2 kgraft-patch-4_4_180-94_103-default-debuginfo-9-2.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_120-default-9-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_103-default-9-2.2 kgraft-patch-4_4_180-94_103-default-debuginfo-9-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_120-default-9-2.2 References: https://www.suse.com/security/cve/CVE-2019-0155.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-18680.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173663 https://bugzilla.suse.com/1173664 https://bugzilla.suse.com/1173665 https://bugzilla.suse.com/1173666 https://bugzilla.suse.com/1173867 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:35:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:35:17 +0200 (CEST) Subject: SUSE-SU-2020:2508-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP4) Message-ID: <20200904163517.D8E2BF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2508-1 Rating: important References: #1172437 #1173659 #1174186 #1174247 Cross-References: CVE-2019-16746 CVE-2020-10757 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed a privilege escalation in the mremap handling of DAX Huge Pages (bsc#1172437). - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2508=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_51-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-10757.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1172437 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:36:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:36:24 +0200 (CEST) Subject: SUSE-SU-2020:2534-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) Message-ID: <20200904163624.E423FF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2534-1 Rating: important References: #1165631 #1174247 Cross-References: CVE-2020-14331 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_48 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2534=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-2535=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2518=1 SUSE-SLE-Live-Patching-12-SP5-2020-2519=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2510=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_48-default-2-2.2 kernel-livepatch-4_12_14-197_51-default-2-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_29-default-2-2.2 kgraft-patch-4_12_14-122_32-default-2-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_57-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:37:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:37:18 +0200 (CEST) Subject: SUSE-SU-2020:2498-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) Message-ID: <20200904163718.8C0EEF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2498-1 Rating: important References: #1173100 #1173659 #1173869 #1173942 #1173963 #1174247 Cross-References: CVE-2019-14895 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_113 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2498=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2498=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_113-default-6-2.2 kgraft-patch-4_4_180-94_113-default-debuginfo-6-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_113-default-6-2.2 kgraft-patch-4_4_180-94_113-default-debuginfo-6-2.2 References: https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:40:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:40:48 +0200 (CEST) Subject: SUSE-RU-2020:2490-1: important: Recommended update for transactional-update Message-ID: <20200904164048.B6106F3D7@maintenance.suse.de> SUSE Recommended Update: Recommended update for transactional-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2490-1 Rating: important References: #1162320 Affected Products: SUSE Linux Enterprise Module for Transactional Server 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for transactional-update fixes the following issue: - Mount efivarfs on EFI systems. (bsc#1162320) If the EFI variables are not available, some incorrect parameters will be attached to grub2-install, writing the binary to a wrong location. Due to this, the system fails at reboot with a missing symbol error. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP1: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP1-2020-2490=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP1 (aarch64 ppc64le s390x x86_64): transactional-update-2.15-3.6.2 transactional-update-debuginfo-2.15-3.6.2 transactional-update-debugsource-2.15-3.6.2 - SUSE Linux Enterprise Module for Transactional Server 15-SP1 (noarch): transactional-update-zypp-config-2.15-3.6.2 References: https://bugzilla.suse.com/1162320 From sle-updates at lists.suse.com Fri Sep 4 10:41:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:41:28 +0200 (CEST) Subject: SUSE-SU-2020:2537-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) Message-ID: <20200904164128.ECE5BF3D7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2537-1 Rating: important References: #1174247 Cross-References: CVE-2020-14331 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.3.18-24_9 fixes one issue. The following security issue was fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2537=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_9-default-2-2.3 kernel-livepatch-5_3_18-24_9-default-debuginfo-2-2.3 kernel-livepatch-SLE15-SP2_Update_1-debugsource-2-2.3 References: https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:42:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:42:09 +0200 (CEST) Subject: SUSE-SU-2020:2515-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP5) Message-ID: <20200904164209.851F2F3D7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2515-1 Rating: important References: #1174186 #1174247 Cross-References: CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_20 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2536=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2532=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2515=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-22-default-2-5.2 kernel-livepatch-5_3_18-22-default-debuginfo-2-5.2 kernel-livepatch-SLE15-SP2_Update_0-debugsource-2-5.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_40-default-4-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_20-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 13:13:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:13:41 +0200 (CEST) Subject: SUSE-SU-2020:2544-1: moderate: Security update for MozillaFirefox Message-ID: <20200904191341.709BDF794@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2544-1 Rating: moderate References: #1173991 #1174284 #1175686 Cross-References: CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading. (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2544=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2544=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2544=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2544=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2544=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2544=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2544=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2544=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2544=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2544=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2544=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2544=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2544=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2544=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2544=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2544=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2544=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 References: https://www.suse.com/security/cve/CVE-2020-15663.html https://www.suse.com/security/cve/CVE-2020-15664.html https://www.suse.com/security/cve/CVE-2020-15670.html https://bugzilla.suse.com/1173991 https://bugzilla.suse.com/1174284 https://bugzilla.suse.com/1175686 From sle-updates at lists.suse.com Fri Sep 4 13:14:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:14:46 +0200 (CEST) Subject: SUSE-RU-2020:2542-1: moderate: Recommended update for python-kiwi Message-ID: <20200904191446.4C44EF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2542-1 Rating: moderate References: #1096738 #1165730 #1172908 #1173226 #1173356 #1174009 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for python-kiwi contains the following fixes: - Bump version up to 9.21.7: This version upgrade includes several fixes: * Skip filesystem check for XFS prior xfs_grow running xfs_repair check isn't strictly necessary before resizing, and in some cases it may even prevent resizing by giving an error that would be cleared through mounting the fs (e.g. when the fs wasn't cleanly umounted, and thus letting xfs recover and replay its journal). Given that xfs can only grow online (while being mounted), this is sufficient to ensure that the fs is in a state where it can be resized. This is related to bsc#1174009. (bsc#1174009) * Fixed grub setup in EFI/BOOT directory kiwi copied the same grub.cfg file as it exists in boot/grub2 to the efi path. This is wrong as the setup in the efi boot directory is used to enable normal grub loading and not providing the user grub configuration. In addition the changes here makes sure that the early grub boot code is placed into the system in any EFI case except for secure boot when shim-install is present. If shim-install is present it also creates the early grub boot setup such that kiwi doesn't have to do it. This Fixes #1491 and Fixes bsc#1172908. (bsc#1172908) * Use rsync in inplace transfer mode Using the --inplace option in rsync helps to save space on syncing the rootfs data and prevents e.g OBS workers from running out of VM space when transfering root filesystem data. Also using --inplace allows to keep hardlinks intact. This is related to bsc#1096738. (bsc#1096738) * Don't keep copy of grub2-install in the system To prevent shim-install from calling grub2-install in uefi mode kiwi temporary replaces the tool by a noop. This acts as a workaround for an issue in shim-install. However the workaround left a file copy of grub2-install in the system which should not happen. This commit Fixes bsc#1173226 and Fixes #1490. (bsc#1173226) * Fixes live ISOs This commit fixes iso images. Due to a change introduced in c7ed1cf live ISOs were no longer booting as the rootfs.img filesystem was copied to the squashfs container while being still mounted. Because of that, at boot time, it refused to mount. This commit adds umount method for the filesystem base class, so it can be umounted before deleting the instance. Fixes #1489 and bsc#1173356. (bsc#1173356) * Support grub timeout_style parameter Grub supports a style setting that influences the display of the menu depending on the configured timeout value. With this patch kiwi allows to specify the style via a new bootloader parameter named timeout_style="hidden|countdown". If not set the grub default applies which shows the menu in any case. This Fixes bsc#1165730 and Fixes #1404. (bsc#1165730) * Use auto video mode as default for grub An explicit video mode 800x600 was used for grub if no video mode setup exists in the XML description. For grub this should better result in the auto mode. Related to bsc#1165730. (bsc#1165730) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2542=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2542=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2542=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2542=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dracut-kiwi-lib-9.21.7-3.33.5 dracut-kiwi-live-9.21.7-3.33.5 dracut-kiwi-oem-dump-9.21.7-3.33.5 dracut-kiwi-oem-repart-9.21.7-3.33.5 dracut-kiwi-overlay-9.21.7-3.33.5 kiwi-man-pages-9.21.7-3.33.5 kiwi-tools-9.21.7-3.33.5 kiwi-tools-debuginfo-9.21.7-3.33.5 python-kiwi-debugsource-9.21.7-3.33.5 python3-kiwi-9.21.7-3.33.5 - SUSE Linux Enterprise Server for SAP 15 (x86_64): kiwi-pxeboot-9.21.7-3.33.5 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dracut-kiwi-lib-9.21.7-3.33.5 dracut-kiwi-live-9.21.7-3.33.5 dracut-kiwi-oem-dump-9.21.7-3.33.5 dracut-kiwi-oem-repart-9.21.7-3.33.5 dracut-kiwi-overlay-9.21.7-3.33.5 kiwi-man-pages-9.21.7-3.33.5 kiwi-tools-9.21.7-3.33.5 kiwi-tools-debuginfo-9.21.7-3.33.5 python-kiwi-debugsource-9.21.7-3.33.5 python3-kiwi-9.21.7-3.33.5 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dracut-kiwi-lib-9.21.7-3.33.5 dracut-kiwi-live-9.21.7-3.33.5 dracut-kiwi-oem-dump-9.21.7-3.33.5 dracut-kiwi-oem-repart-9.21.7-3.33.5 dracut-kiwi-overlay-9.21.7-3.33.5 kiwi-man-pages-9.21.7-3.33.5 kiwi-tools-9.21.7-3.33.5 kiwi-tools-debuginfo-9.21.7-3.33.5 python-kiwi-debugsource-9.21.7-3.33.5 python3-kiwi-9.21.7-3.33.5 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): kiwi-pxeboot-9.21.7-3.33.5 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dracut-kiwi-lib-9.21.7-3.33.5 dracut-kiwi-live-9.21.7-3.33.5 dracut-kiwi-oem-dump-9.21.7-3.33.5 dracut-kiwi-oem-repart-9.21.7-3.33.5 dracut-kiwi-overlay-9.21.7-3.33.5 kiwi-man-pages-9.21.7-3.33.5 kiwi-tools-9.21.7-3.33.5 kiwi-tools-debuginfo-9.21.7-3.33.5 python-kiwi-debugsource-9.21.7-3.33.5 python3-kiwi-9.21.7-3.33.5 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): kiwi-pxeboot-9.21.7-3.33.5 References: https://bugzilla.suse.com/1096738 https://bugzilla.suse.com/1165730 https://bugzilla.suse.com/1172908 https://bugzilla.suse.com/1173226 https://bugzilla.suse.com/1173356 https://bugzilla.suse.com/1174009 From sle-updates at lists.suse.com Fri Sep 4 13:16:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:16:06 +0200 (CEST) Subject: SUSE-RU-2020:2545-1: moderate: Recommended update for yast2, yast2-packager, yast2-pkg-bindings Message-ID: <20200904191606.AE365F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2, yast2-packager, yast2-pkg-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2545-1 Rating: moderate References: #1162514 #1172477 #1173133 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2, yast2-packager, yast2-pkg-bindings contains the following fixes: Changes in yast2: - Do not start an UI while evaluating current language settings. (bsc#1173133) - Improve actions to stop and start a system service. (bsc#1162514) Changes in yast2-pkg-bindings: - Extensions to handle raw repository name. (bsc#1172477) Changes in yast2-packager: - Handle variable expansion in repository name. (bsc#1172477) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2545=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-2545=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-4.1.79-3.22.1 yast2-logs-4.1.79-3.22.1 yast2-packager-4.1.51-3.20.14 yast2-pkg-bindings-4.1.3-3.8.8 yast2-pkg-bindings-debuginfo-4.1.3-3.8.8 yast2-pkg-bindings-debugsource-4.1.3-3.8.8 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-4.1.79-3.22.1 yast2-packager-4.1.51-3.20.14 References: https://bugzilla.suse.com/1162514 https://bugzilla.suse.com/1172477 https://bugzilla.suse.com/1173133 From sle-updates at lists.suse.com Fri Sep 4 13:17:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:17:07 +0200 (CEST) Subject: SUSE-RU-2020:2539-1: important: Recommended update for golang-github-QubitProducts-exporter_exporter Message-ID: <20200904191707.45971F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-QubitProducts-exporter_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2539-1 Rating: important References: #1175946 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This Maintenance update for SUSE Manager fixes the following issue: - Add requires for fillup, groupadd, useradd, systemd (bsc#1175946) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2020-2539=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1 References: https://bugzilla.suse.com/1175946 From sle-updates at lists.suse.com Fri Sep 4 13:17:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:17:57 +0200 (CEST) Subject: SUSE-RU-2020:2543-1: moderate: Recommended update for yast2-storage-ng Message-ID: <20200904191757.536F5F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2543-1 Rating: moderate References: #1115749 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage-ng provides the following fix: - Do not append a suffix to LVM Volume Group names unless it is needed. (bsc#1115749) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2543=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-2543=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.1.96-3.30.6 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.1.96-3.30.6 References: https://bugzilla.suse.com/1115749 From sle-updates at lists.suse.com Fri Sep 4 13:18:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:18:47 +0200 (CEST) Subject: SUSE-SU-2020:2541-1: important: Security update for the Linux Kernel Message-ID: <20200904191847.582EAF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2541-1 Rating: important References: #1065600 #1065729 #1071995 #1074701 #1083548 #1085030 #1085235 #1085308 #1087078 #1087082 #1094912 #1100394 #1102640 #1105412 #1111666 #1112178 #1113956 #1120163 #1133021 #1144333 #1152148 #1163524 #1165629 #1166965 #1169790 #1170232 #1171688 #1171988 #1172073 #1172108 #1172247 #1172418 #1172428 #1172781 #1172782 #1172783 #1172871 #1172872 #1172873 #1172963 #1173485 #1173798 #1173954 #1174003 #1174026 #1174070 #1174161 #1174205 #1174387 #1174484 #1174547 #1174549 #1174550 #1174625 #1174658 #1174685 #1174689 #1174699 #1174734 #1174757 #1174771 #1174840 #1174841 #1174843 #1174844 #1174845 #1174852 #1174873 #1174887 #1174904 #1174926 #1174968 #1175062 #1175063 #1175064 #1175065 #1175066 #1175067 #1175112 #1175127 #1175128 #1175149 #1175199 #1175213 #1175228 #1175232 #1175284 #1175393 #1175394 #1175396 #1175397 #1175398 #1175399 #1175400 #1175401 #1175402 #1175403 #1175404 #1175405 #1175406 #1175407 #1175408 #1175409 #1175410 #1175411 #1175412 #1175413 #1175414 #1175415 #1175416 #1175417 #1175418 #1175419 #1175420 #1175421 #1175422 #1175423 #1175440 #1175493 #1175515 #1175518 #1175526 #1175550 #1175654 #1175666 #1175667 #1175668 #1175669 #1175670 #1175767 #1175768 #1175769 #1175770 #1175771 #1175772 #1175786 #1175873 Cross-References: CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 130 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64/sve: should not depend on (bsc#1175401). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - constrants: fix malformed XML Closing tag of an element is "", not "". Fixes: 8b37de2eb835 ("rpm/constraints.in: Increase memory for kernel-docs") - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes - drm/debugfs: fix plain echo to connector "force" attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. (bsc#1112178) * move files drivers/video/fbdev/core -> drivers/video/console * refresh for context changes - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kabi: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - kvm: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - NTB: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - NTB: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix "try" semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (bsc#1111666). - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (bsc#1113956) * refresh for context changes - Revert "ocfs2: avoid inode removal while nfsd is accessing it" This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert "ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963)." This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert "ocfs2: load global_inode_alloc (bsc#1172963)." This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert pciehp patches that broke booting (bsc#1174887) - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.) - rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - Update patch reference for a tipc fix patch (bsc#1175515) - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable USB generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2541=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.41.1 kernel-source-azure-4.12.14-8.41.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.41.1 kernel-azure-base-4.12.14-8.41.1 kernel-azure-base-debuginfo-4.12.14-8.41.1 kernel-azure-debuginfo-4.12.14-8.41.1 kernel-azure-devel-4.12.14-8.41.1 kernel-syms-azure-4.12.14-8.41.1 References: https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085235 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1087078 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1094912 https://bugzilla.suse.com/1100394 https://bugzilla.suse.com/1102640 https://bugzilla.suse.com/1105412 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1166965 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174070 https://bugzilla.suse.com/1174161 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174547 https://bugzilla.suse.com/1174549 https://bugzilla.suse.com/1174550 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174658 https://bugzilla.suse.com/1174685 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174734 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174840 https://bugzilla.suse.com/1174841 https://bugzilla.suse.com/1174843 https://bugzilla.suse.com/1174844 https://bugzilla.suse.com/1174845 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174873 https://bugzilla.suse.com/1174887 https://bugzilla.suse.com/1174904 https://bugzilla.suse.com/1174926 https://bugzilla.suse.com/1174968 https://bugzilla.suse.com/1175062 https://bugzilla.suse.com/1175063 https://bugzilla.suse.com/1175064 https://bugzilla.suse.com/1175065 https://bugzilla.suse.com/1175066 https://bugzilla.suse.com/1175067 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175393 https://bugzilla.suse.com/1175394 https://bugzilla.suse.com/1175396 https://bugzilla.suse.com/1175397 https://bugzilla.suse.com/1175398 https://bugzilla.suse.com/1175399 https://bugzilla.suse.com/1175400 https://bugzilla.suse.com/1175401 https://bugzilla.suse.com/1175402 https://bugzilla.suse.com/1175403 https://bugzilla.suse.com/1175404 https://bugzilla.suse.com/1175405 https://bugzilla.suse.com/1175406 https://bugzilla.suse.com/1175407 https://bugzilla.suse.com/1175408 https://bugzilla.suse.com/1175409 https://bugzilla.suse.com/1175410 https://bugzilla.suse.com/1175411 https://bugzilla.suse.com/1175412 https://bugzilla.suse.com/1175413 https://bugzilla.suse.com/1175414 https://bugzilla.suse.com/1175415 https://bugzilla.suse.com/1175416 https://bugzilla.suse.com/1175417 https://bugzilla.suse.com/1175418 https://bugzilla.suse.com/1175419 https://bugzilla.suse.com/1175420 https://bugzilla.suse.com/1175421 https://bugzilla.suse.com/1175422 https://bugzilla.suse.com/1175423 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175526 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175666 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175668 https://bugzilla.suse.com/1175669 https://bugzilla.suse.com/1175670 https://bugzilla.suse.com/1175767 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175786 https://bugzilla.suse.com/1175873 From sle-updates at lists.suse.com Fri Sep 4 13:32:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:32:38 +0200 (CEST) Subject: SUSE-RU-2020:2546-1: moderate: Recommended update for virt-manager Message-ID: <20200904193238.F2A5CF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2546-1 Rating: moderate References: #1158277 #1169708 #1172356 #1174176 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for virt-manager fixes the following issues: - bsc#1174176 - IDE: "Only 2 disks for bus 'NONE' are supported" - bsc#1169708 - Virtualization/virt-manager: Bug yast2 virt-install internal error - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached - bsc#1158277 - XEN: Additional network device can not be added into PV guest system using virt-manager Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2546=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): virt-install-1.5.1-22.3.1 virt-manager-1.5.1-22.3.1 virt-manager-common-1.5.1-22.3.1 References: https://bugzilla.suse.com/1158277 https://bugzilla.suse.com/1169708 https://bugzilla.suse.com/1172356 https://bugzilla.suse.com/1174176 From sle-updates at lists.suse.com Fri Sep 4 13:33:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:33:50 +0200 (CEST) Subject: SUSE-RU-2020:2549-1: moderate: Recommended update for OpenStack clients Message-ID: <20200904193350.9AA6FF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for OpenStack clients ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2549-1 Rating: moderate References: #1121610 #1174571 #917818 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: Updated OpenStack clients to the latest OpenStack release named Ussuri. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2020-2549=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2549=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2549=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2549=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2549=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2549=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2549=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2549=1 Package List: - SUSE Manager Tools 15 (noarch): python3-pyinotify-0.9.6-4.5.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-decorator-4.4.2-7.3.13 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): python3-systemd-234-5.3.5 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-Sphinx-1.7.6-3.10.6 python3-alabaster-0.7.10-3.2.1 python3-barbicanclient-4.10.0-5.3.5 python3-cinderclient-7.0.0-8.4.5 python3-cliff-3.1.0-7.4.6 python3-cmd2-0.8.9-7.4.3 python3-contextlib2-0.6.0-3.2.13 python3-debtcollector-2.0.1-8.4.6 python3-decorator-4.4.2-7.3.13 python3-designateclient-4.0.0-5.3.5 python3-glanceclient-3.1.1-8.3.5 python3-heatclient-2.1.0-8.3.6 python3-imagesize-0.7.1-3.2.1 python3-ironicclient-4.1.0-5.3.6 python3-keystoneauth1-4.0.0-9.3.6 python3-keystoneclient-4.0.0-9.4.5 python3-magnumclient-3.0.0-7.3.6 python3-monascaclient-2.1.0-5.3.6 python3-monotonic-1.5-7.3.13 python3-neutronclient-7.1.1-7.3.6 python3-novaclient-17.0.0-8.4.6 python3-octaviaclient-2.0.1-5.3.6 python3-openstacksdk-0.46.0-7.4.5 python3-os-client-config-2.1.0-8.4.7 python3-os-service-types-1.7.0-8.4.5 python3-osc-lib-2.0.0-8.4.6 python3-oslo.concurrency-4.0.2-8.4.6 python3-oslo.config-8.0.2-8.4.5 python3-oslo.context-2.20.0-4.6.1 python3-oslo.i18n-4.0.1-8.4.5 python3-oslo.log-4.1.1-8.4.5 python3-oslo.serialization-3.1.1-8.4.5 python3-oslo.utils-4.1.1-8.4.4 python3-osprofiler-3.1.0-7.4.6 python3-pyinotify-0.9.6-4.5.1 python3-python-subunit-1.3.0-6.2.4 python3-rfc3986-1.4.0-7.4.4 python3-snowballstemmer-1.2.1-3.2.1 python3-sphinx_rtd_theme-0.2.4-3.2.1 python3-sphinxcontrib-1.0.1-4.2.1 python3-sphinxcontrib-apidoc-0.3.0-5.3.3 python3-sphinxcontrib-svg2pdfconverter-1.0.1-5.3.15 python3-sphinxcontrib-websupport-1.0.1-4.2.1 python3-statsd-3.3.0-5.3.13 python3-stestr-2.6.0-8.4.10 python3-stevedore-1.32.0-7.4.4 python3-swiftclient-3.9.0-7.4.5 python3-voluptuous-0.10.5-3.2.1 python3-wcwidth-0.1.8-3.5.11 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-Sphinx-1.7.6-3.10.6 python2-alabaster-0.7.10-3.2.1 python2-imagesize-0.7.1-3.2.1 python2-monotonic-1.5-7.3.13 python2-rfc3986-1.4.0-7.4.4 python2-snowballstemmer-1.2.1-3.2.1 python2-sphinx_rtd_theme-0.2.4-3.2.1 python2-sphinxcontrib-1.0.1-4.2.1 python2-sphinxcontrib-websupport-1.0.1-4.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-Sphinx-1.7.6-3.10.6 python2-alabaster-0.7.10-3.2.1 python2-imagesize-0.7.1-3.2.1 python2-snowballstemmer-1.2.1-3.2.1 python2-sphinx_rtd_theme-0.2.4-3.2.1 python2-sphinxcontrib-1.0.1-4.2.1 python2-sphinxcontrib-websupport-1.0.1-4.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): python3-Sphinx-1.7.6-3.10.6 python3-alabaster-0.7.10-3.2.1 python3-imagesize-0.7.1-3.2.1 python3-snowballstemmer-1.2.1-3.2.1 python3-sphinx_rtd_theme-0.2.4-3.2.1 python3-sphinxcontrib-1.0.1-4.2.1 python3-sphinxcontrib-websupport-1.0.1-4.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): python3-Sphinx-1.7.6-3.10.6 python3-alabaster-0.7.10-3.2.1 python3-imagesize-0.7.1-3.2.1 python3-snowballstemmer-1.2.1-3.2.1 python3-sphinx_rtd_theme-0.2.4-3.2.1 python3-sphinxcontrib-1.0.1-4.2.1 python3-sphinxcontrib-websupport-1.0.1-4.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-decorator-4.4.2-7.3.13 python3-monotonic-1.5-7.3.13 References: https://bugzilla.suse.com/1121610 https://bugzilla.suse.com/1174571 https://bugzilla.suse.com/917818 From sle-updates at lists.suse.com Fri Sep 4 13:34:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:34:58 +0200 (CEST) Subject: SUSE-RU-2020:2548-1: moderate: Recommended update for sapconf Message-ID: <20200904193458.0D23BFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2548-1 Rating: moderate References: #1124453 #1139176 #1150868 #1150870 #1166925 #1168067 #1168840 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: - Additions: * Added support for multique schedulers to sapconf (please refer to the man page of sapconf) * Added log rotation to prevent increasing disk space caused by log files (bsc#1166925) - Removed: * Removed tuned from sapconf as it's no longer needed Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2548=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2548=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2548=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2548=1 Package List: - SUSE OpenStack Cloud 7 (noarch): sapconf-5.0.0-33.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): sapconf-5.0.0-33.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): sapconf-5.0.0-33.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): sapconf-5.0.0-33.26.1 References: https://bugzilla.suse.com/1124453 https://bugzilla.suse.com/1139176 https://bugzilla.suse.com/1150868 https://bugzilla.suse.com/1150870 https://bugzilla.suse.com/1166925 https://bugzilla.suse.com/1168067 https://bugzilla.suse.com/1168840 From sle-updates at lists.suse.com Fri Sep 4 13:36:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:36:24 +0200 (CEST) Subject: SUSE-OU-2020:2550-1: moderate: Optional update for terraform-provider-google Message-ID: <20200904193624.295D6FCEB@maintenance.suse.de> SUSE Optional Update: Optional update for terraform-provider-google ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2550-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has 0 optional fixes can now be installed. Description: This update includes the terraform-provider-google in the Public Cloud Modules available for 15-SP1 and 15-SP2. (jsc#ECO-2340) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2550=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2550=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): terraform-provider-google-2.20.3-3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): terraform-provider-google-2.20.3-3.3.1 References: From sle-updates at lists.suse.com Fri Sep 4 13:37:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:37:07 +0200 (CEST) Subject: SUSE-OU-2020:2551-1: Optional update for meson Message-ID: <20200904193707.E3F31F794@maintenance.suse.de> SUSE Optional Update: Optional update for meson ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2551-1 Rating: low References: #1173025 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for meson doesn't fix any user visible issues, but fixes internal test cases only (bsc#1173025) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2551=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): meson-0.54.2-3.3.1 References: https://bugzilla.suse.com/1173025 From sle-updates at lists.suse.com Fri Sep 4 13:37:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:37:55 +0200 (CEST) Subject: SUSE-SU-2020:2540-1: important: Security update for the Linux Kernel Message-ID: <20200904193755.E12F3F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2540-1 Rating: important References: #1065600 #1065729 #1071995 #1074701 #1083548 #1085030 #1085235 #1085308 #1087078 #1087082 #1094912 #1100394 #1102640 #1105412 #1111666 #1112178 #1113956 #1120163 #1133021 #1144333 #1152148 #1163524 #1165629 #1166965 #1169790 #1170232 #1171688 #1172073 #1172108 #1172247 #1172418 #1172428 #1172781 #1172782 #1172783 #1172871 #1172872 #1172873 #1172963 #1173485 #1173798 #1173954 #1174003 #1174026 #1174070 #1174161 #1174205 #1174247 #1174387 #1174484 #1174547 #1174550 #1174625 #1174658 #1174685 #1174689 #1174699 #1174734 #1174757 #1174771 #1174840 #1174841 #1174843 #1174844 #1174845 #1174852 #1174873 #1174887 #1174904 #1174926 #1174968 #1175062 #1175063 #1175064 #1175065 #1175066 #1175067 #1175112 #1175127 #1175128 #1175149 #1175199 #1175213 #1175228 #1175232 #1175284 #1175393 #1175394 #1175396 #1175397 #1175398 #1175399 #1175400 #1175401 #1175402 #1175403 #1175404 #1175405 #1175406 #1175407 #1175408 #1175409 #1175410 #1175411 #1175412 #1175413 #1175414 #1175415 #1175416 #1175417 #1175418 #1175419 #1175420 #1175421 #1175422 #1175423 #1175440 #1175493 #1175515 #1175518 #1175526 #1175550 #1175654 #1175666 #1175667 #1175668 #1175669 #1175670 #1175767 #1175768 #1175769 #1175770 #1175771 #1175772 #1175786 #1175873 Cross-References: CVE-2018-3639 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 129 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). Update config/arm64/default - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64/sve: should not depend on (bsc#1175401). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - constrants: fix malformed XML Closing tag of an element is "", not "". Fixes: 8b37de2eb835 ("rpm/constraints.in: Increase memory for kernel-docs") - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes - drm/debugfs: fix plain echo to connector "force" attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. (bsc#1112178) * move files drivers/video/fbdev/core -> drivers/video/console * refresh for context changes - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kabi: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - kvm: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - ntb: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - ntb: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix "try" semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (bsc#1111666). - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (bsc#1113956) * refresh for context changes - Revert "ocfs2: avoid inode removal while nfsd is accessing it" This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert "ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963)." This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert "ocfs2: load global_inode_alloc (bsc#1172963)." This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert pciehp patches that broke booting (bsc#1174887) - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - Revert "sign also s390x kernel images (bsc#1163524)" This reverts commit b38b61155f0a2c3ebca06d4bb0c2e11a19a87f1f. - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.) - rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging/speakup: fix get_word non-space look-ahead (git-fixes). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - Update patch reference for a tipc fix patch (bsc#1175515) - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - USBip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2540=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.25.1 kernel-source-azure-4.12.14-16.25.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.25.1 kernel-azure-base-4.12.14-16.25.1 kernel-azure-base-debuginfo-4.12.14-16.25.1 kernel-azure-debuginfo-4.12.14-16.25.1 kernel-azure-debugsource-4.12.14-16.25.1 kernel-azure-devel-4.12.14-16.25.1 kernel-syms-azure-4.12.14-16.25.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085235 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1087078 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1094912 https://bugzilla.suse.com/1100394 https://bugzilla.suse.com/1102640 https://bugzilla.suse.com/1105412 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1166965 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174070 https://bugzilla.suse.com/1174161 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174247 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174547 https://bugzilla.suse.com/1174550 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174658 https://bugzilla.suse.com/1174685 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174734 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174840 https://bugzilla.suse.com/1174841 https://bugzilla.suse.com/1174843 https://bugzilla.suse.com/1174844 https://bugzilla.suse.com/1174845 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174873 https://bugzilla.suse.com/1174887 https://bugzilla.suse.com/1174904 https://bugzilla.suse.com/1174926 https://bugzilla.suse.com/1174968 https://bugzilla.suse.com/1175062 https://bugzilla.suse.com/1175063 https://bugzilla.suse.com/1175064 https://bugzilla.suse.com/1175065 https://bugzilla.suse.com/1175066 https://bugzilla.suse.com/1175067 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175393 https://bugzilla.suse.com/1175394 https://bugzilla.suse.com/1175396 https://bugzilla.suse.com/1175397 https://bugzilla.suse.com/1175398 https://bugzilla.suse.com/1175399 https://bugzilla.suse.com/1175400 https://bugzilla.suse.com/1175401 https://bugzilla.suse.com/1175402 https://bugzilla.suse.com/1175403 https://bugzilla.suse.com/1175404 https://bugzilla.suse.com/1175405 https://bugzilla.suse.com/1175406 https://bugzilla.suse.com/1175407 https://bugzilla.suse.com/1175408 https://bugzilla.suse.com/1175409 https://bugzilla.suse.com/1175410 https://bugzilla.suse.com/1175411 https://bugzilla.suse.com/1175412 https://bugzilla.suse.com/1175413 https://bugzilla.suse.com/1175414 https://bugzilla.suse.com/1175415 https://bugzilla.suse.com/1175416 https://bugzilla.suse.com/1175417 https://bugzilla.suse.com/1175418 https://bugzilla.suse.com/1175419 https://bugzilla.suse.com/1175420 https://bugzilla.suse.com/1175421 https://bugzilla.suse.com/1175422 https://bugzilla.suse.com/1175423 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175526 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175666 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175668 https://bugzilla.suse.com/1175669 https://bugzilla.suse.com/1175670 https://bugzilla.suse.com/1175767 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175786 https://bugzilla.suse.com/1175873 From sle-updates at lists.suse.com Fri Sep 4 13:52:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:52:00 +0200 (CEST) Subject: SUSE-RU-2020:2538-1: important: Recommended update for golang-github-QubitProducts-exporter_exporter Message-ID: <20200904195200.B091AF3D7@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-QubitProducts-exporter_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2538-1 Rating: important References: #1175946 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This Maintenance update for SUSE Manager 4.1 fixes the following issue: - Add requires for fillup, groupadd, useradd, systemd (bsc#1175946) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2538=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2020-2538=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-6.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-6.6.1 References: https://bugzilla.suse.com/1175946 From sle-updates at lists.suse.com Fri Sep 4 13:52:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:52:42 +0200 (CEST) Subject: SUSE-RU-2020:2547-1: moderate: Recommended update for zlib Message-ID: <20200904195243.00A5CF3D7@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2547-1 Rating: moderate References: #1174551 #1174736 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2547=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2547=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): zlib-debugsource-1.2.11-11.6.1 zlib-devel-1.2.11-11.6.1 zlib-devel-static-1.2.11-11.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): zlib-devel-32bit-1.2.11-11.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libz1-1.2.11-11.6.1 libz1-debuginfo-1.2.11-11.6.1 zlib-debugsource-1.2.11-11.6.1 zlib-devel-1.2.11-11.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libz1-32bit-1.2.11-11.6.1 libz1-debuginfo-32bit-1.2.11-11.6.1 References: https://bugzilla.suse.com/1174551 https://bugzilla.suse.com/1174736 From sle-updates at lists.suse.com Mon Sep 7 07:23:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2020 15:23:08 +0200 (CEST) Subject: SUSE-SU-2020:2552-1: important: Security update for MozillaThunderbird Message-ID: <20200907132308.22AC1F794@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2552-1 Rating: important References: #1175686 Cross-References: CVE-2020-15663 CVE-2020-15664 CVE-2020-15669 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 68.12 (bsc#1175686) - CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege - CVE-2020-15664: Attacker-induced prompt for extension installation - CVE-2020-15669: Use-After-Free when aborting an operation Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2552=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2552=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-68.12.0-3.94.1 MozillaThunderbird-debuginfo-68.12.0-3.94.1 MozillaThunderbird-debugsource-68.12.0-3.94.1 MozillaThunderbird-translations-common-68.12.0-3.94.1 MozillaThunderbird-translations-other-68.12.0-3.94.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-68.12.0-3.94.1 MozillaThunderbird-debuginfo-68.12.0-3.94.1 MozillaThunderbird-debugsource-68.12.0-3.94.1 MozillaThunderbird-translations-common-68.12.0-3.94.1 MozillaThunderbird-translations-other-68.12.0-3.94.1 References: https://www.suse.com/security/cve/CVE-2020-15663.html https://www.suse.com/security/cve/CVE-2020-15664.html https://www.suse.com/security/cve/CVE-2020-15669.html https://bugzilla.suse.com/1175686 From sle-updates at lists.suse.com Mon Sep 7 10:13:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2020 18:13:35 +0200 (CEST) Subject: SUSE-RU-2020:2559-1: moderate: Recommended update for xrdp Message-ID: <20200907161335.1A4AFF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2559-1 Rating: moderate References: #1171415 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xrdp fixes the following issue: - Fallback session to icewm when a selected desktop environment is not found (bsc#1171415) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2559=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpainter0-0.9.13.1-4.6.1 libpainter0-debuginfo-0.9.13.1-4.6.1 librfxencode0-0.9.13.1-4.6.1 librfxencode0-debuginfo-0.9.13.1-4.6.1 xrdp-0.9.13.1-4.6.1 xrdp-debuginfo-0.9.13.1-4.6.1 xrdp-debugsource-0.9.13.1-4.6.1 xrdp-devel-0.9.13.1-4.6.1 References: https://bugzilla.suse.com/1171415 From sle-updates at lists.suse.com Mon Sep 7 10:14:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2020 18:14:20 +0200 (CEST) Subject: SUSE-RU-2020:2557-1: moderate: Recommended update for python3-azuremetadata Message-ID: <20200907161420.CEDCAF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-azuremetadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2557-1 Rating: moderate References: #1175609 #1175610 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-azuremetadata fixes the following issues: - Fix provides directive (bsc#1175609, bsc#1175610) + The provides directive must set a version or update does not work as expected Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2557=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python3-azuremetadata-5.1.2-1.15.1 References: https://bugzilla.suse.com/1175609 https://bugzilla.suse.com/1175610 From sle-updates at lists.suse.com Mon Sep 7 10:15:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2020 18:15:10 +0200 (CEST) Subject: SUSE-RU-2020:2560-1: moderate: Optional update for shotwell Message-ID: <20200907161510.5B047F403@maintenance.suse.de> SUSE Recommended Update: Optional update for shotwell ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2560-1 Rating: moderate References: #1108421 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for shotwell fixes the following issues: - Drop facebook support, as it no longer works and has been removed upstream. (bsc#1108421) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2560=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): shotwell-0.22.0+git.20160103-15.11.55 shotwell-debuginfo-0.22.0+git.20160103-15.11.55 shotwell-debugsource-0.22.0+git.20160103-15.11.55 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): shotwell-lang-0.22.0+git.20160103-15.11.55 References: https://bugzilla.suse.com/1108421 From sle-updates at lists.suse.com Mon Sep 7 10:15:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2020 18:15:55 +0200 (CEST) Subject: SUSE-RU-2020:2554-1: moderate: Recommended update for yast2-bootloader, yast2-installation Message-ID: <20200907161555.2D5A0F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader, yast2-installation ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2554-1 Rating: moderate References: #1168036 #1174964 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-bootloader, yast2-installation provides the following fixes: Changes in yast2-bootloader: - Add rd.zdev to allowed kernel options on s390. (bsc#1168036) Changes in yast2-installation: - Handle device autoconfig setting in summary screen. (bsc#1168036) - Save random pool to /var/lib/systemd/random-seed. (bsc#1174964) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2554=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2020-2554=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.2.26-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-installation-4.2.45-3.8.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): yast2-installation-4.2.45-3.8.1 References: https://bugzilla.suse.com/1168036 https://bugzilla.suse.com/1174964 From sle-updates at lists.suse.com Mon Sep 7 10:16:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2020 18:16:45 +0200 (CEST) Subject: SUSE-RU-2020:2558-1: moderate: Recommended update for tomcat Message-ID: <20200907161645.0BF40F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2558-1 Rating: moderate References: #1092163 #1172562 #1173103 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for tomcat fixes the following issues: - Fixed the package alternatives for tomcat-servlet-4_0-api to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar - We kept /usr/share/java/tomcat-servlet.jar as a symlink for compatibility reasons (bsc#1092163) - Removed write permissions on several files and directories for the tomcat group (bsc#1172562) - Changed the tomcat.pid location from /var/run to /run (bsc#1173103) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2558=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): tomcat-9.0.36-3.9.1 tomcat-admin-webapps-9.0.36-3.9.1 tomcat-el-3_0-api-9.0.36-3.9.1 tomcat-jsp-2_3-api-9.0.36-3.9.1 tomcat-lib-9.0.36-3.9.1 tomcat-servlet-4_0-api-9.0.36-3.9.1 tomcat-webapps-9.0.36-3.9.1 References: https://bugzilla.suse.com/1092163 https://bugzilla.suse.com/1172562 https://bugzilla.suse.com/1173103 From sle-updates at lists.suse.com Mon Sep 7 10:17:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2020 18:17:39 +0200 (CEST) Subject: SUSE-RU-2020:2555-1: moderate: Recommended update for systemd Message-ID: <20200907161739.1F7E2F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2555-1 Rating: moderate References: #1169488 #1173227 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Fix inconsistent file modes for some ghost files. (bsc#1173227) - Fix for an issue where nfs-server clone causes cluster node to hang on reboot. (bsc#1169488) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2555=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2555=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libudev-devel-228-157.15.1 systemd-debuginfo-228-157.15.1 systemd-debugsource-228-157.15.1 systemd-devel-228-157.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsystemd0-228-157.15.1 libsystemd0-debuginfo-228-157.15.1 libudev-devel-228-157.15.1 libudev1-228-157.15.1 libudev1-debuginfo-228-157.15.1 systemd-228-157.15.1 systemd-debuginfo-228-157.15.1 systemd-debugsource-228-157.15.1 systemd-devel-228-157.15.1 systemd-sysvinit-228-157.15.1 udev-228-157.15.1 udev-debuginfo-228-157.15.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsystemd0-32bit-228-157.15.1 libsystemd0-debuginfo-32bit-228-157.15.1 libudev1-32bit-228-157.15.1 libudev1-debuginfo-32bit-228-157.15.1 systemd-32bit-228-157.15.1 systemd-debuginfo-32bit-228-157.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-bash-completion-228-157.15.1 References: https://bugzilla.suse.com/1169488 https://bugzilla.suse.com/1173227 From sle-updates at lists.suse.com Mon Sep 7 10:18:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2020 18:18:29 +0200 (CEST) Subject: SUSE-RU-2020:2556-1: moderate: Recommended update for python3-azuremetadata Message-ID: <20200907161829.E80E3F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-azuremetadata ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2556-1 Rating: moderate References: #1175609 #1175610 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-azuremetadata contains the following fix: - Fix provides directive (bsc#1175609, bsc#1175610) + The provides directive must set a version or update does not work as expected Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2556=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2556=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-2556=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-azuremetadata-5.1.2-1.16.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-azuremetadata-5.1.2-1.16.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-azuremetadata-5.1.2-1.16.1 References: https://bugzilla.suse.com/1175609 https://bugzilla.suse.com/1175610 From sle-updates at lists.suse.com Mon Sep 7 13:13:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2020 21:13:18 +0200 (CEST) Subject: SUSE-SU-2020:2562-1: important: Security update for go1.14 Message-ID: <20200907191318.472D5F794@maintenance.suse.de> SUSE Security Update: Security update for go1.14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2562-1 Rating: important References: #1164903 #1169832 #1170826 #1172868 #1174153 #1174191 #1174977 Cross-References: CVE-2020-14039 CVE-2020-15586 CVE-2020-16845 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for go1.14 fixes the following issues: - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977). - go1.14.6 (released 2020-07-16) includes fixes to the go command, the compiler, the linker, vet, and the database/sql, encoding/json, net/http, reflect, and testing packages. Refs bsc#1164903 go1.14 release tracking Refs bsc#1174153 bsc#1174191 * go#39991 runtime: missing deferreturn on linux/ppc64le * go#39920 net/http: panic on misformed If-None-Match Header with http.ServeContent * go#39849 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes * go#39824 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15 * go#39698 reflect: panic from malloc after MakeFunc function returns value that is also stored globally * go#39636 reflect: DeepEqual can return true for values that are not equal * go#39585 encoding/json: incorrect object key unmarshaling when using custom TextUnmarshaler as Key with string va lues * go#39562 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on linux-386-longtest builder because it trie s to use an older version of dlv which only supports linux/amd64 * go#39308 testing: streaming output loses parallel subtest associations * go#39288 cmd/vet: update for new number formats * go#39101 database/sql: context cancellation allows statements to execute after rollback * go#38030 doc: BuildNameToCertificate deprecated in go 1.14 not mentioned in the release notes * go#40212 net/http: Expect 100-continue panics in httputil.ReverseProxy bsc#1174153 CVE-2020-15586 * go#40210 crypto/x509: Certificate.Verify method seemingly ignoring EKU requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only) - Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not present bsc#1172868 gh#golang/go#35305 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2562=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2562=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.14-1.14.7-1.15.1 go1.14-doc-1.14.7-1.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): go1.14-1.14.7-1.15.1 go1.14-doc-1.14.7-1.15.1 References: https://www.suse.com/security/cve/CVE-2020-14039.html https://www.suse.com/security/cve/CVE-2020-15586.html https://www.suse.com/security/cve/CVE-2020-16845.html https://bugzilla.suse.com/1164903 https://bugzilla.suse.com/1169832 https://bugzilla.suse.com/1170826 https://bugzilla.suse.com/1172868 https://bugzilla.suse.com/1174153 https://bugzilla.suse.com/1174191 https://bugzilla.suse.com/1174977 From sle-updates at lists.suse.com Mon Sep 7 13:14:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 7 Sep 2020 21:14:40 +0200 (CEST) Subject: SUSE-SU-2020:2563-1: moderate: Security update for MozillaFirefox Message-ID: <20200907191440.71B5BF794@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2563-1 Rating: moderate References: #1173991 #1174284 #1175686 Cross-References: CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2563=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.2.0-3.105.1 MozillaFirefox-debuginfo-78.2.0-3.105.1 MozillaFirefox-debugsource-78.2.0-3.105.1 MozillaFirefox-translations-common-78.2.0-3.105.1 MozillaFirefox-translations-other-78.2.0-3.105.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.2.0-3.105.1 References: https://www.suse.com/security/cve/CVE-2020-15663.html https://www.suse.com/security/cve/CVE-2020-15664.html https://www.suse.com/security/cve/CVE-2020-15670.html https://bugzilla.suse.com/1173991 https://bugzilla.suse.com/1174284 https://bugzilla.suse.com/1175686 From sle-updates at lists.suse.com Tue Sep 8 07:16:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2020 15:16:43 +0200 (CEST) Subject: SUSE-RU-2020:14487-1: important: Recommended update for debconf-utils, python-croniter, python-distro, python-gnupg, python-singledispatch Message-ID: <20200908131643.69087F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for debconf-utils, python-croniter, python-distro, python-gnupg, python-singledispatch ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14487-1 Rating: important References: #1175337 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This maintenance update for SUSE Manager fixes the following issue: - Add missing packages to avoid requiring Universe repository for Ubuntu 18.04 bootstrapping (bsc#1175337) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-SUSE-Manager-202009-14487=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): debconf-1.5.66- debconf-doc-1.5.66- debconf-i18n-1.5.66- debconf-utils-1.5.66- python3-croniter-0.3.12-2 python3-debconf-1.5.66- python3-distro-1.0.1-2 python3-gnupg-0.4.1-1ubuntu1.18.04.1 python3-singledispatch-3.4.0.3-2 References: https://bugzilla.suse.com/1175337 From sle-updates at lists.suse.com Tue Sep 8 10:13:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2020 18:13:55 +0200 (CEST) Subject: SUSE-SU-2020:2570-1: moderate: Security update for libjpeg-turbo Message-ID: <20200908161355.1D4BFF403@maintenance.suse.de> SUSE Security Update: Security update for libjpeg-turbo ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2570-1 Rating: moderate References: #1172491 Cross-References: CVE-2020-13790 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libjpeg-turbo fixes the following issues: - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2570=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2570=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libjpeg62-devel-62.2.0-31.22.2 libjpeg8-devel-8.1.2-31.22.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-31.22.2 libjpeg-turbo-debuginfo-1.5.3-31.22.2 libjpeg-turbo-debugsource-1.5.3-31.22.2 libjpeg62-62.2.0-31.22.2 libjpeg62-debuginfo-62.2.0-31.22.2 libjpeg62-turbo-1.5.3-31.22.2 libjpeg62-turbo-debugsource-1.5.3-31.22.2 libjpeg8-8.1.2-31.22.2 libjpeg8-debuginfo-8.1.2-31.22.2 libturbojpeg0-8.1.2-31.22.2 libturbojpeg0-debuginfo-8.1.2-31.22.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libjpeg62-32bit-62.2.0-31.22.2 libjpeg62-debuginfo-32bit-62.2.0-31.22.2 libjpeg8-32bit-8.1.2-31.22.2 libjpeg8-debuginfo-32bit-8.1.2-31.22.2 References: https://www.suse.com/security/cve/CVE-2020-13790.html https://bugzilla.suse.com/1172491 From sle-updates at lists.suse.com Tue Sep 8 10:14:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2020 18:14:43 +0200 (CEST) Subject: SUSE-SU-2020:2569-1: moderate: Security update for libjpeg-turbo Message-ID: <20200908161443.8122CF403@maintenance.suse.de> SUSE Security Update: Security update for libjpeg-turbo ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2569-1 Rating: moderate References: #1172491 Cross-References: CVE-2020-13790 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libjpeg-turbo fixes the following issues: - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2569=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2569=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2569=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2569=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2569=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2569=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-5.15.7 libjpeg-turbo-debuginfo-1.5.3-5.15.7 libjpeg-turbo-debugsource-1.5.3-5.15.7 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-5.15.7 libjpeg-turbo-debuginfo-1.5.3-5.15.7 libjpeg-turbo-debugsource-1.5.3-5.15.7 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): libjpeg8-32bit-8.1.2-5.15.7 libjpeg8-32bit-debuginfo-8.1.2-5.15.7 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (x86_64): libjpeg8-32bit-8.1.2-5.15.7 libjpeg8-32bit-debuginfo-8.1.2-5.15.7 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libjpeg62-62.2.0-5.15.7 libjpeg62-debuginfo-62.2.0-5.15.7 libjpeg62-devel-62.2.0-5.15.7 libjpeg8-8.1.2-5.15.7 libjpeg8-debuginfo-8.1.2-5.15.7 libjpeg8-devel-8.1.2-5.15.7 libturbojpeg0-8.1.2-5.15.7 libturbojpeg0-debuginfo-8.1.2-5.15.7 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libjpeg62-62.2.0-5.15.7 libjpeg62-debuginfo-62.2.0-5.15.7 libjpeg62-devel-62.2.0-5.15.7 libjpeg8-8.1.2-5.15.7 libjpeg8-debuginfo-8.1.2-5.15.7 libjpeg8-devel-8.1.2-5.15.7 libturbojpeg0-8.1.2-5.15.7 libturbojpeg0-debuginfo-8.1.2-5.15.7 References: https://www.suse.com/security/cve/CVE-2020-13790.html https://bugzilla.suse.com/1172491 From sle-updates at lists.suse.com Tue Sep 8 10:15:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2020 18:15:35 +0200 (CEST) Subject: SUSE-OU-2020:2568-1: important: Optional update for iscsi-formula Message-ID: <20200908161535.5E062F403@maintenance.suse.de> SUSE Optional Update: Optional update for iscsi-formula ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2568-1 Rating: important References: Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has 0 optional fixes can now be installed. Description: This update adds iscsi-formula to the SLES for SAP products. (jsc#ECO-2443, jsc#ECO-1965, jsc#SLE-4047) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2020-2568=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2020-2568=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2020-2568=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): iscsi-formula-1.1.1-1.3.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): iscsi-formula-1.1.1-1.3.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): iscsi-formula-1.1.1-1.3.1 References: From sle-updates at lists.suse.com Tue Sep 8 13:13:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2020 21:13:12 +0200 (CEST) Subject: SUSE-RU-2020:2571-1: moderate: Recommended update for resource-agents Message-ID: <20200908191312.A8CE5F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2571-1 Rating: moderate References: #1170354 #1175101 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - GCP Resource Agents - Support for Multi Alias IP. (bsc#1175101) - OCF version check for pacemaker is incompatible with the SUSE version strings. (bsc#1170354) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2571=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-4.33.1 resource-agents-4.3.0184.6ee15eb2-4.33.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-4.33.1 resource-agents-debugsource-4.3.0184.6ee15eb2-4.33.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-4.33.1 References: https://bugzilla.suse.com/1170354 https://bugzilla.suse.com/1175101 From sle-updates at lists.suse.com Tue Sep 8 13:14:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2020 21:14:06 +0200 (CEST) Subject: SUSE-RU-2020:2573-1: moderate: Recommended update for postgresql-pgagent Message-ID: <20200908191406.EF83DF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql-pgagent ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2573-1 Rating: moderate References: #1174996 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql-pgagent provides the following fixes: - Do not build postgresql11 and postgresql12 flavors where they're not available. - Drop postgresql94 flavor: pgsql 9.4 is EOL. - adding postgresql12 to _multibuild (bsc#1174996) - Remove postgresql93 from multibuild and add postgresql11. - Fix build with PostgreSQL 11. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2573=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2573=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql10-pgagent-4.0.0-3.3.1 postgresql10-pgagent-debuginfo-4.0.0-3.3.1 postgresql10-pgagent-debugsource-4.0.0-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): postgresql10-pgagent-4.0.0-3.3.1 postgresql10-pgagent-debuginfo-4.0.0-3.3.1 postgresql10-pgagent-debugsource-4.0.0-3.3.1 References: https://bugzilla.suse.com/1174996 From sle-updates at lists.suse.com Tue Sep 8 13:14:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2020 21:14:54 +0200 (CEST) Subject: SUSE-SU-2020:2574-1: important: Security update for the Linux Kernel Message-ID: <20200908191454.146F8F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2574-1 Rating: important References: #1058115 #1065600 #1065729 #1071995 #1074701 #1083548 #1085030 #1085235 #1085308 #1087078 #1087082 #1094912 #1100394 #1102640 #1105412 #1111666 #1112178 #1113956 #1120163 #1133021 #1136666 #1144333 #1152148 #1163524 #1165629 #1166965 #1169790 #1170232 #1171558 #1171688 #1172073 #1172108 #1172247 #1172418 #1172428 #1172871 #1172872 #1172873 #1172963 #1173060 #1173485 #1173798 #1173954 #1174003 #1174026 #1174070 #1174161 #1174205 #1174387 #1174484 #1174547 #1174549 #1174550 #1174625 #1174658 #1174685 #1174689 #1174699 #1174734 #1174757 #1174771 #1174840 #1174841 #1174843 #1174844 #1174845 #1174852 #1174873 #1174904 #1174926 #1174968 #1175062 #1175063 #1175064 #1175065 #1175066 #1175067 #1175112 #1175127 #1175128 #1175149 #1175199 #1175213 #1175228 #1175232 #1175284 #1175393 #1175394 #1175396 #1175397 #1175398 #1175399 #1175400 #1175401 #1175402 #1175403 #1175404 #1175405 #1175406 #1175407 #1175408 #1175409 #1175410 #1175411 #1175412 #1175413 #1175414 #1175415 #1175416 #1175417 #1175418 #1175419 #1175420 #1175421 #1175422 #1175423 #1175440 #1175493 #1175515 #1175518 #1175526 #1175550 #1175654 #1175666 #1175667 #1175668 #1175669 #1175670 #1175691 #1175767 #1175768 #1175769 #1175770 #1175771 #1175772 #1175786 #1175873 #1176069 Cross-References: CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 131 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64/sve: should not depend on (bsc#1175401). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - constrants: fix malformed XML Closing tag of an element is "", not "". Fixes: 8b37de2eb835 ("rpm/constraints.in: Increase memory for kernel-docs") - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes - drm/debugfs: fix plain echo to connector "force" attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - EDAC: Fix reference count leaks (bsc#1112178). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. (bsc#1112178) * move files drivers/video/fbdev/core -> drivers/video/console * refresh for context changes - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kabi: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - KVM: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - NTB: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - NTB: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix "try" semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (bsc#1111666). - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (bsc#1113956) * refresh for context changes - Revert "ocfs2: avoid inode removal while nfsd is accessing it" This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert "ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963)." This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert "ocfs2: load global_inode_alloc (bsc#1172963)." This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - Revert "sign also s390x kernel images (bsc#1163524)" This reverts commit b38b61155f0a2c3ebca06d4bb0c2e11a19a87f1f. - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.) - rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2574=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.37.1 kernel-default-debugsource-4.12.14-122.37.1 kernel-default-kgraft-4.12.14-122.37.1 kernel-default-kgraft-devel-4.12.14-122.37.1 kgraft-patch-4_12_14-122_37-default-1-8.5.1 References: https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085235 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1087078 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1094912 https://bugzilla.suse.com/1100394 https://bugzilla.suse.com/1102640 https://bugzilla.suse.com/1105412 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1136666 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1166965 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174070 https://bugzilla.suse.com/1174161 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174547 https://bugzilla.suse.com/1174549 https://bugzilla.suse.com/1174550 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174658 https://bugzilla.suse.com/1174685 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174734 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174840 https://bugzilla.suse.com/1174841 https://bugzilla.suse.com/1174843 https://bugzilla.suse.com/1174844 https://bugzilla.suse.com/1174845 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174873 https://bugzilla.suse.com/1174904 https://bugzilla.suse.com/1174926 https://bugzilla.suse.com/1174968 https://bugzilla.suse.com/1175062 https://bugzilla.suse.com/1175063 https://bugzilla.suse.com/1175064 https://bugzilla.suse.com/1175065 https://bugzilla.suse.com/1175066 https://bugzilla.suse.com/1175067 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175393 https://bugzilla.suse.com/1175394 https://bugzilla.suse.com/1175396 https://bugzilla.suse.com/1175397 https://bugzilla.suse.com/1175398 https://bugzilla.suse.com/1175399 https://bugzilla.suse.com/1175400 https://bugzilla.suse.com/1175401 https://bugzilla.suse.com/1175402 https://bugzilla.suse.com/1175403 https://bugzilla.suse.com/1175404 https://bugzilla.suse.com/1175405 https://bugzilla.suse.com/1175406 https://bugzilla.suse.com/1175407 https://bugzilla.suse.com/1175408 https://bugzilla.suse.com/1175409 https://bugzilla.suse.com/1175410 https://bugzilla.suse.com/1175411 https://bugzilla.suse.com/1175412 https://bugzilla.suse.com/1175413 https://bugzilla.suse.com/1175414 https://bugzilla.suse.com/1175415 https://bugzilla.suse.com/1175416 https://bugzilla.suse.com/1175417 https://bugzilla.suse.com/1175418 https://bugzilla.suse.com/1175419 https://bugzilla.suse.com/1175420 https://bugzilla.suse.com/1175421 https://bugzilla.suse.com/1175422 https://bugzilla.suse.com/1175423 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175526 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175666 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175668 https://bugzilla.suse.com/1175669 https://bugzilla.suse.com/1175670 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175767 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175786 https://bugzilla.suse.com/1175873 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Tue Sep 8 13:29:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2020 21:29:32 +0200 (CEST) Subject: SUSE-SU-2020:2574-1: important: Security update for the Linux Kernel Message-ID: <20200908192932.8C8D9F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2574-1 Rating: important References: #1058115 #1065600 #1065729 #1071995 #1074701 #1083548 #1085030 #1085235 #1085308 #1087078 #1087082 #1094912 #1100394 #1102640 #1105412 #1111666 #1112178 #1113956 #1120163 #1133021 #1136666 #1144333 #1152148 #1163524 #1165629 #1166965 #1169790 #1170232 #1171558 #1171688 #1172073 #1172108 #1172247 #1172418 #1172428 #1172871 #1172872 #1172873 #1172963 #1173060 #1173485 #1173798 #1173954 #1174003 #1174026 #1174070 #1174161 #1174205 #1174387 #1174484 #1174547 #1174549 #1174550 #1174625 #1174658 #1174685 #1174689 #1174699 #1174734 #1174757 #1174771 #1174840 #1174841 #1174843 #1174844 #1174845 #1174852 #1174873 #1174904 #1174926 #1174968 #1175062 #1175063 #1175064 #1175065 #1175066 #1175067 #1175112 #1175127 #1175128 #1175149 #1175199 #1175213 #1175228 #1175232 #1175284 #1175393 #1175394 #1175396 #1175397 #1175398 #1175399 #1175400 #1175401 #1175402 #1175403 #1175404 #1175405 #1175406 #1175407 #1175408 #1175409 #1175410 #1175411 #1175412 #1175413 #1175414 #1175415 #1175416 #1175417 #1175418 #1175419 #1175420 #1175421 #1175422 #1175423 #1175440 #1175493 #1175515 #1175518 #1175526 #1175550 #1175654 #1175666 #1175667 #1175668 #1175669 #1175670 #1175691 #1175767 #1175768 #1175769 #1175770 #1175771 #1175772 #1175786 #1175873 #1176069 Cross-References: CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 131 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64/sve: should not depend on (bsc#1175401). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - bcache: allocate meta data pages as compound pages (bsc#1172873). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - constrants: fix malformed XML Closing tag of an element is "", not "". Fixes: 8b37de2eb835 ("rpm/constraints.in: Increase memory for kernel-docs") - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes - drm/debugfs: fix plain echo to connector "force" attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - EDAC: Fix reference count leaks (bsc#1112178). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. (bsc#1112178) * move files drivers/video/fbdev/core -> drivers/video/console * refresh for context changes - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kabi: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - KVM: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - NTB: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - NTB: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix "try" semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (bsc#1111666). - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (bsc#1113956) * refresh for context changes - Revert "ocfs2: avoid inode removal while nfsd is accessing it" This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert "ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963)." This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert "ocfs2: load global_inode_alloc (bsc#1172963)." This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - Revert "sign also s390x kernel images (bsc#1163524)" This reverts commit b38b61155f0a2c3ebca06d4bb0c2e11a19a87f1f. - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.) - rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2574=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2574=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2574=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2574=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2574=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.37.1 kernel-default-debugsource-4.12.14-122.37.1 kernel-default-extra-4.12.14-122.37.1 kernel-default-extra-debuginfo-4.12.14-122.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.37.1 kernel-obs-build-debugsource-4.12.14-122.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.37.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.37.1 kernel-default-base-4.12.14-122.37.1 kernel-default-base-debuginfo-4.12.14-122.37.1 kernel-default-debuginfo-4.12.14-122.37.1 kernel-default-debugsource-4.12.14-122.37.1 kernel-default-devel-4.12.14-122.37.1 kernel-syms-4.12.14-122.37.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.37.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.37.1 kernel-macros-4.12.14-122.37.1 kernel-source-4.12.14-122.37.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.37.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.37.1 kernel-default-debugsource-4.12.14-122.37.1 kernel-default-kgraft-4.12.14-122.37.1 kernel-default-kgraft-devel-4.12.14-122.37.1 kgraft-patch-4_12_14-122_37-default-1-8.5.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.37.1 cluster-md-kmp-default-debuginfo-4.12.14-122.37.1 dlm-kmp-default-4.12.14-122.37.1 dlm-kmp-default-debuginfo-4.12.14-122.37.1 gfs2-kmp-default-4.12.14-122.37.1 gfs2-kmp-default-debuginfo-4.12.14-122.37.1 kernel-default-debuginfo-4.12.14-122.37.1 kernel-default-debugsource-4.12.14-122.37.1 ocfs2-kmp-default-4.12.14-122.37.1 ocfs2-kmp-default-debuginfo-4.12.14-122.37.1 References: https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085235 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1087078 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1094912 https://bugzilla.suse.com/1100394 https://bugzilla.suse.com/1102640 https://bugzilla.suse.com/1105412 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1136666 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1166965 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174070 https://bugzilla.suse.com/1174161 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174547 https://bugzilla.suse.com/1174549 https://bugzilla.suse.com/1174550 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174658 https://bugzilla.suse.com/1174685 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174734 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174840 https://bugzilla.suse.com/1174841 https://bugzilla.suse.com/1174843 https://bugzilla.suse.com/1174844 https://bugzilla.suse.com/1174845 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174873 https://bugzilla.suse.com/1174904 https://bugzilla.suse.com/1174926 https://bugzilla.suse.com/1174968 https://bugzilla.suse.com/1175062 https://bugzilla.suse.com/1175063 https://bugzilla.suse.com/1175064 https://bugzilla.suse.com/1175065 https://bugzilla.suse.com/1175066 https://bugzilla.suse.com/1175067 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175393 https://bugzilla.suse.com/1175394 https://bugzilla.suse.com/1175396 https://bugzilla.suse.com/1175397 https://bugzilla.suse.com/1175398 https://bugzilla.suse.com/1175399 https://bugzilla.suse.com/1175400 https://bugzilla.suse.com/1175401 https://bugzilla.suse.com/1175402 https://bugzilla.suse.com/1175403 https://bugzilla.suse.com/1175404 https://bugzilla.suse.com/1175405 https://bugzilla.suse.com/1175406 https://bugzilla.suse.com/1175407 https://bugzilla.suse.com/1175408 https://bugzilla.suse.com/1175409 https://bugzilla.suse.com/1175410 https://bugzilla.suse.com/1175411 https://bugzilla.suse.com/1175412 https://bugzilla.suse.com/1175413 https://bugzilla.suse.com/1175414 https://bugzilla.suse.com/1175415 https://bugzilla.suse.com/1175416 https://bugzilla.suse.com/1175417 https://bugzilla.suse.com/1175418 https://bugzilla.suse.com/1175419 https://bugzilla.suse.com/1175420 https://bugzilla.suse.com/1175421 https://bugzilla.suse.com/1175422 https://bugzilla.suse.com/1175423 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175526 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175666 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175668 https://bugzilla.suse.com/1175669 https://bugzilla.suse.com/1175670 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175767 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175786 https://bugzilla.suse.com/1175873 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Tue Sep 8 13:44:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 8 Sep 2020 21:44:04 +0200 (CEST) Subject: SUSE-RU-2020:2572-1: moderate: Recommended update for resource-agents Message-ID: <20200908194404.7B8C9F3D7@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2572-1 Rating: moderate References: #1170354 #1175101 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - GCP Resource Agents - Support for Multi Alias IP. (bsc#1175101) - OCF version check for pacemaker is incompatible with the SUSE version strings. (bsc#1170354) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2572=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-3.48.1 resource-agents-4.3.0184.6ee15eb2-3.48.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-3.48.1 resource-agents-debugsource-4.3.0184.6ee15eb2-3.48.1 - SUSE Linux Enterprise High Availability 15 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-3.48.1 References: https://bugzilla.suse.com/1170354 https://bugzilla.suse.com/1175101 From sle-updates at lists.suse.com Wed Sep 9 04:13:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2020 12:13:37 +0200 (CEST) Subject: SUSE-SU-2020:2575-1: important: Security update for the Linux Kernel Message-ID: <20200909101337.183CAF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2575-1 Rating: important References: #1058115 #1065600 #1065729 #1071995 #1083548 #1085030 #1111666 #1112178 #1113956 #1120163 #1133021 #1136666 #1144333 #1152148 #1163524 #1165629 #1166965 #1169790 #1170232 #1171558 #1171688 #1171988 #1172073 #1172108 #1172247 #1172418 #1172428 #1172871 #1172872 #1172873 #1172963 #1173060 #1173485 #1173798 #1173954 #1174003 #1174026 #1174070 #1174205 #1174387 #1174484 #1174547 #1174549 #1174550 #1174625 #1174658 #1174685 #1174689 #1174699 #1174734 #1174757 #1174771 #1174840 #1174841 #1174843 #1174844 #1174845 #1174852 #1174873 #1174904 #1174926 #1174968 #1175062 #1175063 #1175064 #1175065 #1175066 #1175067 #1175112 #1175127 #1175128 #1175149 #1175199 #1175213 #1175228 #1175232 #1175284 #1175393 #1175394 #1175396 #1175397 #1175398 #1175399 #1175400 #1175401 #1175402 #1175403 #1175404 #1175405 #1175406 #1175407 #1175408 #1175409 #1175410 #1175411 #1175412 #1175413 #1175414 #1175415 #1175416 #1175417 #1175418 #1175419 #1175420 #1175421 #1175422 #1175423 #1175440 #1175493 #1175515 #1175518 #1175526 #1175550 #1175654 #1175666 #1175667 #1175668 #1175669 #1175670 #1175691 #1175767 #1175768 #1175769 #1175770 #1175771 #1175772 #1175786 #1175873 #1176069 Cross-References: CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 121 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64/sve: should not depend on <uapi/linux/prctl.h> (bsc#1175401). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - constrants: fix malformed XML Closing tag of an element is "", not "". Fixes: 8b37de2eb835 ("rpm/constraints.in: Increase memory for kernel-docs") - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes - drm/debugfs: fix plain echo to connector "force" attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. (bsc#1112178) * move files drivers/video/fbdev/core -> drivers/video/console * refresh for context changes - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kabi: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - KVM: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - ntb: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - ntb: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix "try" semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (bsc#1111666). - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (bsc#1113956) * refresh for context changes - Revert "ocfs2: avoid inode removal while nfsd is accessing it" This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert "ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963)." This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert "ocfs2: load global_inode_alloc (bsc#1172963)." This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.) - rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging/speakup: fix get_word non-space look-ahead (git-fixes). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2575=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2575=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2575=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2575=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2575=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.56.1 kernel-default-debugsource-4.12.14-197.56.1 kernel-default-extra-4.12.14-197.56.1 kernel-default-extra-debuginfo-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.56.1 kernel-default-debugsource-4.12.14-197.56.1 reiserfs-kmp-default-4.12.14-197.56.1 reiserfs-kmp-default-debuginfo-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.56.1 kernel-obs-build-debugsource-4.12.14-197.56.1 kernel-syms-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.56.1 kernel-source-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.56.1 kernel-default-base-4.12.14-197.56.1 kernel-default-base-debuginfo-4.12.14-197.56.1 kernel-default-debuginfo-4.12.14-197.56.1 kernel-default-debugsource-4.12.14-197.56.1 kernel-default-devel-4.12.14-197.56.1 kernel-default-devel-debuginfo-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.56.1 kernel-macros-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.56.1 kernel-zfcpdump-debuginfo-4.12.14-197.56.1 kernel-zfcpdump-debugsource-4.12.14-197.56.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.56.1 cluster-md-kmp-default-debuginfo-4.12.14-197.56.1 dlm-kmp-default-4.12.14-197.56.1 dlm-kmp-default-debuginfo-4.12.14-197.56.1 gfs2-kmp-default-4.12.14-197.56.1 gfs2-kmp-default-debuginfo-4.12.14-197.56.1 kernel-default-debuginfo-4.12.14-197.56.1 kernel-default-debugsource-4.12.14-197.56.1 ocfs2-kmp-default-4.12.14-197.56.1 ocfs2-kmp-default-debuginfo-4.12.14-197.56.1 References: https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1136666 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1166965 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174070 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174547 https://bugzilla.suse.com/1174549 https://bugzilla.suse.com/1174550 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174658 https://bugzilla.suse.com/1174685 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174734 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174840 https://bugzilla.suse.com/1174841 https://bugzilla.suse.com/1174843 https://bugzilla.suse.com/1174844 https://bugzilla.suse.com/1174845 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174873 https://bugzilla.suse.com/1174904 https://bugzilla.suse.com/1174926 https://bugzilla.suse.com/1174968 https://bugzilla.suse.com/1175062 https://bugzilla.suse.com/1175063 https://bugzilla.suse.com/1175064 https://bugzilla.suse.com/1175065 https://bugzilla.suse.com/1175066 https://bugzilla.suse.com/1175067 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175393 https://bugzilla.suse.com/1175394 https://bugzilla.suse.com/1175396 https://bugzilla.suse.com/1175397 https://bugzilla.suse.com/1175398 https://bugzilla.suse.com/1175399 https://bugzilla.suse.com/1175400 https://bugzilla.suse.com/1175401 https://bugzilla.suse.com/1175402 https://bugzilla.suse.com/1175403 https://bugzilla.suse.com/1175404 https://bugzilla.suse.com/1175405 https://bugzilla.suse.com/1175406 https://bugzilla.suse.com/1175407 https://bugzilla.suse.com/1175408 https://bugzilla.suse.com/1175409 https://bugzilla.suse.com/1175410 https://bugzilla.suse.com/1175411 https://bugzilla.suse.com/1175412 https://bugzilla.suse.com/1175413 https://bugzilla.suse.com/1175414 https://bugzilla.suse.com/1175415 https://bugzilla.suse.com/1175416 https://bugzilla.suse.com/1175417 https://bugzilla.suse.com/1175418 https://bugzilla.suse.com/1175419 https://bugzilla.suse.com/1175420 https://bugzilla.suse.com/1175421 https://bugzilla.suse.com/1175422 https://bugzilla.suse.com/1175423 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175526 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175666 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175668 https://bugzilla.suse.com/1175669 https://bugzilla.suse.com/1175670 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175767 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175786 https://bugzilla.suse.com/1175873 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Wed Sep 9 04:39:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2020 12:39:21 +0200 (CEST) Subject: SUSE-SU-2020:2576-1: important: Security update for the Linux Kernel Message-ID: <20200909103921.243A1F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2576-1 Rating: important References: #1152107 #1173798 #1174205 #1174757 #1175691 #1176069 Cross-References: CVE-2019-16746 CVE-2020-14314 CVE-2020-14331 CVE-2020-14386 CVE-2020-16166 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2019-16746: Fixed an improper check of the length of variable elements in a beacon head, leading to a buffer overflow (bsc#1152107). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bug was fixed: - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2576=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2576=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2576=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2576=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2020-2576=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): kernel-default-4.4.121-92.141.1 kernel-default-base-4.4.121-92.141.1 kernel-default-base-debuginfo-4.4.121-92.141.1 kernel-default-debuginfo-4.4.121-92.141.1 kernel-default-debugsource-4.4.121-92.141.1 kernel-default-devel-4.4.121-92.141.1 kernel-syms-4.4.121-92.141.1 - SUSE OpenStack Cloud 7 (noarch): kernel-devel-4.4.121-92.141.1 kernel-macros-4.4.121-92.141.1 kernel-source-4.4.121-92.141.1 - SUSE OpenStack Cloud 7 (x86_64): kgraft-patch-4_4_121-92_141-default-1-3.3.1 - SUSE OpenStack Cloud 7 (s390x): kernel-default-man-4.4.121-92.141.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kernel-default-4.4.121-92.141.1 kernel-default-base-4.4.121-92.141.1 kernel-default-base-debuginfo-4.4.121-92.141.1 kernel-default-debuginfo-4.4.121-92.141.1 kernel-default-debugsource-4.4.121-92.141.1 kernel-default-devel-4.4.121-92.141.1 kernel-syms-4.4.121-92.141.1 kgraft-patch-4_4_121-92_141-default-1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): kernel-devel-4.4.121-92.141.1 kernel-macros-4.4.121-92.141.1 kernel-source-4.4.121-92.141.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): kernel-default-4.4.121-92.141.1 kernel-default-base-4.4.121-92.141.1 kernel-default-base-debuginfo-4.4.121-92.141.1 kernel-default-debuginfo-4.4.121-92.141.1 kernel-default-debugsource-4.4.121-92.141.1 kernel-default-devel-4.4.121-92.141.1 kernel-syms-4.4.121-92.141.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_141-default-1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): kernel-devel-4.4.121-92.141.1 kernel-macros-4.4.121-92.141.1 kernel-source-4.4.121-92.141.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): kernel-default-man-4.4.121-92.141.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.141.1 kernel-default-base-4.4.121-92.141.1 kernel-default-base-debuginfo-4.4.121-92.141.1 kernel-default-debuginfo-4.4.121-92.141.1 kernel-default-debugsource-4.4.121-92.141.1 kernel-default-devel-4.4.121-92.141.1 kernel-syms-4.4.121-92.141.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.141.1 kernel-macros-4.4.121-92.141.1 kernel-source-4.4.121-92.141.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.121-92.141.1 cluster-md-kmp-default-debuginfo-4.4.121-92.141.1 cluster-network-kmp-default-4.4.121-92.141.1 cluster-network-kmp-default-debuginfo-4.4.121-92.141.1 dlm-kmp-default-4.4.121-92.141.1 dlm-kmp-default-debuginfo-4.4.121-92.141.1 gfs2-kmp-default-4.4.121-92.141.1 gfs2-kmp-default-debuginfo-4.4.121-92.141.1 kernel-default-debuginfo-4.4.121-92.141.1 kernel-default-debugsource-4.4.121-92.141.1 ocfs2-kmp-default-4.4.121-92.141.1 ocfs2-kmp-default-debuginfo-4.4.121-92.141.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-16166.html https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Wed Sep 9 04:41:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2020 12:41:32 +0200 (CEST) Subject: SUSE-SU-2020:2579-1: important: Security update for the Linux Kernel Message-ID: <20200909104132.DB427F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2579-1 Rating: important References: #1058115 #1112178 #1136666 #1171558 #1173060 #1175691 #1176069 Cross-References: CVE-2020-14386 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - EDAC: Fix reference count leaks (bsc#1112178). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2579=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.44.1 kernel-source-azure-4.12.14-8.44.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.44.1 kernel-azure-base-4.12.14-8.44.1 kernel-azure-base-debuginfo-4.12.14-8.44.1 kernel-azure-debuginfo-4.12.14-8.44.1 kernel-azure-devel-4.12.14-8.44.1 kernel-syms-azure-4.12.14-8.44.1 References: https://www.suse.com/security/cve/CVE-2020-14386.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1136666 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Wed Sep 9 04:43:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2020 12:43:59 +0200 (CEST) Subject: SUSE-SU-2020:2577-1: important: Security update for the Linux Kernel Message-ID: <20200909104359.58059F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2577-1 Rating: important References: #1176069 Cross-References: CVE-2020-14386 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2577=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2577=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2577=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2577=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2577=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.15.1 kernel-default-debugsource-5.3.18-24.15.1 kernel-default-extra-5.3.18-24.15.1 kernel-default-extra-debuginfo-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.15.1 kernel-default-debugsource-5.3.18-24.15.1 reiserfs-kmp-default-5.3.18-24.15.1 reiserfs-kmp-default-debuginfo-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.15.1 kernel-obs-build-debugsource-5.3.18-24.15.1 kernel-syms-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.15.1 kernel-preempt-debugsource-5.3.18-24.15.1 kernel-preempt-devel-5.3.18-24.15.1 kernel-preempt-devel-debuginfo-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.15.2 kernel-source-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.15.1 kernel-default-debuginfo-5.3.18-24.15.1 kernel-default-debugsource-5.3.18-24.15.1 kernel-default-devel-5.3.18-24.15.1 kernel-default-devel-debuginfo-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.15.1 kernel-preempt-debuginfo-5.3.18-24.15.1 kernel-preempt-debugsource-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.15.1 kernel-macros-5.3.18-24.15.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.15.1 cluster-md-kmp-default-debuginfo-5.3.18-24.15.1 dlm-kmp-default-5.3.18-24.15.1 dlm-kmp-default-debuginfo-5.3.18-24.15.1 gfs2-kmp-default-5.3.18-24.15.1 gfs2-kmp-default-debuginfo-5.3.18-24.15.1 kernel-default-debuginfo-5.3.18-24.15.1 kernel-default-debugsource-5.3.18-24.15.1 ocfs2-kmp-default-5.3.18-24.15.1 ocfs2-kmp-default-debuginfo-5.3.18-24.15.1 References: https://www.suse.com/security/cve/CVE-2020-14386.html https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Wed Sep 9 04:44:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2020 12:44:56 +0200 (CEST) Subject: SUSE-SU-2020:2580-1: important: Security update for the Linux Kernel Message-ID: <20200909104456.4A9DBF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2580-1 Rating: important References: #1065600 #1136666 #1152148 #1155798 #1156395 #1170232 #1171000 #1171073 #1171558 #1172419 #1172873 #1173060 #1173267 #1174029 #1174110 #1174111 #1174484 #1174486 #1175263 #1175667 #1175787 #1175952 #1175996 #1175997 #1175998 #1175999 #1176000 #1176001 #1176022 #1176063 #1176069 Cross-References: CVE-2020-14386 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 30 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - dax: do not print error message for non-persistent memory block device (bsc#1171073). - dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996). - drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes). - drm/msm/a6xx: fix crashdec section name typo (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm/gpu: make ringbuffer readonly (git-fixes). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111). - efi: avoid error message when booting under Xen (bsc#1172419). - efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111). - efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267). - efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111). - efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111). - ext4: handle read only external journal device (bsc#1176063). - felix: Fix initialization of ioremap resources (bsc#1175997). - Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600). - infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111). - kabi: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111). - kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/ - mei: fix CNL itouch device number to match the spec (bsc#1175952). - mei: me: disable mei interface on LBG servers (bsc#1175952). - mei: me: disable mei interface on Mehlow server platforms (bsc#1175952). - mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes). - mmc: mediatek: add optional module reset property (git-fixes). - mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes). - net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998). - net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999). - net: enetc: fix an issue about leak system resources (bsc#1176000). - net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - PCI: Add device even if driver attach failed (git-fixes). - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes). - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395). - regulator: fix memory leak on error path of regulator_register() (git-fixes). - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: nohz: stop passing around unused "ticks" parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). Replace patches.suse/lpfc-synchronize-nvme-transport-and-lpfc-driver-devloss_tmo.pa tch with upstream version of the fix. - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449). - sdhci: tegra: Add missing TMCLK for data timeout (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes). - x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600). - xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2580=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.18.1 kernel-azure-debuginfo-5.3.18-18.18.1 kernel-azure-debugsource-5.3.18-18.18.1 kernel-azure-devel-5.3.18-18.18.1 kernel-azure-devel-debuginfo-5.3.18-18.18.1 kernel-syms-azure-5.3.18-18.18.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.18.1 kernel-source-azure-5.3.18-18.18.1 References: https://www.suse.com/security/cve/CVE-2020-14386.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1136666 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1155798 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1171000 https://bugzilla.suse.com/1171073 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1172419 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173267 https://bugzilla.suse.com/1174029 https://bugzilla.suse.com/1174110 https://bugzilla.suse.com/1174111 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174486 https://bugzilla.suse.com/1175263 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175787 https://bugzilla.suse.com/1175952 https://bugzilla.suse.com/1175996 https://bugzilla.suse.com/1175997 https://bugzilla.suse.com/1175998 https://bugzilla.suse.com/1175999 https://bugzilla.suse.com/1176000 https://bugzilla.suse.com/1176001 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176063 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Wed Sep 9 04:52:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2020 12:52:44 +0200 (CEST) Subject: SUSE-SU-2020:2575-1: important: Security update for the Linux Kernel Message-ID: <20200909105244.3064FF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2575-1 Rating: important References: #1058115 #1065600 #1065729 #1071995 #1083548 #1085030 #1111666 #1112178 #1113956 #1120163 #1133021 #1136666 #1144333 #1152148 #1163524 #1165629 #1166965 #1169790 #1170232 #1171558 #1171688 #1171988 #1172073 #1172108 #1172247 #1172418 #1172428 #1172871 #1172872 #1172873 #1172963 #1173060 #1173485 #1173798 #1173954 #1174003 #1174026 #1174070 #1174205 #1174387 #1174484 #1174547 #1174549 #1174550 #1174625 #1174658 #1174685 #1174689 #1174699 #1174734 #1174757 #1174771 #1174840 #1174841 #1174843 #1174844 #1174845 #1174852 #1174873 #1174904 #1174926 #1174968 #1175062 #1175063 #1175064 #1175065 #1175066 #1175067 #1175112 #1175127 #1175128 #1175149 #1175199 #1175213 #1175228 #1175232 #1175284 #1175393 #1175394 #1175396 #1175397 #1175398 #1175399 #1175400 #1175401 #1175402 #1175403 #1175404 #1175405 #1175406 #1175407 #1175408 #1175409 #1175410 #1175411 #1175412 #1175413 #1175414 #1175415 #1175416 #1175417 #1175418 #1175419 #1175420 #1175421 #1175422 #1175423 #1175440 #1175493 #1175515 #1175518 #1175526 #1175550 #1175654 #1175666 #1175667 #1175668 #1175669 #1175670 #1175691 #1175767 #1175768 #1175769 #1175770 #1175771 #1175772 #1175786 #1175873 #1176069 Cross-References: CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 121 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64/sve: should not depend on <uapi/linux/prctl.h> (bsc#1175401). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - constrants: fix malformed XML Closing tag of an element is "", not "". Fixes: 8b37de2eb835 ("rpm/constraints.in: Increase memory for kernel-docs") - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes - drm/debugfs: fix plain echo to connector "force" attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. (bsc#1112178) * move files drivers/video/fbdev/core -> drivers/video/console * refresh for context changes - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kabi: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - KVM: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - ntb: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - ntb: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix "try" semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (bsc#1111666). - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (bsc#1113956) * refresh for context changes - Revert "ocfs2: avoid inode removal while nfsd is accessing it" This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert "ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963)." This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert "ocfs2: load global_inode_alloc (bsc#1172963)." This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.) - rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging/speakup: fix get_word non-space look-ahead (git-fixes). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2575=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2575=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2575=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2575=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2575=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2575=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.56.1 kernel-default-debugsource-4.12.14-197.56.1 kernel-default-extra-4.12.14-197.56.1 kernel-default-extra-debuginfo-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.56.1 kernel-default-debugsource-4.12.14-197.56.1 kernel-default-livepatch-4.12.14-197.56.1 kernel-default-livepatch-devel-4.12.14-197.56.1 kernel-livepatch-4_12_14-197_56-default-1-3.3.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.56.1 kernel-default-debugsource-4.12.14-197.56.1 reiserfs-kmp-default-4.12.14-197.56.1 reiserfs-kmp-default-debuginfo-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.56.1 kernel-obs-build-debugsource-4.12.14-197.56.1 kernel-syms-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.56.1 kernel-source-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.56.1 kernel-default-base-4.12.14-197.56.1 kernel-default-base-debuginfo-4.12.14-197.56.1 kernel-default-debuginfo-4.12.14-197.56.1 kernel-default-debugsource-4.12.14-197.56.1 kernel-default-devel-4.12.14-197.56.1 kernel-default-devel-debuginfo-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.56.1 kernel-macros-4.12.14-197.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.56.1 kernel-zfcpdump-debuginfo-4.12.14-197.56.1 kernel-zfcpdump-debugsource-4.12.14-197.56.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.56.1 cluster-md-kmp-default-debuginfo-4.12.14-197.56.1 dlm-kmp-default-4.12.14-197.56.1 dlm-kmp-default-debuginfo-4.12.14-197.56.1 gfs2-kmp-default-4.12.14-197.56.1 gfs2-kmp-default-debuginfo-4.12.14-197.56.1 kernel-default-debuginfo-4.12.14-197.56.1 kernel-default-debugsource-4.12.14-197.56.1 ocfs2-kmp-default-4.12.14-197.56.1 ocfs2-kmp-default-debuginfo-4.12.14-197.56.1 References: https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1136666 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1166965 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174070 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174547 https://bugzilla.suse.com/1174549 https://bugzilla.suse.com/1174550 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174658 https://bugzilla.suse.com/1174685 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174734 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174840 https://bugzilla.suse.com/1174841 https://bugzilla.suse.com/1174843 https://bugzilla.suse.com/1174844 https://bugzilla.suse.com/1174845 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174873 https://bugzilla.suse.com/1174904 https://bugzilla.suse.com/1174926 https://bugzilla.suse.com/1174968 https://bugzilla.suse.com/1175062 https://bugzilla.suse.com/1175063 https://bugzilla.suse.com/1175064 https://bugzilla.suse.com/1175065 https://bugzilla.suse.com/1175066 https://bugzilla.suse.com/1175067 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175393 https://bugzilla.suse.com/1175394 https://bugzilla.suse.com/1175396 https://bugzilla.suse.com/1175397 https://bugzilla.suse.com/1175398 https://bugzilla.suse.com/1175399 https://bugzilla.suse.com/1175400 https://bugzilla.suse.com/1175401 https://bugzilla.suse.com/1175402 https://bugzilla.suse.com/1175403 https://bugzilla.suse.com/1175404 https://bugzilla.suse.com/1175405 https://bugzilla.suse.com/1175406 https://bugzilla.suse.com/1175407 https://bugzilla.suse.com/1175408 https://bugzilla.suse.com/1175409 https://bugzilla.suse.com/1175410 https://bugzilla.suse.com/1175411 https://bugzilla.suse.com/1175412 https://bugzilla.suse.com/1175413 https://bugzilla.suse.com/1175414 https://bugzilla.suse.com/1175415 https://bugzilla.suse.com/1175416 https://bugzilla.suse.com/1175417 https://bugzilla.suse.com/1175418 https://bugzilla.suse.com/1175419 https://bugzilla.suse.com/1175420 https://bugzilla.suse.com/1175421 https://bugzilla.suse.com/1175422 https://bugzilla.suse.com/1175423 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175526 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175666 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175668 https://bugzilla.suse.com/1175669 https://bugzilla.suse.com/1175670 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175767 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175786 https://bugzilla.suse.com/1175873 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Wed Sep 9 05:22:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2020 13:22:43 +0200 (CEST) Subject: SUSE-SU-2020:2578-1: important: Security update for the Linux Kernel Message-ID: <20200909112243.1731AF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2578-1 Rating: important References: #1058115 #1112178 #1136666 #1171558 #1173060 #1175691 #1176069 Cross-References: CVE-2020-14386 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bug was fixed: - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - EDAC: Fix reference count leaks (bsc#1112178). - KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - net/mlx5e: Fix error path of device attach (git-fixes). - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes). - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - vxlan: Ensure FDB dump is performed under RCU (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2578=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.28.1 kernel-source-azure-4.12.14-16.28.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.28.1 kernel-azure-base-4.12.14-16.28.1 kernel-azure-base-debuginfo-4.12.14-16.28.1 kernel-azure-debuginfo-4.12.14-16.28.1 kernel-azure-debugsource-4.12.14-16.28.1 kernel-azure-devel-4.12.14-16.28.1 kernel-syms-azure-4.12.14-16.28.1 References: https://www.suse.com/security/cve/CVE-2020-14386.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1136666 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Wed Sep 9 05:25:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2020 13:25:56 +0200 (CEST) Subject: SUSE-SU-2020:2577-1: important: Security update for the Linux Kernel Message-ID: <20200909112556.DC696F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2577-1 Rating: important References: #1176069 Cross-References: CVE-2020-14386 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2577=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2577=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2577=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2577=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2577=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2577=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.15.1 kernel-default-debugsource-5.3.18-24.15.1 kernel-default-extra-5.3.18-24.15.1 kernel-default-extra-debuginfo-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.15.1 kernel-default-debugsource-5.3.18-24.15.1 kernel-default-livepatch-5.3.18-24.15.1 kernel-default-livepatch-devel-5.3.18-24.15.1 kernel-livepatch-5_3_18-24_15-default-1-5.3.1 kernel-livepatch-5_3_18-24_15-default-debuginfo-1-5.3.1 kernel-livepatch-SLE15-SP2_Update_3-debugsource-1-5.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.15.1 kernel-default-debugsource-5.3.18-24.15.1 reiserfs-kmp-default-5.3.18-24.15.1 reiserfs-kmp-default-debuginfo-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.15.1 kernel-obs-build-debugsource-5.3.18-24.15.1 kernel-syms-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.15.1 kernel-preempt-debugsource-5.3.18-24.15.1 kernel-preempt-devel-5.3.18-24.15.1 kernel-preempt-devel-debuginfo-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.15.2 kernel-source-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.15.1 kernel-default-debuginfo-5.3.18-24.15.1 kernel-default-debugsource-5.3.18-24.15.1 kernel-default-devel-5.3.18-24.15.1 kernel-default-devel-debuginfo-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.15.1 kernel-preempt-debuginfo-5.3.18-24.15.1 kernel-preempt-debugsource-5.3.18-24.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.15.1 kernel-macros-5.3.18-24.15.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.15.1 cluster-md-kmp-default-debuginfo-5.3.18-24.15.1 dlm-kmp-default-5.3.18-24.15.1 dlm-kmp-default-debuginfo-5.3.18-24.15.1 gfs2-kmp-default-5.3.18-24.15.1 gfs2-kmp-default-debuginfo-5.3.18-24.15.1 kernel-default-debuginfo-5.3.18-24.15.1 kernel-default-debugsource-5.3.18-24.15.1 ocfs2-kmp-default-5.3.18-24.15.1 ocfs2-kmp-default-debuginfo-5.3.18-24.15.1 References: https://www.suse.com/security/cve/CVE-2020-14386.html https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Wed Sep 9 10:15:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2020 18:15:18 +0200 (CEST) Subject: SUSE-SU-2020:2581-1: moderate: Security update for openldap2 Message-ID: <20200909161518.1428AF403@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2581-1 Rating: moderate References: #1174154 Cross-References: CVE-2020-15719 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2581=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2581=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2581=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2581=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2581=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2581=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): openldap2-back-meta-2.4.46-9.34.1 openldap2-back-meta-debuginfo-2.4.46-9.34.1 openldap2-back-perl-2.4.46-9.34.1 openldap2-back-perl-debuginfo-2.4.46-9.34.1 openldap2-debuginfo-2.4.46-9.34.1 openldap2-debugsource-2.4.46-9.34.1 openldap2-ppolicy-check-password-1.2-9.34.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.34.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.34.1 openldap2-back-meta-2.4.46-9.34.1 openldap2-back-meta-debuginfo-2.4.46-9.34.1 openldap2-back-perl-2.4.46-9.34.1 openldap2-back-perl-debuginfo-2.4.46-9.34.1 openldap2-debuginfo-2.4.46-9.34.1 openldap2-debugsource-2.4.46-9.34.1 openldap2-ppolicy-check-password-1.2-9.34.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): openldap2-debugsource-2.4.46-9.34.1 openldap2-devel-32bit-2.4.46-9.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): openldap2-debugsource-2.4.46-9.34.1 openldap2-devel-32bit-2.4.46-9.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.34.1 libldap-2_4-2-debuginfo-2.4.46-9.34.1 openldap2-client-2.4.46-9.34.1 openldap2-client-debuginfo-2.4.46-9.34.1 openldap2-debugsource-2.4.46-9.34.1 openldap2-devel-2.4.46-9.34.1 openldap2-devel-static-2.4.46-9.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libldap-2_4-2-32bit-2.4.46-9.34.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libldap-data-2.4.46-9.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.34.1 libldap-2_4-2-debuginfo-2.4.46-9.34.1 openldap2-client-2.4.46-9.34.1 openldap2-client-debuginfo-2.4.46-9.34.1 openldap2-debuginfo-2.4.46-9.34.1 openldap2-debugsource-2.4.46-9.34.1 openldap2-devel-2.4.46-9.34.1 openldap2-devel-static-2.4.46-9.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libldap-2_4-2-32bit-2.4.46-9.34.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libldap-data-2.4.46-9.34.1 References: https://www.suse.com/security/cve/CVE-2020-15719.html https://bugzilla.suse.com/1174154 From sle-updates at lists.suse.com Wed Sep 9 13:13:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2020 21:13:15 +0200 (CEST) Subject: SUSE-SU-2020:2583-1: moderate: Security update for avahi Message-ID: <20200909191315.AC222F794@maintenance.suse.de> SUSE Security Update: Security update for avahi ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2583-1 Rating: moderate References: #1154063 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2583=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2583=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2583=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2583=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): avahi-0.6.32-5.8.1 avahi-compat-howl-devel-0.6.32-5.8.1 avahi-compat-mDNSResponder-devel-0.6.32-5.8.1 avahi-debuginfo-0.6.32-5.8.1 avahi-debugsource-0.6.32-5.8.1 avahi-glib2-debugsource-0.6.32-5.8.1 avahi-utils-0.6.32-5.8.1 avahi-utils-debuginfo-0.6.32-5.8.1 libavahi-client3-0.6.32-5.8.1 libavahi-client3-debuginfo-0.6.32-5.8.1 libavahi-common3-0.6.32-5.8.1 libavahi-common3-debuginfo-0.6.32-5.8.1 libavahi-core7-0.6.32-5.8.1 libavahi-core7-debuginfo-0.6.32-5.8.1 libavahi-devel-0.6.32-5.8.1 libavahi-glib-devel-0.6.32-5.8.1 libavahi-glib1-0.6.32-5.8.1 libavahi-glib1-debuginfo-0.6.32-5.8.1 libavahi-gobject0-0.6.32-5.8.1 libavahi-gobject0-debuginfo-0.6.32-5.8.1 libavahi-ui-gtk3-0-0.6.32-5.8.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-5.8.1 libavahi-ui0-0.6.32-5.8.1 libavahi-ui0-debuginfo-0.6.32-5.8.1 libdns_sd-0.6.32-5.8.1 libdns_sd-debuginfo-0.6.32-5.8.1 libhowl0-0.6.32-5.8.1 libhowl0-debuginfo-0.6.32-5.8.1 typelib-1_0-Avahi-0_6-0.6.32-5.8.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libavahi-client3-32bit-0.6.32-5.8.1 libavahi-client3-32bit-debuginfo-0.6.32-5.8.1 libavahi-common3-32bit-0.6.32-5.8.1 libavahi-common3-32bit-debuginfo-0.6.32-5.8.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): avahi-lang-0.6.32-5.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): avahi-0.6.32-5.8.1 avahi-compat-howl-devel-0.6.32-5.8.1 avahi-compat-mDNSResponder-devel-0.6.32-5.8.1 avahi-debuginfo-0.6.32-5.8.1 avahi-debugsource-0.6.32-5.8.1 avahi-glib2-debugsource-0.6.32-5.8.1 avahi-utils-0.6.32-5.8.1 avahi-utils-debuginfo-0.6.32-5.8.1 libavahi-client3-0.6.32-5.8.1 libavahi-client3-debuginfo-0.6.32-5.8.1 libavahi-common3-0.6.32-5.8.1 libavahi-common3-debuginfo-0.6.32-5.8.1 libavahi-core7-0.6.32-5.8.1 libavahi-core7-debuginfo-0.6.32-5.8.1 libavahi-devel-0.6.32-5.8.1 libavahi-glib-devel-0.6.32-5.8.1 libavahi-glib1-0.6.32-5.8.1 libavahi-glib1-debuginfo-0.6.32-5.8.1 libavahi-gobject0-0.6.32-5.8.1 libavahi-gobject0-debuginfo-0.6.32-5.8.1 libavahi-ui-gtk3-0-0.6.32-5.8.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-5.8.1 libavahi-ui0-0.6.32-5.8.1 libavahi-ui0-debuginfo-0.6.32-5.8.1 libdns_sd-0.6.32-5.8.1 libdns_sd-debuginfo-0.6.32-5.8.1 libhowl0-0.6.32-5.8.1 libhowl0-debuginfo-0.6.32-5.8.1 typelib-1_0-Avahi-0_6-0.6.32-5.8.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): avahi-lang-0.6.32-5.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): avahi-0.6.32-5.8.1 avahi-compat-howl-devel-0.6.32-5.8.1 avahi-compat-mDNSResponder-devel-0.6.32-5.8.1 avahi-debuginfo-0.6.32-5.8.1 avahi-debugsource-0.6.32-5.8.1 avahi-glib2-debugsource-0.6.32-5.8.1 avahi-utils-0.6.32-5.8.1 avahi-utils-debuginfo-0.6.32-5.8.1 libavahi-client3-0.6.32-5.8.1 libavahi-client3-debuginfo-0.6.32-5.8.1 libavahi-common3-0.6.32-5.8.1 libavahi-common3-debuginfo-0.6.32-5.8.1 libavahi-core7-0.6.32-5.8.1 libavahi-core7-debuginfo-0.6.32-5.8.1 libavahi-devel-0.6.32-5.8.1 libavahi-glib-devel-0.6.32-5.8.1 libavahi-glib1-0.6.32-5.8.1 libavahi-glib1-debuginfo-0.6.32-5.8.1 libavahi-gobject0-0.6.32-5.8.1 libavahi-gobject0-debuginfo-0.6.32-5.8.1 libavahi-ui-gtk3-0-0.6.32-5.8.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-5.8.1 libavahi-ui0-0.6.32-5.8.1 libavahi-ui0-debuginfo-0.6.32-5.8.1 libdns_sd-0.6.32-5.8.1 libdns_sd-debuginfo-0.6.32-5.8.1 libhowl0-0.6.32-5.8.1 libhowl0-debuginfo-0.6.32-5.8.1 typelib-1_0-Avahi-0_6-0.6.32-5.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libavahi-client3-32bit-0.6.32-5.8.1 libavahi-client3-32bit-debuginfo-0.6.32-5.8.1 libavahi-common3-32bit-0.6.32-5.8.1 libavahi-common3-32bit-debuginfo-0.6.32-5.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): avahi-lang-0.6.32-5.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): avahi-0.6.32-5.8.1 avahi-compat-howl-devel-0.6.32-5.8.1 avahi-compat-mDNSResponder-devel-0.6.32-5.8.1 avahi-debuginfo-0.6.32-5.8.1 avahi-debugsource-0.6.32-5.8.1 avahi-glib2-debugsource-0.6.32-5.8.1 avahi-utils-0.6.32-5.8.1 avahi-utils-debuginfo-0.6.32-5.8.1 libavahi-client3-0.6.32-5.8.1 libavahi-client3-debuginfo-0.6.32-5.8.1 libavahi-common3-0.6.32-5.8.1 libavahi-common3-debuginfo-0.6.32-5.8.1 libavahi-core7-0.6.32-5.8.1 libavahi-core7-debuginfo-0.6.32-5.8.1 libavahi-devel-0.6.32-5.8.1 libavahi-glib-devel-0.6.32-5.8.1 libavahi-glib1-0.6.32-5.8.1 libavahi-glib1-debuginfo-0.6.32-5.8.1 libavahi-gobject0-0.6.32-5.8.1 libavahi-gobject0-debuginfo-0.6.32-5.8.1 libavahi-ui-gtk3-0-0.6.32-5.8.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-5.8.1 libavahi-ui0-0.6.32-5.8.1 libavahi-ui0-debuginfo-0.6.32-5.8.1 libdns_sd-0.6.32-5.8.1 libdns_sd-debuginfo-0.6.32-5.8.1 libhowl0-0.6.32-5.8.1 libhowl0-debuginfo-0.6.32-5.8.1 typelib-1_0-Avahi-0_6-0.6.32-5.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libavahi-client3-32bit-0.6.32-5.8.1 libavahi-client3-32bit-debuginfo-0.6.32-5.8.1 libavahi-common3-32bit-0.6.32-5.8.1 libavahi-common3-32bit-debuginfo-0.6.32-5.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): avahi-lang-0.6.32-5.8.1 References: https://bugzilla.suse.com/1154063 From sle-updates at lists.suse.com Wed Sep 9 13:14:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 9 Sep 2020 21:14:07 +0200 (CEST) Subject: SUSE-SU-2020:2582-1: important: Security update for the Linux Kernel Message-ID: <20200909191407.1DE02F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2582-1 Rating: important References: #1152107 #1173798 #1174205 #1174757 #1174771 #1175112 #1175127 #1175228 #1175691 #1176069 Cross-References: CVE-2019-16746 CVE-2020-14314 CVE-2020-14331 CVE-2020-14386 CVE-2020-16166 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP3 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 5 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2019-16746: Fixed an improper check of the length of variable elements in a beacon head, leading to a buffer overflow (bsc#1152107). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2582=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2582=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2582=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2582=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2582=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-2582=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2582=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2582=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): kernel-default-4.4.180-94.130.1 kernel-default-base-4.4.180-94.130.1 kernel-default-base-debuginfo-4.4.180-94.130.1 kernel-default-debuginfo-4.4.180-94.130.1 kernel-default-debugsource-4.4.180-94.130.1 kernel-default-devel-4.4.180-94.130.1 kernel-default-kgraft-4.4.180-94.130.1 kernel-syms-4.4.180-94.130.1 kgraft-patch-4_4_180-94_130-default-1-4.3.1 kgraft-patch-4_4_180-94_130-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): kernel-devel-4.4.180-94.130.1 kernel-macros-4.4.180-94.130.1 kernel-source-4.4.180-94.130.1 - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.130.1 kernel-default-base-4.4.180-94.130.1 kernel-default-base-debuginfo-4.4.180-94.130.1 kernel-default-debuginfo-4.4.180-94.130.1 kernel-default-debugsource-4.4.180-94.130.1 kernel-default-devel-4.4.180-94.130.1 kernel-default-kgraft-4.4.180-94.130.1 kernel-syms-4.4.180-94.130.1 kgraft-patch-4_4_180-94_130-default-1-4.3.1 kgraft-patch-4_4_180-94_130-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.130.1 kernel-macros-4.4.180-94.130.1 kernel-source-4.4.180-94.130.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.130.1 kernel-default-base-4.4.180-94.130.1 kernel-default-base-debuginfo-4.4.180-94.130.1 kernel-default-debuginfo-4.4.180-94.130.1 kernel-default-debugsource-4.4.180-94.130.1 kernel-default-devel-4.4.180-94.130.1 kernel-default-kgraft-4.4.180-94.130.1 kernel-syms-4.4.180-94.130.1 kgraft-patch-4_4_180-94_130-default-1-4.3.1 kgraft-patch-4_4_180-94_130-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.130.1 kernel-macros-4.4.180-94.130.1 kernel-source-4.4.180-94.130.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.130.1 kernel-default-base-4.4.180-94.130.1 kernel-default-base-debuginfo-4.4.180-94.130.1 kernel-default-debuginfo-4.4.180-94.130.1 kernel-default-debugsource-4.4.180-94.130.1 kernel-default-devel-4.4.180-94.130.1 kernel-syms-4.4.180-94.130.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kernel-default-kgraft-4.4.180-94.130.1 kgraft-patch-4_4_180-94_130-default-1-4.3.1 kgraft-patch-4_4_180-94_130-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.130.1 kernel-macros-4.4.180-94.130.1 kernel-source-4.4.180-94.130.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.130.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.130.1 kernel-macros-4.4.180-94.130.1 kernel-source-4.4.180-94.130.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.130.1 kernel-default-base-4.4.180-94.130.1 kernel-default-base-debuginfo-4.4.180-94.130.1 kernel-default-debuginfo-4.4.180-94.130.1 kernel-default-debugsource-4.4.180-94.130.1 kernel-default-devel-4.4.180-94.130.1 kernel-syms-4.4.180-94.130.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.130.1 cluster-md-kmp-default-debuginfo-4.4.180-94.130.1 dlm-kmp-default-4.4.180-94.130.1 dlm-kmp-default-debuginfo-4.4.180-94.130.1 gfs2-kmp-default-4.4.180-94.130.1 gfs2-kmp-default-debuginfo-4.4.180-94.130.1 kernel-default-debuginfo-4.4.180-94.130.1 kernel-default-debugsource-4.4.180-94.130.1 ocfs2-kmp-default-4.4.180-94.130.1 ocfs2-kmp-default-debuginfo-4.4.180-94.130.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): kernel-default-4.4.180-94.130.1 kernel-default-base-4.4.180-94.130.1 kernel-default-base-debuginfo-4.4.180-94.130.1 kernel-default-debuginfo-4.4.180-94.130.1 kernel-default-debugsource-4.4.180-94.130.1 kernel-default-devel-4.4.180-94.130.1 kernel-syms-4.4.180-94.130.1 - SUSE Enterprise Storage 5 (x86_64): kernel-default-kgraft-4.4.180-94.130.1 kgraft-patch-4_4_180-94_130-default-1-4.3.1 kgraft-patch-4_4_180-94_130-default-debuginfo-1-4.3.1 - SUSE Enterprise Storage 5 (noarch): kernel-devel-4.4.180-94.130.1 kernel-macros-4.4.180-94.130.1 kernel-source-4.4.180-94.130.1 - HPE Helion Openstack 8 (x86_64): kernel-default-4.4.180-94.130.1 kernel-default-base-4.4.180-94.130.1 kernel-default-base-debuginfo-4.4.180-94.130.1 kernel-default-debuginfo-4.4.180-94.130.1 kernel-default-debugsource-4.4.180-94.130.1 kernel-default-devel-4.4.180-94.130.1 kernel-default-kgraft-4.4.180-94.130.1 kernel-syms-4.4.180-94.130.1 kgraft-patch-4_4_180-94_130-default-1-4.3.1 kgraft-patch-4_4_180-94_130-default-debuginfo-1-4.3.1 - HPE Helion Openstack 8 (noarch): kernel-devel-4.4.180-94.130.1 kernel-macros-4.4.180-94.130.1 kernel-source-4.4.180-94.130.1 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-16166.html https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Wed Sep 9 19:13:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 03:13:19 +0200 (CEST) Subject: SUSE-RU-2020:2590-1: Recommended update for ndctl Message-ID: <20200910011319.AD8BBF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for ndctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2590-1 Rating: low References: #1173861 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ndctl fixes the following issues: - Clarify documentation about filtering options (bsc#1173861) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2590=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): libndctl6-64.1-3.6.1 libndctl6-debuginfo-64.1-3.6.1 ndctl-64.1-3.6.1 ndctl-debuginfo-64.1-3.6.1 ndctl-debugsource-64.1-3.6.1 References: https://bugzilla.suse.com/1173861 From sle-updates at lists.suse.com Wed Sep 9 19:14:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 03:14:05 +0200 (CEST) Subject: SUSE-RU-2020:2586-1: moderate: Recommended update for yast2-cluster Message-ID: <20200910011405.D0A32F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2586-1 Rating: moderate References: #1175648 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issues: - Fixes a bug where the csync2 service couldn't be disabled (bsc#1175648) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2586=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): yast2-cluster-4.2.7-3.3.1 References: https://bugzilla.suse.com/1175648 From sle-updates at lists.suse.com Wed Sep 9 19:14:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 03:14:51 +0200 (CEST) Subject: SUSE-RU-2020:2585-1: moderate: Recommended update for yast2-cluster Message-ID: <20200910011451.10422F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2585-1 Rating: moderate References: #1149089 #1175648 ECO-1745 SLE-12432 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has two recommended fixesand contains two features can now be installed. Description: This update for yast2-cluster fixes the following issues: - Fixes a bug where the csync2 service couldn't be disabled (bsc#1175648) - Added qdevice heuristics support (jsc#SLE-12432) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2585=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): yast2-cluster-4.0.12-3.12.1 References: https://bugzilla.suse.com/1149089 https://bugzilla.suse.com/1175648 From sle-updates at lists.suse.com Wed Sep 9 19:15:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 03:15:40 +0200 (CEST) Subject: SUSE-RU-2020:2588-1: moderate: Recommended update for u-boot Message-ID: <20200910011540.86F15F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2588-1 Rating: moderate References: #1174029 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for u-boot provides the following fix: - Enable EFI_RT_PROPERTIES_TABLE to support efivars. (bsc#1174029) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2588=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): u-boot-tools-2020.01-10.3.1 u-boot-tools-debuginfo-2020.01-10.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64): u-boot-rpiarm64-2020.01-10.3.1 u-boot-rpiarm64-doc-2020.01-10.3.1 References: https://bugzilla.suse.com/1174029 From sle-updates at lists.suse.com Wed Sep 9 19:16:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 03:16:24 +0200 (CEST) Subject: SUSE-RU-2020:2589-1: moderate: Recommended update for yast2-services-manager Message-ID: <20200910011624.92790F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-services-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2589-1 Rating: moderate References: #1165388 #1173408 #1174615 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-services-manager fixes the following issues: - changing other services than the user expects (bsc#1165388, bsc#1174615) - detection of modifications in AutoYaST config mode (bsc#1173408) - remembering of services configuration in AutoYaST config mode (bsc#1173408) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2589=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-services-manager-4.2.7-3.3.1 References: https://bugzilla.suse.com/1165388 https://bugzilla.suse.com/1173408 https://bugzilla.suse.com/1174615 From sle-updates at lists.suse.com Wed Sep 9 19:17:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 03:17:20 +0200 (CEST) Subject: SUSE-RU-2020:2584-1: moderate: Recommended update for yast2-cluster Message-ID: <20200910011720.7AFF3F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2584-1 Rating: moderate References: #1149089 #1175648 ECO-1745 SLE-12432 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixesand contains two features can now be installed. Description: This update for yast2-cluster fixes the following issues: - Fixes a bug where the csync2 service couldn't be disabled (bsc#1175648) - Added qdevice heuristics support (jsc#SLE-12432) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2584=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): yast2-cluster-4.1.6-3.6.2 References: https://bugzilla.suse.com/1149089 https://bugzilla.suse.com/1175648 From sle-updates at lists.suse.com Wed Sep 9 19:18:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 03:18:10 +0200 (CEST) Subject: SUSE-RU-2020:2587-1: moderate: Recommended update for procps Message-ID: <20200910011810.4FB04F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for procps ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2587-1 Rating: moderate References: #1174660 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for procps fixes the following issues: - Add fix for procps and its libraries to avoid issues with the 'free' tool. (bsc#1174660) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2587=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2587=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): procps-debuginfo-3.3.9-11.24.1 procps-debugsource-3.3.9-11.24.1 procps-devel-3.3.9-11.24.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libprocps3-3.3.9-11.24.1 libprocps3-debuginfo-3.3.9-11.24.1 procps-3.3.9-11.24.1 procps-debuginfo-3.3.9-11.24.1 procps-debugsource-3.3.9-11.24.1 References: https://bugzilla.suse.com/1174660 From sle-updates at lists.suse.com Thu Sep 10 00:17:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 08:17:16 +0200 (CEST) Subject: SUSE-CU-2020:438-1: Recommended update of suse/sles12sp3 Message-ID: <20200910061716.5657DFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:438-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.202 , suse/sles12sp3:latest Container Release : 24.202 Severity : moderate Type : recommended References : 1174660 1174673 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2428-1 Released: Tue Sep 1 22:07:35 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: - AddTrust External CA Root - AddTrust Class 1 CA Root - LuxTrust Global Root 2 - Staat der Nederlanden Root CA - G2 - Symantec Class 1 Public Primary Certification Authority - G4 - Symantec Class 2 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: - certSIGN Root CA G2 - e-Szigno Root CA 2017 - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2587-1 Released: Wed Sep 9 22:03:04 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1174660 This update for procps fixes the following issues: - Add fix for procps and its libraries to avoid issues with the 'free' tool. (bsc#1174660) From sle-updates at lists.suse.com Thu Sep 10 00:27:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 08:27:09 +0200 (CEST) Subject: SUSE-CU-2020:439-1: Recommended update of suse/sles12sp4 Message-ID: <20200910062709.2907CFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:439-1 Container Tags : suse/sles12sp4:26.234 , suse/sles12sp4:latest Container Release : 26.234 Severity : moderate Type : recommended References : 1174660 1174673 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2428-1 Released: Tue Sep 1 22:07:35 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: - AddTrust External CA Root - AddTrust Class 1 CA Root - LuxTrust Global Root 2 - Staat der Nederlanden Root CA - G2 - Symantec Class 1 Public Primary Certification Authority - G4 - Symantec Class 2 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: - certSIGN Root CA G2 - e-Szigno Root CA 2017 - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2587-1 Released: Wed Sep 9 22:03:04 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1174660 This update for procps fixes the following issues: - Add fix for procps and its libraries to avoid issues with the 'free' tool. (bsc#1174660) From sle-updates at lists.suse.com Thu Sep 10 00:32:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 08:32:15 +0200 (CEST) Subject: SUSE-CU-2020:440-1: Security update of suse/sles12sp5 Message-ID: <20200910063215.B2AE4FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:440-1 Container Tags : suse/sles12sp5:6.5.58 , suse/sles12sp5:latest Container Release : 6.5.58 Severity : moderate Type : security References : 1169488 1173227 1174551 1174660 1174736 1175109 CVE-2020-8231 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2444-1 Released: Wed Sep 2 09:32:43 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2547-1 Released: Fri Sep 4 18:17:13 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2555-1 Released: Mon Sep 7 14:30:36 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1169488,1173227 This update for systemd fixes the following issues: - Fix inconsistent file modes for some ghost files. (bsc#1173227) - Fix for an issue where nfs-server clone causes cluster node to hang on reboot. (bsc#1169488) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2587-1 Released: Wed Sep 9 22:03:04 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1174660 This update for procps fixes the following issues: - Add fix for procps and its libraries to avoid issues with the 'free' tool. (bsc#1174660) From sle-updates at lists.suse.com Thu Sep 10 00:43:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 08:43:49 +0200 (CEST) Subject: SUSE-CU-2020:441-1: Security update of suse/sle15 Message-ID: <20200910064349.A5193FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:441-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.265 Container Release : 4.22.265 Severity : moderate Type : security References : 1174154 CVE-2020-15719 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. From sle-updates at lists.suse.com Thu Sep 10 00:51:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 08:51:46 +0200 (CEST) Subject: SUSE-CU-2020:442-1: Security update of suse/sle15 Message-ID: <20200910065146.773F3FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:442-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.304 Container Release : 6.2.304 Severity : moderate Type : security References : 1174154 1175109 CVE-2020-15719 CVE-2020-8231 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2446-1 Released: Wed Sep 2 09:33:22 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. From sle-updates at lists.suse.com Thu Sep 10 00:53:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 08:53:27 +0200 (CEST) Subject: SUSE-CU-2020:443-1: Security update of suse/sle15 Message-ID: <20200910065327.D3C40FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:443-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.743 Container Release : 8.2.743 Severity : moderate Type : security References : 1174154 1175109 CVE-2020-15719 CVE-2020-8231 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. From sle-updates at lists.suse.com Thu Sep 10 07:14:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 15:14:27 +0200 (CEST) Subject: SUSE-RU-2020:2591-1: Recommended update for release-notes-sle_hpc Message-ID: <20200910131427.6E75AF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2591-1 Rating: low References: #1150672 #1174481 #1174671 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for release-notes-sle_hpc fixes the following issues: Update to release notes 15.2.20200729. (bsc#1174671) - Updated URL for source code download. (bsc#1150672) - Updated bug tracker info. (bsc#1174481) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2020-2591=1 - SUSE Linux Enterprise High Performance Computing 15-SP2: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-2020-2591=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP2 (noarch): release-notes-sle_hpc-15.200000000.20200729-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2 (noarch): release-notes-sle_hpc-15.200000000.20200729-3.3.1 References: https://bugzilla.suse.com/1150672 https://bugzilla.suse.com/1174481 https://bugzilla.suse.com/1174671 From sle-updates at lists.suse.com Thu Sep 10 07:15:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 15:15:30 +0200 (CEST) Subject: SUSE-RU-2020:2592-1: moderate: Recommended update for python-argparse-manpage Message-ID: <20200910131530.80522F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-argparse-manpage ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2592-1 Rating: moderate References: SLE-12826 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for python-argparse-manpage fixes the following issues: - Consolidate the versions of python-argparse-manpage for SLE. (jsc#SLE-12826) - Don't use %python3_only command, but properly use alternatives. - Drop additional .br tag from paragraphs so the multiline text is nicer - Provide argparse-manpage via entry_point Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2592=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): python3-argparse-manpage-1.3-1.7.1 References: From sle-updates at lists.suse.com Thu Sep 10 10:15:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 18:15:41 +0200 (CEST) Subject: SUSE-RU-2020:2593-1: moderate: Recommended update for gtk3 Message-ID: <20200910161541.A69FAF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for gtk3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2593-1 Rating: moderate References: #1167951 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gtk3 fixes the following issues: Update from version 3.24.14 to version 3.24.20 - Updated translations. - GtkMenu under X11 cannot work with touchscreen because it cannot handle touch events properly. (bsc#1167951) - GtkFileChooser: - Prevent selection changes after overwrite confirmation. - Don't grab focus to the sidebar on click. - Avoid a use-after-free in GtkFileSystemModel. - Fix some keynav issues. - Fix a crash. - Support selecting directories with a new enough file chooser portal. - GtkEmojiChooser: Remove blacklist. - GtkAboutDialog: Add more licenses. - GtkMenuButton: disable focus-on-click. - Adwaita: - Lower the contrast of checkboxes - Use tabular figures where appropriate. - Color tweaks for dark mode. - Improve rendering of rounded corners. - HighContrast: Export the same public colors as Adwaita - Derive the HighContrast and HighContrastInverse themes from Adwaita. - Wayland: - Fix more sizing regressions in Epiphany and LibreOffice menus and popups in general. - Fix firefox sizing problems. - Prevent Alt lingering after Alt-Tab. - Load compose sequences from ~/.Compose. - Fix a crash in the Wayland input method. - Fix problems with clipboard handling. - Fix a crash in the Wayland input method. - Support cursor scale of 400%. - Fix a crash in glade. - textview: Speed up tag handling. - css: Support font-feature-settings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2593=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2593=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gtk3-devel-doc-3.24.20-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gettext-its-gtk3-3.24.20-3.3.2 gtk3-debugsource-3.24.20-3.3.2 gtk3-devel-3.24.20-3.3.2 gtk3-devel-debuginfo-3.24.20-3.3.2 gtk3-tools-3.24.20-3.3.2 gtk3-tools-debuginfo-3.24.20-3.3.2 libgtk-3-0-3.24.20-3.3.2 libgtk-3-0-debuginfo-3.24.20-3.3.2 typelib-1_0-Gtk-3_0-3.24.20-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): gtk3-branding-SLE-15.0-9.2.2 gtk3-data-3.24.20-3.3.2 gtk3-lang-3.24.20-3.3.2 gtk3-schema-3.24.20-3.3.2 References: https://bugzilla.suse.com/1167951 From sle-updates at lists.suse.com Thu Sep 10 10:18:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 18:18:53 +0200 (CEST) Subject: SUSE-RU-2020:2594-1: moderate: Recommended update for clone-master-clean-up Message-ID: <20200910161853.C19F0F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for clone-master-clean-up ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2594-1 Rating: moderate References: #1174147 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for clone-master-clean-up fixes the following issues: - Cleanup salt client ID and 'osad' authentication configuration file and the system ID. (bsc#1174147) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2594=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2594=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): clone-master-clean-up-1.6-3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): clone-master-clean-up-1.6-3.9.1 References: https://bugzilla.suse.com/1174147 From sle-updates at lists.suse.com Thu Sep 10 10:19:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 18:19:46 +0200 (CEST) Subject: SUSE-RU-2020:2596-1: Recommended update for ndctl Message-ID: <20200910161946.7F9ADF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for ndctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2596-1 Rating: low References: #1173861 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ndctl fixes the following issues: - Clarify documentation about filtering options (bsc#1173861) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2596=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2596=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2596=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2596=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le x86_64): ndctl-64.1-3.15.1 ndctl-debuginfo-64.1-3.15.1 ndctl-debugsource-64.1-3.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (ppc64le x86_64): ndctl-64.1-3.15.1 ndctl-debuginfo-64.1-3.15.1 ndctl-debugsource-64.1-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le x86_64): libndctl-devel-64.1-3.15.1 libndctl6-64.1-3.15.1 libndctl6-debuginfo-64.1-3.15.1 ndctl-debuginfo-64.1-3.15.1 ndctl-debugsource-64.1-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le x86_64): libndctl-devel-64.1-3.15.1 libndctl6-64.1-3.15.1 libndctl6-debuginfo-64.1-3.15.1 ndctl-debuginfo-64.1-3.15.1 ndctl-debugsource-64.1-3.15.1 References: https://bugzilla.suse.com/1173861 From sle-updates at lists.suse.com Thu Sep 10 10:22:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 18:22:14 +0200 (CEST) Subject: SUSE-RU-2020:2597-1: moderate: Recommended update for slurm_20_02 Message-ID: <20200910162214.147F2F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for slurm_20_02 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2597-1 Rating: moderate References: #1173805 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for slurm_20_02 fixes the following issues: - Add support for openPMIx also for Leap/SLE 15.0/1i. (bsc#1173805) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-2597=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): libpmi0_20_02-20.02.3-3.11.1 libpmi0_20_02-debuginfo-20.02.3-3.11.1 libslurm35-20.02.3-3.11.1 libslurm35-debuginfo-20.02.3-3.11.1 perl-slurm_20_02-20.02.3-3.11.1 perl-slurm_20_02-debuginfo-20.02.3-3.11.1 slurm_20_02-20.02.3-3.11.1 slurm_20_02-auth-none-20.02.3-3.11.1 slurm_20_02-auth-none-debuginfo-20.02.3-3.11.1 slurm_20_02-config-20.02.3-3.11.1 slurm_20_02-config-man-20.02.3-3.11.1 slurm_20_02-debuginfo-20.02.3-3.11.1 slurm_20_02-debugsource-20.02.3-3.11.1 slurm_20_02-devel-20.02.3-3.11.1 slurm_20_02-doc-20.02.3-3.11.1 slurm_20_02-lua-20.02.3-3.11.1 slurm_20_02-lua-debuginfo-20.02.3-3.11.1 slurm_20_02-munge-20.02.3-3.11.1 slurm_20_02-munge-debuginfo-20.02.3-3.11.1 slurm_20_02-node-20.02.3-3.11.1 slurm_20_02-node-debuginfo-20.02.3-3.11.1 slurm_20_02-pam_slurm-20.02.3-3.11.1 slurm_20_02-pam_slurm-debuginfo-20.02.3-3.11.1 slurm_20_02-plugins-20.02.3-3.11.1 slurm_20_02-plugins-debuginfo-20.02.3-3.11.1 slurm_20_02-slurmdbd-20.02.3-3.11.1 slurm_20_02-slurmdbd-debuginfo-20.02.3-3.11.1 slurm_20_02-sql-20.02.3-3.11.1 slurm_20_02-sql-debuginfo-20.02.3-3.11.1 slurm_20_02-sview-20.02.3-3.11.1 slurm_20_02-sview-debuginfo-20.02.3-3.11.1 slurm_20_02-torque-20.02.3-3.11.1 slurm_20_02-torque-debuginfo-20.02.3-3.11.1 slurm_20_02-webdoc-20.02.3-3.11.1 References: https://bugzilla.suse.com/1173805 From sle-updates at lists.suse.com Thu Sep 10 10:23:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 18:23:06 +0200 (CEST) Subject: SUSE-RU-2020:2595-1: moderate: Recommended update for clone-master-clean-up Message-ID: <20200910162306.62252F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for clone-master-clean-up ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2595-1 Rating: moderate References: #1149322 #1174147 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for clone-master-clean-up fixes the following issues: - Cleanup salt client ID and osad authentication configuration file and the system ID. (bsc#1174147) - Don't show output from pushd/popd - Fix for snapper to be more generic for machine reading. (bsc#1149322) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2595=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): clone-master-clean-up-1.6-4.6.1 References: https://bugzilla.suse.com/1149322 https://bugzilla.suse.com/1174147 From sle-updates at lists.suse.com Thu Sep 10 13:14:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 21:14:11 +0200 (CEST) Subject: SUSE-SU-2020:2603-1: Security update for gimp Message-ID: <20200910191411.D652CF794@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2603-1 Rating: low References: #1073627 Cross-References: CVE-2017-17789 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gimp fixes the following issue: - CVE-2017-17789: Fix heap buffer overflow in PSP importer (bsc#1073627). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2603=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2603=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): gimp-lang-2.8.18-9.12.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): gimp-2.8.18-9.12.1 gimp-debuginfo-2.8.18-9.12.1 gimp-debugsource-2.8.18-9.12.1 gimp-plugins-python-2.8.18-9.12.1 gimp-plugins-python-debuginfo-2.8.18-9.12.1 libgimp-2_0-0-2.8.18-9.12.1 libgimp-2_0-0-debuginfo-2.8.18-9.12.1 libgimpui-2_0-0-2.8.18-9.12.1 libgimpui-2_0-0-debuginfo-2.8.18-9.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gimp-debuginfo-2.8.18-9.12.1 gimp-debugsource-2.8.18-9.12.1 gimp-devel-2.8.18-9.12.1 gimp-devel-debuginfo-2.8.18-9.12.1 libgimp-2_0-0-2.8.18-9.12.1 libgimp-2_0-0-debuginfo-2.8.18-9.12.1 libgimpui-2_0-0-2.8.18-9.12.1 libgimpui-2_0-0-debuginfo-2.8.18-9.12.1 References: https://www.suse.com/security/cve/CVE-2017-17789.html https://bugzilla.suse.com/1073627 From sle-updates at lists.suse.com Thu Sep 10 13:15:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 21:15:02 +0200 (CEST) Subject: SUSE-SU-2020:2599-1: moderate: Security update for slurm_18_08 Message-ID: <20200910191502.9BA36F794@maintenance.suse.de> SUSE Security Update: Security update for slurm_18_08 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2599-1 Rating: moderate References: #1172004 Cross-References: CVE-2020-12693 Affected Products: SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm_18_08 fixes the following issues: - Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693 This fixes and issue where authentication could be bypassed via an alternate path or channel when message Aggregation was enabled. A race condition allowed a user to launch a process as an arbitrary user. (CVE-2020-12693, bsc#1172004). Add: Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-1269 3.patch - Remove unneeded build dependency to postgresql-devel. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2599=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2599=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpmi0_18_08-18.08.9-1.8.2 libpmi0_18_08-debuginfo-18.08.9-1.8.2 libslurm33-18.08.9-1.8.2 libslurm33-debuginfo-18.08.9-1.8.2 perl-slurm_18_08-18.08.9-1.8.2 perl-slurm_18_08-debuginfo-18.08.9-1.8.2 slurm_18_08-18.08.9-1.8.2 slurm_18_08-auth-none-18.08.9-1.8.2 slurm_18_08-auth-none-debuginfo-18.08.9-1.8.2 slurm_18_08-config-18.08.9-1.8.2 slurm_18_08-debuginfo-18.08.9-1.8.2 slurm_18_08-debugsource-18.08.9-1.8.2 slurm_18_08-devel-18.08.9-1.8.2 slurm_18_08-doc-18.08.9-1.8.2 slurm_18_08-lua-18.08.9-1.8.2 slurm_18_08-lua-debuginfo-18.08.9-1.8.2 slurm_18_08-munge-18.08.9-1.8.2 slurm_18_08-munge-debuginfo-18.08.9-1.8.2 slurm_18_08-node-18.08.9-1.8.2 slurm_18_08-node-debuginfo-18.08.9-1.8.2 slurm_18_08-pam_slurm-18.08.9-1.8.2 slurm_18_08-pam_slurm-debuginfo-18.08.9-1.8.2 slurm_18_08-plugins-18.08.9-1.8.2 slurm_18_08-plugins-debuginfo-18.08.9-1.8.2 slurm_18_08-slurmdbd-18.08.9-1.8.2 slurm_18_08-slurmdbd-debuginfo-18.08.9-1.8.2 slurm_18_08-sql-18.08.9-1.8.2 slurm_18_08-sql-debuginfo-18.08.9-1.8.2 slurm_18_08-torque-18.08.9-1.8.2 slurm_18_08-torque-debuginfo-18.08.9-1.8.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpmi0_18_08-18.08.9-1.8.2 libpmi0_18_08-debuginfo-18.08.9-1.8.2 libslurm33-18.08.9-1.8.2 libslurm33-debuginfo-18.08.9-1.8.2 perl-slurm_18_08-18.08.9-1.8.2 perl-slurm_18_08-debuginfo-18.08.9-1.8.2 slurm_18_08-18.08.9-1.8.2 slurm_18_08-auth-none-18.08.9-1.8.2 slurm_18_08-auth-none-debuginfo-18.08.9-1.8.2 slurm_18_08-config-18.08.9-1.8.2 slurm_18_08-debuginfo-18.08.9-1.8.2 slurm_18_08-debugsource-18.08.9-1.8.2 slurm_18_08-devel-18.08.9-1.8.2 slurm_18_08-doc-18.08.9-1.8.2 slurm_18_08-lua-18.08.9-1.8.2 slurm_18_08-lua-debuginfo-18.08.9-1.8.2 slurm_18_08-munge-18.08.9-1.8.2 slurm_18_08-munge-debuginfo-18.08.9-1.8.2 slurm_18_08-node-18.08.9-1.8.2 slurm_18_08-node-debuginfo-18.08.9-1.8.2 slurm_18_08-pam_slurm-18.08.9-1.8.2 slurm_18_08-pam_slurm-debuginfo-18.08.9-1.8.2 slurm_18_08-plugins-18.08.9-1.8.2 slurm_18_08-plugins-debuginfo-18.08.9-1.8.2 slurm_18_08-slurmdbd-18.08.9-1.8.2 slurm_18_08-slurmdbd-debuginfo-18.08.9-1.8.2 slurm_18_08-sql-18.08.9-1.8.2 slurm_18_08-sql-debuginfo-18.08.9-1.8.2 slurm_18_08-torque-18.08.9-1.8.2 slurm_18_08-torque-debuginfo-18.08.9-1.8.2 References: https://www.suse.com/security/cve/CVE-2020-12693.html https://bugzilla.suse.com/1172004 From sle-updates at lists.suse.com Thu Sep 10 13:15:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 21:15:55 +0200 (CEST) Subject: SUSE-SU-2020:2604-1: Security update for gimp Message-ID: <20200910191555.2A41DF794@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2604-1 Rating: low References: #1073627 Cross-References: CVE-2017-17789 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gimp fixes the following issue: - CVE-2017-17789: Fix heap buffer overflow in PSP importer (bsc#1073627). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2604=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): gimp-lang-2.8.22-5.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): gimp-2.8.22-5.3.1 gimp-debuginfo-2.8.22-5.3.1 gimp-debugsource-2.8.22-5.3.1 gimp-devel-2.8.22-5.3.1 gimp-devel-debuginfo-2.8.22-5.3.1 gimp-plugins-python-2.8.22-5.3.1 gimp-plugins-python-debuginfo-2.8.22-5.3.1 libgimp-2_0-0-2.8.22-5.3.1 libgimp-2_0-0-debuginfo-2.8.22-5.3.1 libgimpui-2_0-0-2.8.22-5.3.1 libgimpui-2_0-0-debuginfo-2.8.22-5.3.1 References: https://www.suse.com/security/cve/CVE-2017-17789.html https://bugzilla.suse.com/1073627 From sle-updates at lists.suse.com Thu Sep 10 13:16:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 21:16:46 +0200 (CEST) Subject: SUSE-SU-2020:2600-1: moderate: Security update for slurm_18_08 Message-ID: <20200910191646.7D429F794@maintenance.suse.de> SUSE Security Update: Security update for slurm_18_08 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2600-1 Rating: moderate References: #1172004 Cross-References: CVE-2020-12693 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm_18_08 fixes the following issues: - Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693 This fixes and issue where authentication could be bypassed via an alternate path or channel when message Aggregation was enabled. A race condition allowed a user to launch a process as an arbitrary user. Add: Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-1269 3.patch (CVE-2020-12693, bsc#1172004). - Remove unneeded build dependency to postgresql-devel. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2020-2600=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpmi0_18_08-18.08.9-3.8.1 libpmi0_18_08-debuginfo-18.08.9-3.8.1 libslurm33-18.08.9-3.8.1 libslurm33-debuginfo-18.08.9-3.8.1 perl-slurm_18_08-18.08.9-3.8.1 perl-slurm_18_08-debuginfo-18.08.9-3.8.1 slurm_18_08-18.08.9-3.8.1 slurm_18_08-auth-none-18.08.9-3.8.1 slurm_18_08-auth-none-debuginfo-18.08.9-3.8.1 slurm_18_08-config-18.08.9-3.8.1 slurm_18_08-debuginfo-18.08.9-3.8.1 slurm_18_08-debugsource-18.08.9-3.8.1 slurm_18_08-devel-18.08.9-3.8.1 slurm_18_08-doc-18.08.9-3.8.1 slurm_18_08-lua-18.08.9-3.8.1 slurm_18_08-lua-debuginfo-18.08.9-3.8.1 slurm_18_08-munge-18.08.9-3.8.1 slurm_18_08-munge-debuginfo-18.08.9-3.8.1 slurm_18_08-node-18.08.9-3.8.1 slurm_18_08-node-debuginfo-18.08.9-3.8.1 slurm_18_08-pam_slurm-18.08.9-3.8.1 slurm_18_08-pam_slurm-debuginfo-18.08.9-3.8.1 slurm_18_08-plugins-18.08.9-3.8.1 slurm_18_08-plugins-debuginfo-18.08.9-3.8.1 slurm_18_08-slurmdbd-18.08.9-3.8.1 slurm_18_08-slurmdbd-debuginfo-18.08.9-3.8.1 slurm_18_08-sql-18.08.9-3.8.1 slurm_18_08-sql-debuginfo-18.08.9-3.8.1 slurm_18_08-torque-18.08.9-3.8.1 slurm_18_08-torque-debuginfo-18.08.9-3.8.1 References: https://www.suse.com/security/cve/CVE-2020-12693.html https://bugzilla.suse.com/1172004 From sle-updates at lists.suse.com Thu Sep 10 13:17:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 21:17:38 +0200 (CEST) Subject: SUSE-SU-2020:2601-1: moderate: Security update for slurm Message-ID: <20200910191738.1C881F794@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2601-1 Rating: moderate References: #1172004 Cross-References: CVE-2019-19727 CVE-2020-12693 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for slurm fixes the following issues: - Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693 This fixes and issue where authentication could be bypassed via an alternate path or channel when message Aggregation was enabled. A race condition allowed a user to launch a process as an arbitrary user. Add: Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-1269 3.patch (CVE-2020-12693, bsc#1172004). - Remove unneeded build dependency to postgresql-devel. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2020-2601=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpmi0-17.02.11-6.44.1 libpmi0-debuginfo-17.02.11-6.44.1 libslurm31-17.02.11-6.44.1 libslurm31-debuginfo-17.02.11-6.44.1 perl-slurm-17.02.11-6.44.1 perl-slurm-debuginfo-17.02.11-6.44.1 slurm-17.02.11-6.44.1 slurm-auth-none-17.02.11-6.44.1 slurm-auth-none-debuginfo-17.02.11-6.44.1 slurm-config-17.02.11-6.44.1 slurm-debuginfo-17.02.11-6.44.1 slurm-debugsource-17.02.11-6.44.1 slurm-devel-17.02.11-6.44.1 slurm-doc-17.02.11-6.44.1 slurm-lua-17.02.11-6.44.1 slurm-lua-debuginfo-17.02.11-6.44.1 slurm-munge-17.02.11-6.44.1 slurm-munge-debuginfo-17.02.11-6.44.1 slurm-pam_slurm-17.02.11-6.44.1 slurm-pam_slurm-debuginfo-17.02.11-6.44.1 slurm-plugins-17.02.11-6.44.1 slurm-plugins-debuginfo-17.02.11-6.44.1 slurm-sched-wiki-17.02.11-6.44.1 slurm-slurmdb-direct-17.02.11-6.44.1 slurm-slurmdbd-17.02.11-6.44.1 slurm-slurmdbd-debuginfo-17.02.11-6.44.1 slurm-sql-17.02.11-6.44.1 slurm-sql-debuginfo-17.02.11-6.44.1 slurm-torque-17.02.11-6.44.1 slurm-torque-debuginfo-17.02.11-6.44.1 References: https://www.suse.com/security/cve/CVE-2019-19727.html https://www.suse.com/security/cve/CVE-2020-12693.html https://bugzilla.suse.com/1172004 From sle-updates at lists.suse.com Thu Sep 10 13:18:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 21:18:29 +0200 (CEST) Subject: SUSE-SU-2020:2602-1: moderate: Security update for slurm Message-ID: <20200910191829.C26F2F794@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2602-1 Rating: moderate References: #1172004 Cross-References: CVE-2019-19727 CVE-2020-12693 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for slurm fixes the following issues: - Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693 This fixes and issue where authentication could be bypassed via an alternate path or channel when message Aggregation was enabled. A race condition allowed a user to launch a process as an arbitrary user. Add: Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-1269 3.patch (CVE-2020-12693, bsc#1172004). - Remove unneeded build dependency to postgresql-devel. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-2602=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2602=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2602=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): libslurm32-17.11.13-6.31.1 libslurm32-debuginfo-17.11.13-6.31.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpmi0-17.11.13-6.31.1 libpmi0-debuginfo-17.11.13-6.31.1 libslurm32-17.11.13-6.31.1 libslurm32-debuginfo-17.11.13-6.31.1 perl-slurm-17.11.13-6.31.1 perl-slurm-debuginfo-17.11.13-6.31.1 slurm-17.11.13-6.31.1 slurm-auth-none-17.11.13-6.31.1 slurm-auth-none-debuginfo-17.11.13-6.31.1 slurm-config-17.11.13-6.31.1 slurm-debuginfo-17.11.13-6.31.1 slurm-debugsource-17.11.13-6.31.1 slurm-devel-17.11.13-6.31.1 slurm-doc-17.11.13-6.31.1 slurm-lua-17.11.13-6.31.1 slurm-lua-debuginfo-17.11.13-6.31.1 slurm-munge-17.11.13-6.31.1 slurm-munge-debuginfo-17.11.13-6.31.1 slurm-node-17.11.13-6.31.1 slurm-node-debuginfo-17.11.13-6.31.1 slurm-pam_slurm-17.11.13-6.31.1 slurm-pam_slurm-debuginfo-17.11.13-6.31.1 slurm-plugins-17.11.13-6.31.1 slurm-plugins-debuginfo-17.11.13-6.31.1 slurm-slurmdbd-17.11.13-6.31.1 slurm-slurmdbd-debuginfo-17.11.13-6.31.1 slurm-sql-17.11.13-6.31.1 slurm-sql-debuginfo-17.11.13-6.31.1 slurm-torque-17.11.13-6.31.1 slurm-torque-debuginfo-17.11.13-6.31.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpmi0-17.11.13-6.31.1 libpmi0-debuginfo-17.11.13-6.31.1 libslurm32-17.11.13-6.31.1 libslurm32-debuginfo-17.11.13-6.31.1 perl-slurm-17.11.13-6.31.1 perl-slurm-debuginfo-17.11.13-6.31.1 slurm-17.11.13-6.31.1 slurm-auth-none-17.11.13-6.31.1 slurm-auth-none-debuginfo-17.11.13-6.31.1 slurm-config-17.11.13-6.31.1 slurm-debuginfo-17.11.13-6.31.1 slurm-debugsource-17.11.13-6.31.1 slurm-devel-17.11.13-6.31.1 slurm-doc-17.11.13-6.31.1 slurm-lua-17.11.13-6.31.1 slurm-lua-debuginfo-17.11.13-6.31.1 slurm-munge-17.11.13-6.31.1 slurm-munge-debuginfo-17.11.13-6.31.1 slurm-node-17.11.13-6.31.1 slurm-node-debuginfo-17.11.13-6.31.1 slurm-pam_slurm-17.11.13-6.31.1 slurm-pam_slurm-debuginfo-17.11.13-6.31.1 slurm-plugins-17.11.13-6.31.1 slurm-plugins-debuginfo-17.11.13-6.31.1 slurm-slurmdbd-17.11.13-6.31.1 slurm-slurmdbd-debuginfo-17.11.13-6.31.1 slurm-sql-17.11.13-6.31.1 slurm-sql-debuginfo-17.11.13-6.31.1 slurm-torque-17.11.13-6.31.1 slurm-torque-debuginfo-17.11.13-6.31.1 References: https://www.suse.com/security/cve/CVE-2019-19727.html https://www.suse.com/security/cve/CVE-2020-12693.html https://bugzilla.suse.com/1172004 From sle-updates at lists.suse.com Thu Sep 10 13:20:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 10 Sep 2020 21:20:09 +0200 (CEST) Subject: SUSE-SU-2020:2598-1: moderate: Security update for slurm Message-ID: <20200910192009.D2B07F794@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2598-1 Rating: moderate References: #1172004 Cross-References: CVE-2020-12693 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm fixes the following issues: - Fix Authentication Bypass when Message Aggregation is enabled CVE-2020-12693 This fixes and issue where authentication could be bypassed via an alternate path or channel when message Aggregation was enabled. A race condition allowed a user to launch a process as an arbitrary user. Add: Fix-Authentication-Bypass-when-Message-Aggregation-is-enabled-CVE-2020-1269 3.patch (CVE-2020-12693, bsc#1172004). - Remove unneeded build dependency to postgresql-devel. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-2598=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): libpmi0-18.08.9-3.13.2 libpmi0-debuginfo-18.08.9-3.13.2 libslurm33-18.08.9-3.13.2 libslurm33-debuginfo-18.08.9-3.13.2 perl-slurm-18.08.9-3.13.2 perl-slurm-debuginfo-18.08.9-3.13.2 slurm-18.08.9-3.13.2 slurm-auth-none-18.08.9-3.13.2 slurm-auth-none-debuginfo-18.08.9-3.13.2 slurm-config-18.08.9-3.13.2 slurm-config-man-18.08.9-3.13.2 slurm-debuginfo-18.08.9-3.13.2 slurm-debugsource-18.08.9-3.13.2 slurm-devel-18.08.9-3.13.2 slurm-doc-18.08.9-3.13.2 slurm-lua-18.08.9-3.13.2 slurm-lua-debuginfo-18.08.9-3.13.2 slurm-munge-18.08.9-3.13.2 slurm-munge-debuginfo-18.08.9-3.13.2 slurm-node-18.08.9-3.13.2 slurm-node-debuginfo-18.08.9-3.13.2 slurm-pam_slurm-18.08.9-3.13.2 slurm-pam_slurm-debuginfo-18.08.9-3.13.2 slurm-plugins-18.08.9-3.13.2 slurm-plugins-debuginfo-18.08.9-3.13.2 slurm-slurmdbd-18.08.9-3.13.2 slurm-slurmdbd-debuginfo-18.08.9-3.13.2 slurm-sql-18.08.9-3.13.2 slurm-sql-debuginfo-18.08.9-3.13.2 slurm-sview-18.08.9-3.13.2 slurm-sview-debuginfo-18.08.9-3.13.2 slurm-torque-18.08.9-3.13.2 slurm-torque-debuginfo-18.08.9-3.13.2 References: https://www.suse.com/security/cve/CVE-2020-12693.html https://bugzilla.suse.com/1172004 From sle-updates at lists.suse.com Fri Sep 11 04:17:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2020 12:17:09 +0200 (CEST) Subject: SUSE-SU-2020:2605-1: important: Security update for the Linux Kernel Message-ID: <20200911101709.3CABBFCEB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2605-1 Rating: important References: #1065729 #1071995 #1074701 #1083548 #1085030 #1085235 #1085308 #1087078 #1087082 #1094912 #1100394 #1102640 #1105412 #1111666 #1112178 #1113956 #1120163 #1133021 #1144333 #1171988 #1172108 #1172247 #1172418 #1172428 #1172781 #1172782 #1172783 #1172871 #1172872 #1172963 #1173485 #1173798 #1173954 #1174026 #1174070 #1174161 #1174205 #1174247 #1174343 #1174356 #1174387 #1174409 #1174438 #1174462 #1174484 #1174547 #1174549 #1174550 #1174625 #1174658 #1174685 #1174689 #1174699 #1174734 #1174757 #1174771 #1174840 #1174841 #1174843 #1174844 #1174845 #1174852 #1174873 #1174887 #1174904 #1174926 #1174968 #1175062 #1175063 #1175064 #1175065 #1175066 #1175067 #1175112 #1175127 #1175128 #1175149 #1175199 #1175213 #1175228 #1175232 #1175284 #1175393 #1175394 #1175396 #1175397 #1175398 #1175399 #1175400 #1175401 #1175402 #1175403 #1175404 #1175405 #1175406 #1175407 #1175408 #1175409 #1175410 #1175411 #1175412 #1175413 #1175414 #1175415 #1175416 #1175417 #1175418 #1175419 #1175420 #1175421 #1175422 #1175423 #1175440 #1175493 #1175518 #1175526 #1175550 #1175654 #1175666 #1175668 #1175669 #1175670 #1175767 #1175768 #1175769 #1175770 #1175771 #1175772 #1175786 #1175992 Cross-References: CVE-2018-3639 CVE-2020-0305 CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-16166 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 122 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-0305: Fixed a a possible use-after-free due to a race condition cdev_get(). This could lead to local escalation of privilege with System execution privileges needed (bnc#1174462). The following non-security bugs were fixed: - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on <linux/prctl.h> (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: <uapi/asm/ptrace.h> should not depend on <uapi/linux/prctl.h> (bsc#1175401). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) - drm/debugfs: fix plain echo to connector "force" attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. (bsc#1112178) - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: remove unused struct member (bsc#1174550). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI: genetlink: remove genl_bind (kabi). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - kvm: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - NTB: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - NTB: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix "try" semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging/speakup: fix get_word non-space look-ahead (git-fixes). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: option: add GosunCn GM500 series (bsc#1111666). - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2020-2605=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.16.1 dlm-kmp-rt-4.12.14-10.16.1 gfs2-kmp-rt-4.12.14-10.16.1 kernel-rt-4.12.14-10.16.1 kernel-rt-base-4.12.14-10.16.1 kernel-rt-devel-4.12.14-10.16.1 kernel-rt_debug-4.12.14-10.16.1 kernel-rt_debug-devel-4.12.14-10.16.1 kernel-syms-rt-4.12.14-10.16.1 ocfs2-kmp-rt-4.12.14-10.16.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.16.1 kernel-source-rt-4.12.14-10.16.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085235 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1087078 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1094912 https://bugzilla.suse.com/1100394 https://bugzilla.suse.com/1102640 https://bugzilla.suse.com/1105412 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174070 https://bugzilla.suse.com/1174161 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174247 https://bugzilla.suse.com/1174343 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174547 https://bugzilla.suse.com/1174549 https://bugzilla.suse.com/1174550 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174658 https://bugzilla.suse.com/1174685 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174734 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174840 https://bugzilla.suse.com/1174841 https://bugzilla.suse.com/1174843 https://bugzilla.suse.com/1174844 https://bugzilla.suse.com/1174845 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174873 https://bugzilla.suse.com/1174887 https://bugzilla.suse.com/1174904 https://bugzilla.suse.com/1174926 https://bugzilla.suse.com/1174968 https://bugzilla.suse.com/1175062 https://bugzilla.suse.com/1175063 https://bugzilla.suse.com/1175064 https://bugzilla.suse.com/1175065 https://bugzilla.suse.com/1175066 https://bugzilla.suse.com/1175067 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175393 https://bugzilla.suse.com/1175394 https://bugzilla.suse.com/1175396 https://bugzilla.suse.com/1175397 https://bugzilla.suse.com/1175398 https://bugzilla.suse.com/1175399 https://bugzilla.suse.com/1175400 https://bugzilla.suse.com/1175401 https://bugzilla.suse.com/1175402 https://bugzilla.suse.com/1175403 https://bugzilla.suse.com/1175404 https://bugzilla.suse.com/1175405 https://bugzilla.suse.com/1175406 https://bugzilla.suse.com/1175407 https://bugzilla.suse.com/1175408 https://bugzilla.suse.com/1175409 https://bugzilla.suse.com/1175410 https://bugzilla.suse.com/1175411 https://bugzilla.suse.com/1175412 https://bugzilla.suse.com/1175413 https://bugzilla.suse.com/1175414 https://bugzilla.suse.com/1175415 https://bugzilla.suse.com/1175416 https://bugzilla.suse.com/1175417 https://bugzilla.suse.com/1175418 https://bugzilla.suse.com/1175419 https://bugzilla.suse.com/1175420 https://bugzilla.suse.com/1175421 https://bugzilla.suse.com/1175422 https://bugzilla.suse.com/1175423 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175526 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175666 https://bugzilla.suse.com/1175668 https://bugzilla.suse.com/1175669 https://bugzilla.suse.com/1175670 https://bugzilla.suse.com/1175767 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175786 https://bugzilla.suse.com/1175992 From sle-updates at lists.suse.com Fri Sep 11 04:35:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2020 12:35:30 +0200 (CEST) Subject: SUSE-SU-2020:2607-1: moderate: Security update for pdsh, slurm_20_02 Message-ID: <20200911103531.00223FCEB@maintenance.suse.de> SUSE Security Update: Security update for pdsh, slurm_20_02 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2607-1 Rating: moderate References: #1007053 #1018371 #1031872 #1041706 #1065697 #1084125 #1084917 #1085240 #1085606 #1086859 #1088693 #1090292 #1095508 #1100850 #1103561 #1108671 #1109373 #1116758 #1123304 #1140709 #1153095 #1153259 #1155784 #1158696 #1159692 #1161716 #1162377 #1164326 #1164386 #1172004 #1173805 SLE-10800 SLE-7341 SLE-7342 SLE-8491 Cross-References: CVE-2016-10030 CVE-2017-15566 CVE-2018-10995 CVE-2018-7033 CVE-2019-12838 CVE-2019-19727 CVE-2019-19728 CVE-2019-6438 CVE-2020-12693 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that solves 9 vulnerabilities, contains four features and has 22 fixes is now available. Description: This update for pdsh, slurm_20_02 fixes the following issues: Changes in slurm_20_02: - Add support for openPMIx also for Leap/SLE 15.0/1 (bsc#1173805). - Do not run %check on SLE-12-SP2: Some incompatibility in tcl makes this fail. - Remove unneeded build dependency to postgresql-devel. - Disable build on s390 (requires 64bit). - Bring QA to the package build: add %%check stage. - Remove cruft that isn't needed any longer. - Add 'ghosted' run-file. - Add rpmlint filter to handle issues with library packages for Leap and enterprise upgrade versions. - Updated to 20.02.3 which fixes CVE-2020-12693 (bsc#1172004). - Other changes are: * Factor in ntasks-per-core=1 with cons_tres. * Fix formatting in error message in cons_tres. * Fix calling stat on a NULL variable. * Fix minor memory leak when using reservations with flags=first_cores. * Fix gpu bind issue when CPUs=Cores and ThreadsPerCore > 1 on a node. * Fix --mem-per-gpu for heterogenous --gres requests. * Fix slurmctld load order in load_all_part_state(). * Fix race condition not finding jobacct gather task cgroup entry. * Suppress error message when selecting nodes on disjoint topologies. * Improve performance of _pack_default_job_details() with large number of job * arguments. * Fix archive loading previous to 17.11 jobs per-node req_mem. * Fix regresion validating that --gpus-per-socket requires --sockets-per-node * for steps. Should only validate allocation requests. * error() instead of fatal() when parsing an invalid hostlist. * nss_slurm - fix potential deadlock in slurmstepd on overloaded systems. * cons_tres - fix --gres-flags=enforce-binding and related --cpus-per-gres. * cons_tres - Allocate lowest numbered cores when filtering cores with gres. * Fix getting system counts for named GRES/TRES. * MySQL - Fix for handing typed GRES for association rollups. * Fix step allocations when tasks_per_core > 1. * Fix allocating more GRES than requested when asking for multiple GRES types. - Treat libnss_slurm like any other package: add version string to upgrade package. - Updated to 20.02.1 with following changes" * Improve job state reason for jobs hitting partition_job_depth. * Speed up testing of singleton dependencies. * Fix negative loop bound in cons_tres. * srun - capture the MPI plugin return code from mpi_hook_client_fini() and use as final return code for step failure. * Fix segfault in cli_filter/lua. * Fix --gpu-bind=map_gpu reusability if tasks > elements. * Make sure config_flags on a gres are sent to the slurmctld on node registration. * Prolog/Epilog - Fix missing GPU information. * Fix segfault when using config parser for expanded lines. * Fix bit overlap test function. * Don't accrue time if job begin time is in the future. * Remove accrue time when updating a job start/eligible time to the future. * Fix regression in 20.02.0 that broke --depend=expand. * Reset begin time on job release if it's not in the future. * Fix for recovering burst buffers when using high-availability. * Fix invalid read due to freeing an incorrectly allocated env array. * Update slurmctld -i message to warn about losing data. * Fix scontrol cancel_reboot so it clears the DRAIN flag and node reason for a pending ASAP reboot. Changes in pdsh: - Bring QA to the package build: add %%check stage - Since the build for the SLE-12 HPC Module got fixed, simplify spec file and remove legacy workarounds. - Remove _multibuild file where not needed. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2020-2607=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libnss_slurm2_20_02-20.02.3-3.5.1 libnss_slurm2_20_02-debuginfo-20.02.3-3.5.1 libpmi0_20_02-20.02.3-3.5.1 libpmi0_20_02-debuginfo-20.02.3-3.5.1 libslurm35-20.02.3-3.5.1 libslurm35-debuginfo-20.02.3-3.5.1 pdsh-slurm_18_08-2.34-7.26.2 pdsh-slurm_18_08-debuginfo-2.34-7.26.2 pdsh-slurm_20_02-2.34-7.26.2 pdsh-slurm_20_02-debuginfo-2.34-7.26.2 perl-slurm_20_02-20.02.3-3.5.1 perl-slurm_20_02-debuginfo-20.02.3-3.5.1 slurm_20_02-20.02.3-3.5.1 slurm_20_02-auth-none-20.02.3-3.5.1 slurm_20_02-auth-none-debuginfo-20.02.3-3.5.1 slurm_20_02-config-20.02.3-3.5.1 slurm_20_02-config-man-20.02.3-3.5.1 slurm_20_02-debuginfo-20.02.3-3.5.1 slurm_20_02-debugsource-20.02.3-3.5.1 slurm_20_02-devel-20.02.3-3.5.1 slurm_20_02-doc-20.02.3-3.5.1 slurm_20_02-lua-20.02.3-3.5.1 slurm_20_02-lua-debuginfo-20.02.3-3.5.1 slurm_20_02-munge-20.02.3-3.5.1 slurm_20_02-munge-debuginfo-20.02.3-3.5.1 slurm_20_02-node-20.02.3-3.5.1 slurm_20_02-node-debuginfo-20.02.3-3.5.1 slurm_20_02-pam_slurm-20.02.3-3.5.1 slurm_20_02-pam_slurm-debuginfo-20.02.3-3.5.1 slurm_20_02-plugins-20.02.3-3.5.1 slurm_20_02-plugins-debuginfo-20.02.3-3.5.1 slurm_20_02-slurmdbd-20.02.3-3.5.1 slurm_20_02-slurmdbd-debuginfo-20.02.3-3.5.1 slurm_20_02-sql-20.02.3-3.5.1 slurm_20_02-sql-debuginfo-20.02.3-3.5.1 slurm_20_02-sview-20.02.3-3.5.1 slurm_20_02-sview-debuginfo-20.02.3-3.5.1 slurm_20_02-torque-20.02.3-3.5.1 slurm_20_02-torque-debuginfo-20.02.3-3.5.1 References: https://www.suse.com/security/cve/CVE-2016-10030.html https://www.suse.com/security/cve/CVE-2017-15566.html https://www.suse.com/security/cve/CVE-2018-10995.html https://www.suse.com/security/cve/CVE-2018-7033.html https://www.suse.com/security/cve/CVE-2019-12838.html https://www.suse.com/security/cve/CVE-2019-19727.html https://www.suse.com/security/cve/CVE-2019-19728.html https://www.suse.com/security/cve/CVE-2019-6438.html https://www.suse.com/security/cve/CVE-2020-12693.html https://bugzilla.suse.com/1007053 https://bugzilla.suse.com/1018371 https://bugzilla.suse.com/1031872 https://bugzilla.suse.com/1041706 https://bugzilla.suse.com/1065697 https://bugzilla.suse.com/1084125 https://bugzilla.suse.com/1084917 https://bugzilla.suse.com/1085240 https://bugzilla.suse.com/1085606 https://bugzilla.suse.com/1086859 https://bugzilla.suse.com/1088693 https://bugzilla.suse.com/1090292 https://bugzilla.suse.com/1095508 https://bugzilla.suse.com/1100850 https://bugzilla.suse.com/1103561 https://bugzilla.suse.com/1108671 https://bugzilla.suse.com/1109373 https://bugzilla.suse.com/1116758 https://bugzilla.suse.com/1123304 https://bugzilla.suse.com/1140709 https://bugzilla.suse.com/1153095 https://bugzilla.suse.com/1153259 https://bugzilla.suse.com/1155784 https://bugzilla.suse.com/1158696 https://bugzilla.suse.com/1159692 https://bugzilla.suse.com/1161716 https://bugzilla.suse.com/1162377 https://bugzilla.suse.com/1164326 https://bugzilla.suse.com/1164386 https://bugzilla.suse.com/1172004 https://bugzilla.suse.com/1173805 From sle-updates at lists.suse.com Fri Sep 11 04:39:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2020 12:39:36 +0200 (CEST) Subject: SUSE-SU-2020:2606-1: moderate: Security update for golang-github-prometheus-prometheus Message-ID: <20200911103936.1C1ACF794@maintenance.suse.de> SUSE Security Update: Security update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2606-1 Rating: moderate References: #1143913 #1175478 Cross-References: CVE-2019-10215 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for golang-github-prometheus-prometheus to version 2.18.0 fixes the following issues: - Fixed some building issues (bsc#1175478) - prometheus components systemd units should depend on network target (bsc#1143913). Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and "Xs ago" duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-102 15). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update to Prometheus 2.11.2 + Fixes crashes when systems have no FQDN + Adds Parallel calls to Uyuni API, meaningful performance increase + Adds Support for system group labels - Build with PIE - Only package required files (reduces rpm size by 4 MB) - Add sysconfig file - Add firewall config file - Use variables for defining user and group - Add support for Uyuni/SUSE Manager service discovery - readded _service file removed in error. - Update to 2.11.1 + Bug Fix: * Fix potential panic when prometheus is watching multiple zookeeper paths. - Update to 2.11.0 + Bug Fix: * resolve race condition in maxGauge. * Fix ZooKeeper connection leak. * Improved atomicity of .tmp block replacement during compaction for usual case. * Fix "unknown series references" after clean shutdown. * Re-calculate block size when calling block.Delete. * Fix unsafe snapshots with head block. * prometheus_tsdb_compactions_failed_total is now incremented on any compaction failure. + Changes: * Remove max_retries from queue_config (it has been unused since rewriting remote-write to utilize the write-ahead-log) * The meta file BlockStats no longer holds size information. This is now dynamically calculated and kept in memory. It also includes the meta file size which was not included before * Renamed metric from prometheus_tsdb_wal_reader_corruption_errors to prometheus_tsdb_wal_reader_corruption_errors_total + Features: * Add option to use Alertmanager API v2. * Added humanizePercentage function for templates. * Include InitContainers in Kubernetes Service Discovery. * Provide option to compress WAL records using Snappy. + Enhancements: * Create new clean segment when starting the WAL. * Reduce allocations in PromQL aggregations. * Add storage warnings to LabelValues and LabelNames API results. * Add prometheus_http_requests_total metric. * Enable openbsd/arm build. * Remote-write allocation improvements. * Query performance improvement: Efficient iteration and search in HashForLabels and HashWithoutLabels. * Allow injection of arbitrary headers in promtool. * Allow passing external_labels in alert unit tests groups. * Allows globs for rules when unit testing. * Improved postings intersection matching. * Reduced disk usage for WAL for small setups. * Optimize queries using regexp for set lookups. - Update to 2.10.0: + Bug Fixes: * TSDB: Don't panic when running out of disk space and recover nicely from the condition * TSDB: Correctly handle empty labels. * TSDB: Don't crash on an unknown tombstone reference. * Storage/remote: Remove queue-manager specific metrics if queue no longer exists. * PromQL: Correctly display {__name__="a"}. * Discovery/kubernetes: Use service rather than ingress as the name for the service workqueue. * Discovery/azure: Don't panic on a VM with a public IP. * Web: Fixed Content-Type for js and css instead of using /etc/mime.types. * API: Encode alert values as string to correctly represent Inf/NaN. + Features: * Template expansion: Make external labels available as $externalLabels in alert and console template expansion. * TSDB: Add prometheus_tsdb_wal_segment_current metric for the WAL segment index that TSDB is currently writing to. tsdb * Scrape: Add scrape_series_added per-scrape metric. #5546 + Enhancements * Discovery/kubernetes: Add labels __meta_kubernetes_endpoint_node_name and __meta_kubernetes_endpoint_hostname. * Discovery/azure: Add label __meta_azure_machine_public_ip. * TSDB: Simplify mergedPostings.Seek, resulting in better performance if there are many posting lists. tsdb * Log filesystem type on startup. * Cmd/promtool: Use POST requests for Query and QueryRange. client_golang * Web: Sort alerts by group name. * Console templates: Add convenience variables $rawParams, $params, $path. - Upadte to 2.9.2 + Bug Fixes: * Make sure subquery range is taken into account for selection * Exhaust every request body before closing it * Cmd/promtool: return errors from rule evaluations * Remote Storage: string interner should not panic in release * Fix memory allocation regression in mergedPostings.Seek tsdb - Update to 2.9.1 + Bug Fixes: * Discovery/kubernetes: fix missing label sanitization * Remote_write: Prevent reshard concurrent with calling stop - Update to 2.9.0 + Feature: * Add honor_timestamps scrape option. + Enhancements: * Update Consul to support catalog.ServiceMultipleTags. * Discovery/kubernetes: add present labels for labels/annotations. * OpenStack SD: Add ProjectID and UserID meta labels. * Add GODEBUG and retention to the runtime page. * Add support for POSTing to /series endpoint. * Support PUT methods for Lifecycle and Admin APIs. * Scrape: Add global jitter for HA server. * Check for cancellation on every step of a range evaluation. * String interning for labels & values in the remote_write path. * Don't lose the scrape cache on a failed scrape. * Reload cert files from disk automatically. common * Use fixed length millisecond timestamp format for logs. common * Performance improvements for postings. Bug Fixes: * Remote Write: fix checkpoint reading. * Check if label value is valid when unmarshaling external labels from YAML. * Promparse: sort all labels when parsing. * Reload rules: copy state on both name and labels. * Exponentation operator to drop metric name in result of operation. * Config: resolve more file paths. * Promtool: resolve relative paths in alert test files. * Set TLSHandshakeTimeout in HTTP transport. common * Use fsync to be more resilient to machine crashes. * Keep series that are still in WAL in checkpoints. - Update to 2.8.1 + Bug Fixes * Display the job labels in /targets which was removed accidentally - Update to 2.8.0 + Change: * This release uses Write-Ahead Logging (WAL) for the remote_write API. This currently causes a slight increase in memory usage, which will be addressed in future releases. * Default time retention is used only when no size based retention is specified. These are flags where time retention is specified by the flag --storage.tsdb.retention and size retention by --storage.tsdb.retention.size. * prometheus_tsdb_storage_blocks_bytes_total is now prometheus_tsdb_storage_blocks_bytes. + Feature: * (EXPERIMENTAL) Time overlapping blocks are now allowed; vertical compaction and vertical query merge. It is an optional feature which is controlled by the --storage.tsdb.allow-overlapping-blocks flag, disabled by default. + Enhancements: * Use the WAL for remote_write API. * Query performance improvements. * UI enhancements with upgrade to Bootstrap 4. * Reduce time that Alertmanagers are in flux when reloaded. * Limit number of metrics displayed on UI to 10000. * (1) Remember All/Unhealthy choice on target-overview when reloading page. (2) Resize text-input area on Graph page on mouseclick. * In histogram_quantile merge buckets with equivalent le values. * Show list of offending labels in the error message in many-to-many scenarios. * Show Storage Retention criteria in effect on /status page. + Bug Fixes: + Fix sorting of rule groups. + Fix support for password_file and bearer_token_file in Kubernetes SD. + Scrape: catch errors when creating HTTP clients + Adds new metrics: prometheus_target_scrape_pools_total prometheus_target_scrape_pools_failed_total prometheus_target_scrape_pool_reloads_total prometheus_target_scrape_pool_reloads_failed_total + Fix panic when aggregator param is not a literal. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-2606=1 Package List: - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-prometheus-2.18.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10215.html https://bugzilla.suse.com/1143913 https://bugzilla.suse.com/1175478 From sle-updates at lists.suse.com Fri Sep 11 07:14:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2020 15:14:42 +0200 (CEST) Subject: SUSE-SU-2020:2610-1: important: Security update for the Linux Kernel Message-ID: <20200911131442.1F9E2F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2610-1 Rating: important References: #1058115 #1071995 #1154366 #1165629 #1165631 #1171988 #1172428 #1173798 #1174205 #1174757 #1175112 #1175122 #1175128 #1175204 #1175213 #1175515 #1175518 #1175691 #1175992 #1176069 Cross-References: CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 12 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1175122). - cifs: allow unlock flock and OFD lock across fork (bsc#1175122). - cifs_atomic_open(): fix double-put on late allocation failure (bsc#1175122). - cifs: Avoid doing network I/O while holding cache lock (bsc#1175122). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1175122). - cifs: Clean up DFS referral cache (bsc#1175122). - cifs: document and cleanup dfs mount (bsc#1172428 bsc#1175122). - cifs: do not ignore the SYNC flags in getattr (bsc#1175122). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1175122). - cifs: do not share tcons with DFS (bsc#1175122). - cifs: ensure correct super block for DFS reconnect (bsc#1175122). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1175122). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1175122). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1172428 bsc#1175122). - cifs: fix double free error on share and prefix (bsc#1172428 bsc#1175122). - cifs: fix leaked reference on requeued write (bsc#1175122). - cifs: fix NULL dereference in match_prepath (bsc#1175122). - cifs: Fix null pointer check in cifs_read (bsc#1175122). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1175122). - cifs: fix potential mismatch of UNC paths (bsc#1175122). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1175122). - cifs: Fix return value in __update_cache_entry (bsc#1175122). - cifs: fix soft mounts hanging in the reconnect code (bsc#1175122). - cifs: Fix task struct use-after-free on reconnect (bsc#1175122). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1175122). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1175122). - cifs: Get rid of kstrdup_const()'d paths (bsc#1175122). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1175122). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1172428 bsc#1175122). - cifs: handle hostnames that resolve to same ip in failover (bsc#1175122). - cifs: handle prefix paths in reconnect (bsc#1175122). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1172428 bsc#1175122). - cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1175122). - cifs: Introduce helpers for finding TCP connection (bsc#1175122). - cifs: make sure we do not overflow the max EA buffer size (bsc#1175122). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1175122). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1172428 bsc#1175122). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1175122). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1175122). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1172428 bsc#1175122). - cifs: Optimize readdir on reparse points (bsc#1175122). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1175122). - cifs: protect updating server->dstaddr with a spinlock (bsc#1175122). - cifs: reduce number of referral requests in DFS link lookups (bsc#1172428 bsc#1175122). - cifs: rename reconn_inval_dfs_target() (bsc#1172428 bsc#1175122). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1175122). - cifs: set up next DFS target before generic_ip_connect() (bsc#1175122). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1175122). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1175122). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - smb3: fix performance regression with setting mtime (bsc#1175122). - smb3: query attributes on file close (bsc#1175122). - smb3: remove unused flag passed into close functions (bsc#1175122). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2610=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2610=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2610=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2610=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2610=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150.58.1 kernel-default-base-4.12.14-150.58.1 kernel-default-debuginfo-4.12.14-150.58.1 kernel-default-debugsource-4.12.14-150.58.1 kernel-default-devel-4.12.14-150.58.1 kernel-default-devel-debuginfo-4.12.14-150.58.1 kernel-obs-build-4.12.14-150.58.1 kernel-obs-build-debugsource-4.12.14-150.58.1 kernel-syms-4.12.14-150.58.1 kernel-vanilla-base-4.12.14-150.58.1 kernel-vanilla-base-debuginfo-4.12.14-150.58.1 kernel-vanilla-debuginfo-4.12.14-150.58.1 kernel-vanilla-debugsource-4.12.14-150.58.1 reiserfs-kmp-default-4.12.14-150.58.1 reiserfs-kmp-default-debuginfo-4.12.14-150.58.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150.58.1 kernel-docs-4.12.14-150.58.1 kernel-macros-4.12.14-150.58.1 kernel-source-4.12.14-150.58.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150.58.1 kernel-default-base-4.12.14-150.58.1 kernel-default-debuginfo-4.12.14-150.58.1 kernel-default-debugsource-4.12.14-150.58.1 kernel-default-devel-4.12.14-150.58.1 kernel-default-devel-debuginfo-4.12.14-150.58.1 kernel-obs-build-4.12.14-150.58.1 kernel-obs-build-debugsource-4.12.14-150.58.1 kernel-syms-4.12.14-150.58.1 kernel-vanilla-base-4.12.14-150.58.1 kernel-vanilla-base-debuginfo-4.12.14-150.58.1 kernel-vanilla-debuginfo-4.12.14-150.58.1 kernel-vanilla-debugsource-4.12.14-150.58.1 reiserfs-kmp-default-4.12.14-150.58.1 reiserfs-kmp-default-debuginfo-4.12.14-150.58.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150.58.1 kernel-docs-4.12.14-150.58.1 kernel-macros-4.12.14-150.58.1 kernel-source-4.12.14-150.58.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150.58.1 kernel-zfcpdump-debuginfo-4.12.14-150.58.1 kernel-zfcpdump-debugsource-4.12.14-150.58.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150.58.1 kernel-default-base-4.12.14-150.58.1 kernel-default-debuginfo-4.12.14-150.58.1 kernel-default-debugsource-4.12.14-150.58.1 kernel-default-devel-4.12.14-150.58.1 kernel-default-devel-debuginfo-4.12.14-150.58.1 kernel-obs-build-4.12.14-150.58.1 kernel-obs-build-debugsource-4.12.14-150.58.1 kernel-syms-4.12.14-150.58.1 kernel-vanilla-base-4.12.14-150.58.1 kernel-vanilla-base-debuginfo-4.12.14-150.58.1 kernel-vanilla-debuginfo-4.12.14-150.58.1 kernel-vanilla-debugsource-4.12.14-150.58.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150.58.1 kernel-docs-4.12.14-150.58.1 kernel-macros-4.12.14-150.58.1 kernel-source-4.12.14-150.58.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150.58.1 kernel-default-base-4.12.14-150.58.1 kernel-default-debuginfo-4.12.14-150.58.1 kernel-default-debugsource-4.12.14-150.58.1 kernel-default-devel-4.12.14-150.58.1 kernel-default-devel-debuginfo-4.12.14-150.58.1 kernel-obs-build-4.12.14-150.58.1 kernel-obs-build-debugsource-4.12.14-150.58.1 kernel-syms-4.12.14-150.58.1 kernel-vanilla-base-4.12.14-150.58.1 kernel-vanilla-base-debuginfo-4.12.14-150.58.1 kernel-vanilla-debuginfo-4.12.14-150.58.1 kernel-vanilla-debugsource-4.12.14-150.58.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150.58.1 kernel-docs-4.12.14-150.58.1 kernel-macros-4.12.14-150.58.1 kernel-source-4.12.14-150.58.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.58.1 cluster-md-kmp-default-debuginfo-4.12.14-150.58.1 dlm-kmp-default-4.12.14-150.58.1 dlm-kmp-default-debuginfo-4.12.14-150.58.1 gfs2-kmp-default-4.12.14-150.58.1 gfs2-kmp-default-debuginfo-4.12.14-150.58.1 kernel-default-debuginfo-4.12.14-150.58.1 kernel-default-debugsource-4.12.14-150.58.1 ocfs2-kmp-default-4.12.14-150.58.1 ocfs2-kmp-default-debuginfo-4.12.14-150.58.1 References: https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175122 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175204 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175992 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Fri Sep 11 07:18:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2020 15:18:22 +0200 (CEST) Subject: SUSE-SU-2020:2609-1: moderate: Security update for libxml2 Message-ID: <20200911131822.53445F794@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2609-1 Rating: moderate References: #1159928 #1161517 #1161521 #1172021 #1176179 Cross-References: CVE-2019-19956 CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). - Fixed invalid xmlns references due to CVE-2019-19956 (bsc#1172021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2609=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2609=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.34.1 libxml2-devel-2.9.4-46.34.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.34.1 libxml2-2-debuginfo-2.9.4-46.34.1 libxml2-debugsource-2.9.4-46.34.1 libxml2-tools-2.9.4-46.34.1 libxml2-tools-debuginfo-2.9.4-46.34.1 python-libxml2-2.9.4-46.34.1 python-libxml2-debuginfo-2.9.4-46.34.1 python-libxml2-debugsource-2.9.4-46.34.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libxml2-2-32bit-2.9.4-46.34.1 libxml2-2-debuginfo-32bit-2.9.4-46.34.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libxml2-doc-2.9.4-46.34.1 References: https://www.suse.com/security/cve/CVE-2019-19956.html https://www.suse.com/security/cve/CVE-2019-20388.html https://www.suse.com/security/cve/CVE-2020-24977.html https://www.suse.com/security/cve/CVE-2020-7595.html https://bugzilla.suse.com/1159928 https://bugzilla.suse.com/1161517 https://bugzilla.suse.com/1161521 https://bugzilla.suse.com/1172021 https://bugzilla.suse.com/1176179 From sle-updates at lists.suse.com Fri Sep 11 07:19:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2020 15:19:40 +0200 (CEST) Subject: SUSE-SU-2020:2611-1: moderate: Security update for tomcat Message-ID: <20200911131940.2B103F794@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2611-1 Rating: moderate References: #1164860 #1174117 Cross-References: CVE-2020-13935 CVE-2020-1935 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - CVE-2020-1935: Fixed an HTTP request smuggling vulnerability (bsc#1164860). - CVE-2020-13935: Fixed a WebSocket DoS (bsc#1174117). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2611=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2611=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2611=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2611=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2611=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2611=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2611=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2611=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2611=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2611=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2611=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): tomcat-8.0.53-29.37.1 tomcat-admin-webapps-8.0.53-29.37.1 tomcat-docs-webapp-8.0.53-29.37.1 tomcat-el-3_0-api-8.0.53-29.37.1 tomcat-javadoc-8.0.53-29.37.1 tomcat-jsp-2_3-api-8.0.53-29.37.1 tomcat-lib-8.0.53-29.37.1 tomcat-servlet-3_1-api-8.0.53-29.37.1 tomcat-webapps-8.0.53-29.37.1 - SUSE OpenStack Cloud 8 (noarch): tomcat-8.0.53-29.37.1 tomcat-admin-webapps-8.0.53-29.37.1 tomcat-docs-webapp-8.0.53-29.37.1 tomcat-el-3_0-api-8.0.53-29.37.1 tomcat-javadoc-8.0.53-29.37.1 tomcat-jsp-2_3-api-8.0.53-29.37.1 tomcat-lib-8.0.53-29.37.1 tomcat-servlet-3_1-api-8.0.53-29.37.1 tomcat-webapps-8.0.53-29.37.1 - SUSE OpenStack Cloud 7 (noarch): tomcat-8.0.53-29.37.1 tomcat-admin-webapps-8.0.53-29.37.1 tomcat-docs-webapp-8.0.53-29.37.1 tomcat-el-3_0-api-8.0.53-29.37.1 tomcat-javadoc-8.0.53-29.37.1 tomcat-jsp-2_3-api-8.0.53-29.37.1 tomcat-lib-8.0.53-29.37.1 tomcat-servlet-3_1-api-8.0.53-29.37.1 tomcat-webapps-8.0.53-29.37.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): tomcat-8.0.53-29.37.1 tomcat-admin-webapps-8.0.53-29.37.1 tomcat-docs-webapp-8.0.53-29.37.1 tomcat-el-3_0-api-8.0.53-29.37.1 tomcat-javadoc-8.0.53-29.37.1 tomcat-jsp-2_3-api-8.0.53-29.37.1 tomcat-lib-8.0.53-29.37.1 tomcat-servlet-3_1-api-8.0.53-29.37.1 tomcat-webapps-8.0.53-29.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): tomcat-8.0.53-29.37.1 tomcat-admin-webapps-8.0.53-29.37.1 tomcat-docs-webapp-8.0.53-29.37.1 tomcat-el-3_0-api-8.0.53-29.37.1 tomcat-javadoc-8.0.53-29.37.1 tomcat-jsp-2_3-api-8.0.53-29.37.1 tomcat-lib-8.0.53-29.37.1 tomcat-servlet-3_1-api-8.0.53-29.37.1 tomcat-webapps-8.0.53-29.37.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): tomcat-8.0.53-29.37.1 tomcat-admin-webapps-8.0.53-29.37.1 tomcat-docs-webapp-8.0.53-29.37.1 tomcat-el-3_0-api-8.0.53-29.37.1 tomcat-javadoc-8.0.53-29.37.1 tomcat-jsp-2_3-api-8.0.53-29.37.1 tomcat-lib-8.0.53-29.37.1 tomcat-servlet-3_1-api-8.0.53-29.37.1 tomcat-webapps-8.0.53-29.37.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): tomcat-8.0.53-29.37.1 tomcat-admin-webapps-8.0.53-29.37.1 tomcat-docs-webapp-8.0.53-29.37.1 tomcat-el-3_0-api-8.0.53-29.37.1 tomcat-javadoc-8.0.53-29.37.1 tomcat-jsp-2_3-api-8.0.53-29.37.1 tomcat-lib-8.0.53-29.37.1 tomcat-servlet-3_1-api-8.0.53-29.37.1 tomcat-webapps-8.0.53-29.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): tomcat-8.0.53-29.37.1 tomcat-admin-webapps-8.0.53-29.37.1 tomcat-docs-webapp-8.0.53-29.37.1 tomcat-el-3_0-api-8.0.53-29.37.1 tomcat-javadoc-8.0.53-29.37.1 tomcat-jsp-2_3-api-8.0.53-29.37.1 tomcat-lib-8.0.53-29.37.1 tomcat-servlet-3_1-api-8.0.53-29.37.1 tomcat-webapps-8.0.53-29.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): tomcat-8.0.53-29.37.1 tomcat-admin-webapps-8.0.53-29.37.1 tomcat-docs-webapp-8.0.53-29.37.1 tomcat-el-3_0-api-8.0.53-29.37.1 tomcat-javadoc-8.0.53-29.37.1 tomcat-jsp-2_3-api-8.0.53-29.37.1 tomcat-lib-8.0.53-29.37.1 tomcat-servlet-3_1-api-8.0.53-29.37.1 tomcat-webapps-8.0.53-29.37.1 - SUSE Enterprise Storage 5 (noarch): tomcat-8.0.53-29.37.1 tomcat-admin-webapps-8.0.53-29.37.1 tomcat-docs-webapp-8.0.53-29.37.1 tomcat-el-3_0-api-8.0.53-29.37.1 tomcat-javadoc-8.0.53-29.37.1 tomcat-jsp-2_3-api-8.0.53-29.37.1 tomcat-lib-8.0.53-29.37.1 tomcat-servlet-3_1-api-8.0.53-29.37.1 tomcat-webapps-8.0.53-29.37.1 - HPE Helion Openstack 8 (noarch): tomcat-8.0.53-29.37.1 tomcat-admin-webapps-8.0.53-29.37.1 tomcat-docs-webapp-8.0.53-29.37.1 tomcat-el-3_0-api-8.0.53-29.37.1 tomcat-javadoc-8.0.53-29.37.1 tomcat-jsp-2_3-api-8.0.53-29.37.1 tomcat-lib-8.0.53-29.37.1 tomcat-servlet-3_1-api-8.0.53-29.37.1 tomcat-webapps-8.0.53-29.37.1 References: https://www.suse.com/security/cve/CVE-2020-13935.html https://www.suse.com/security/cve/CVE-2020-1935.html https://bugzilla.suse.com/1164860 https://bugzilla.suse.com/1174117 From sle-updates at lists.suse.com Fri Sep 11 07:20:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2020 15:20:44 +0200 (CEST) Subject: SUSE-SU-2020:2612-1: moderate: Security update for libxml2 Message-ID: <20200911132044.89352F794@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2612-1 Rating: moderate References: #1176179 Cross-References: CVE-2020-24977 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2612=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2612=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2612=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2612=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.25.1 python2-libxml2-python-2.9.7-3.25.1 python2-libxml2-python-debuginfo-2.9.7-3.25.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.25.1 python2-libxml2-python-2.9.7-3.25.1 python2-libxml2-python-debuginfo-2.9.7-3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.25.1 libxml2-2-debuginfo-2.9.7-3.25.1 libxml2-debugsource-2.9.7-3.25.1 libxml2-devel-2.9.7-3.25.1 libxml2-tools-2.9.7-3.25.1 libxml2-tools-debuginfo-2.9.7-3.25.1 python-libxml2-python-debugsource-2.9.7-3.25.1 python3-libxml2-python-2.9.7-3.25.1 python3-libxml2-python-debuginfo-2.9.7-3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libxml2-2-32bit-2.9.7-3.25.1 libxml2-2-32bit-debuginfo-2.9.7-3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.25.1 libxml2-2-debuginfo-2.9.7-3.25.1 libxml2-debugsource-2.9.7-3.25.1 libxml2-devel-2.9.7-3.25.1 libxml2-tools-2.9.7-3.25.1 libxml2-tools-debuginfo-2.9.7-3.25.1 python-libxml2-python-debugsource-2.9.7-3.25.1 python3-libxml2-python-2.9.7-3.25.1 python3-libxml2-python-debuginfo-2.9.7-3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libxml2-2-32bit-2.9.7-3.25.1 libxml2-2-32bit-debuginfo-2.9.7-3.25.1 References: https://www.suse.com/security/cve/CVE-2020-24977.html https://bugzilla.suse.com/1176179 From sle-updates at lists.suse.com Fri Sep 11 07:21:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 11 Sep 2020 15:21:41 +0200 (CEST) Subject: SUSE-SU-2020:2610-1: important: Security update for the Linux Kernel Message-ID: <20200911132141.23EB6F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2610-1 Rating: important References: #1058115 #1071995 #1154366 #1165629 #1165631 #1171988 #1172428 #1173798 #1174205 #1174757 #1175112 #1175122 #1175128 #1175204 #1175213 #1175515 #1175518 #1175691 #1175992 #1176069 Cross-References: CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 12 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1175122). - cifs: allow unlock flock and OFD lock across fork (bsc#1175122). - cifs_atomic_open(): fix double-put on late allocation failure (bsc#1175122). - cifs: Avoid doing network I/O while holding cache lock (bsc#1175122). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1175122). - cifs: Clean up DFS referral cache (bsc#1175122). - cifs: document and cleanup dfs mount (bsc#1172428 bsc#1175122). - cifs: do not ignore the SYNC flags in getattr (bsc#1175122). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1175122). - cifs: do not share tcons with DFS (bsc#1175122). - cifs: ensure correct super block for DFS reconnect (bsc#1175122). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1175122). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1175122). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1172428 bsc#1175122). - cifs: fix double free error on share and prefix (bsc#1172428 bsc#1175122). - cifs: fix leaked reference on requeued write (bsc#1175122). - cifs: fix NULL dereference in match_prepath (bsc#1175122). - cifs: Fix null pointer check in cifs_read (bsc#1175122). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1175122). - cifs: fix potential mismatch of UNC paths (bsc#1175122). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1175122). - cifs: Fix return value in __update_cache_entry (bsc#1175122). - cifs: fix soft mounts hanging in the reconnect code (bsc#1175122). - cifs: Fix task struct use-after-free on reconnect (bsc#1175122). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1175122). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1175122). - cifs: Get rid of kstrdup_const()'d paths (bsc#1175122). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1175122). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1172428 bsc#1175122). - cifs: handle hostnames that resolve to same ip in failover (bsc#1175122). - cifs: handle prefix paths in reconnect (bsc#1175122). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1172428 bsc#1175122). - cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1175122). - cifs: Introduce helpers for finding TCP connection (bsc#1175122). - cifs: make sure we do not overflow the max EA buffer size (bsc#1175122). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1175122). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1172428 bsc#1175122). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1175122). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1175122). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1172428 bsc#1175122). - cifs: Optimize readdir on reparse points (bsc#1175122). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1175122). - cifs: protect updating server->dstaddr with a spinlock (bsc#1175122). - cifs: reduce number of referral requests in DFS link lookups (bsc#1172428 bsc#1175122). - cifs: rename reconn_inval_dfs_target() (bsc#1172428 bsc#1175122). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1175122). - cifs: set up next DFS target before generic_ip_connect() (bsc#1175122). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1175122). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1175122). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - smb3: fix performance regression with setting mtime (bsc#1175122). - smb3: query attributes on file close (bsc#1175122). - smb3: remove unused flag passed into close functions (bsc#1175122). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2610=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2610=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2610=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2610=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2610=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2610=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150.58.1 kernel-default-base-4.12.14-150.58.1 kernel-default-debuginfo-4.12.14-150.58.1 kernel-default-debugsource-4.12.14-150.58.1 kernel-default-devel-4.12.14-150.58.1 kernel-default-devel-debuginfo-4.12.14-150.58.1 kernel-obs-build-4.12.14-150.58.1 kernel-obs-build-debugsource-4.12.14-150.58.1 kernel-syms-4.12.14-150.58.1 kernel-vanilla-base-4.12.14-150.58.1 kernel-vanilla-base-debuginfo-4.12.14-150.58.1 kernel-vanilla-debuginfo-4.12.14-150.58.1 kernel-vanilla-debugsource-4.12.14-150.58.1 reiserfs-kmp-default-4.12.14-150.58.1 reiserfs-kmp-default-debuginfo-4.12.14-150.58.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150.58.1 kernel-docs-4.12.14-150.58.1 kernel-macros-4.12.14-150.58.1 kernel-source-4.12.14-150.58.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150.58.1 kernel-default-base-4.12.14-150.58.1 kernel-default-debuginfo-4.12.14-150.58.1 kernel-default-debugsource-4.12.14-150.58.1 kernel-default-devel-4.12.14-150.58.1 kernel-default-devel-debuginfo-4.12.14-150.58.1 kernel-obs-build-4.12.14-150.58.1 kernel-obs-build-debugsource-4.12.14-150.58.1 kernel-syms-4.12.14-150.58.1 kernel-vanilla-base-4.12.14-150.58.1 kernel-vanilla-base-debuginfo-4.12.14-150.58.1 kernel-vanilla-debuginfo-4.12.14-150.58.1 kernel-vanilla-debugsource-4.12.14-150.58.1 reiserfs-kmp-default-4.12.14-150.58.1 reiserfs-kmp-default-debuginfo-4.12.14-150.58.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150.58.1 kernel-docs-4.12.14-150.58.1 kernel-macros-4.12.14-150.58.1 kernel-source-4.12.14-150.58.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150.58.1 kernel-zfcpdump-debuginfo-4.12.14-150.58.1 kernel-zfcpdump-debugsource-4.12.14-150.58.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.58.1 kernel-default-debugsource-4.12.14-150.58.1 kernel-default-livepatch-4.12.14-150.58.1 kernel-livepatch-4_12_14-150_58-default-1-1.3.1 kernel-livepatch-4_12_14-150_58-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150.58.1 kernel-default-base-4.12.14-150.58.1 kernel-default-debuginfo-4.12.14-150.58.1 kernel-default-debugsource-4.12.14-150.58.1 kernel-default-devel-4.12.14-150.58.1 kernel-default-devel-debuginfo-4.12.14-150.58.1 kernel-obs-build-4.12.14-150.58.1 kernel-obs-build-debugsource-4.12.14-150.58.1 kernel-syms-4.12.14-150.58.1 kernel-vanilla-base-4.12.14-150.58.1 kernel-vanilla-base-debuginfo-4.12.14-150.58.1 kernel-vanilla-debuginfo-4.12.14-150.58.1 kernel-vanilla-debugsource-4.12.14-150.58.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150.58.1 kernel-docs-4.12.14-150.58.1 kernel-macros-4.12.14-150.58.1 kernel-source-4.12.14-150.58.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150.58.1 kernel-default-base-4.12.14-150.58.1 kernel-default-debuginfo-4.12.14-150.58.1 kernel-default-debugsource-4.12.14-150.58.1 kernel-default-devel-4.12.14-150.58.1 kernel-default-devel-debuginfo-4.12.14-150.58.1 kernel-obs-build-4.12.14-150.58.1 kernel-obs-build-debugsource-4.12.14-150.58.1 kernel-syms-4.12.14-150.58.1 kernel-vanilla-base-4.12.14-150.58.1 kernel-vanilla-base-debuginfo-4.12.14-150.58.1 kernel-vanilla-debuginfo-4.12.14-150.58.1 kernel-vanilla-debugsource-4.12.14-150.58.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150.58.1 kernel-docs-4.12.14-150.58.1 kernel-macros-4.12.14-150.58.1 kernel-source-4.12.14-150.58.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.58.1 cluster-md-kmp-default-debuginfo-4.12.14-150.58.1 dlm-kmp-default-4.12.14-150.58.1 dlm-kmp-default-debuginfo-4.12.14-150.58.1 gfs2-kmp-default-4.12.14-150.58.1 gfs2-kmp-default-debuginfo-4.12.14-150.58.1 kernel-default-debuginfo-4.12.14-150.58.1 kernel-default-debugsource-4.12.14-150.58.1 ocfs2-kmp-default-4.12.14-150.58.1 ocfs2-kmp-default-debuginfo-4.12.14-150.58.1 References: https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175122 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175204 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175992 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Sat Sep 12 00:23:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Sep 2020 08:23:17 +0200 (CEST) Subject: SUSE-CU-2020:489-1: Security update of suse/sles12sp3 Message-ID: <20200912062317.6541DFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:489-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.203 , suse/sles12sp3:latest Container Release : 24.203 Severity : moderate Type : security References : 1159928 1161517 1161521 1172021 1176179 CVE-2019-19956 CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2609-1 Released: Fri Sep 11 10:58:59 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1159928,1161517,1161521,1172021,1176179,CVE-2019-19956,CVE-2019-20388,CVE-2020-24977,CVE-2020-7595 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). - Fixed invalid xmlns references due to CVE-2019-19956 (bsc#1172021). From sle-updates at lists.suse.com Sat Sep 12 00:34:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Sep 2020 08:34:22 +0200 (CEST) Subject: SUSE-CU-2020:490-1: Security update of suse/sles12sp4 Message-ID: <20200912063422.1BE8CFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:490-1 Container Tags : suse/sles12sp4:26.235 , suse/sles12sp4:latest Container Release : 26.235 Severity : moderate Type : security References : 1159928 1161517 1161521 1172021 1176179 CVE-2019-19956 CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2609-1 Released: Fri Sep 11 10:58:59 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1159928,1161517,1161521,1172021,1176179,CVE-2019-19956,CVE-2019-20388,CVE-2020-24977,CVE-2020-7595 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). - Fixed invalid xmlns references due to CVE-2019-19956 (bsc#1172021). From sle-updates at lists.suse.com Sat Sep 12 00:40:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Sep 2020 08:40:04 +0200 (CEST) Subject: SUSE-CU-2020:491-1: Security update of suse/sles12sp5 Message-ID: <20200912064004.B56ADFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:491-1 Container Tags : suse/sles12sp5:6.5.59 , suse/sles12sp5:latest Container Release : 6.5.59 Severity : moderate Type : security References : 1159928 1161517 1161521 1172021 1176179 CVE-2019-19956 CVE-2019-20388 CVE-2020-24977 CVE-2020-7595 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2609-1 Released: Fri Sep 11 10:58:59 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1159928,1161517,1161521,1172021,1176179,CVE-2019-19956,CVE-2019-20388,CVE-2020-24977,CVE-2020-7595 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). - Fixed invalid xmlns references due to CVE-2019-19956 (bsc#1172021). From sle-updates at lists.suse.com Sat Sep 12 00:52:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Sep 2020 08:52:56 +0200 (CEST) Subject: SUSE-CU-2020:492-1: Security update of suse/sle15 Message-ID: <20200912065256.5DFA8FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:492-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.266 Container Release : 4.22.266 Severity : moderate Type : security References : 1176179 CVE-2020-24977 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). From sle-updates at lists.suse.com Sat Sep 12 01:03:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 12 Sep 2020 09:03:59 +0200 (CEST) Subject: SUSE-CU-2020:493-1: Security update of suse/sle15 Message-ID: <20200912070359.E2D6EFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:493-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.744 Container Release : 8.2.744 Severity : moderate Type : security References : 1176179 CVE-2020-24977 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). From sle-updates at lists.suse.com Sun Sep 13 01:00:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 13 Sep 2020 09:00:51 +0200 (CEST) Subject: SUSE-CU-2020:494-1: Security update of suse/sle15 Message-ID: <20200913070051.B28EBFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:494-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.305 Container Release : 6.2.305 Severity : moderate Type : security References : 1176179 CVE-2020-24977 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). From sle-updates at lists.suse.com Mon Sep 14 07:14:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2020 15:14:26 +0200 (CEST) Subject: SUSE-RU-2020:2616-1: Recommended update for python-argparse-manpage Message-ID: <20200914131426.D5F1AF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-argparse-manpage ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2616-1 Rating: low References: SLE-12826 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for python-argparse-manpage fixes the following issues: - Made the multiline text look better Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2616=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): python3-argparse-manpage-1.3-3.3.2 References: From sle-updates at lists.suse.com Mon Sep 14 07:15:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2020 15:15:14 +0200 (CEST) Subject: SUSE-RU-2020:2617-1: moderate: Recommended update for cloud-init Message-ID: <20200914131514.70CD7F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2617-1 Rating: moderate References: #1174443 #1174444 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-init contains the following fixes: - Update to version 20.2 (bsc#1174443, bsc#1174444) + Remove patches included upstream: - 0001-Make-tests-work-with-Python-3.8-139.patch - cloud-init-ostack-metadat-dencode.patch - cloud-init-use-different-random-src.diff - cloud-init-long-pass.patch - cloud-init-mix-static-dhcp.patch + Remove patches build switched to Python 3 for all distributions - cloud-init-python2-sigpipe.patch - cloud-init-template-py2.patch + Add - cloud-init-after-kvp.diff - cloud-init-recognize-hpc.patch + doc/format: reference make-mime.py instead of an inline script (#334) + Add docs about creating parent folders (#330) [Adrian Wilkins] + DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470) + schema: ignore spurious pylint error (#332) + schema: add json schema for write_files module (#152) + BSD: find_devs_with_ refactoring (#298) [Gon??ri Le Bouder] + nocloud: drop work around for Linux 2.6 (#324) [Gon??ri Le Bouder] + cloudinit: drop dependencies on unittest2 and contextlib2 (#322) + distros: handle a potential mirror filtering error case (#328) + log: remove unnecessary import fallback logic (#327) + .travis.yml: don't run integration test on ubuntu/* branches (#321) + More unit test documentation (#314) + conftest: introduce disable_subp_usage autouse fixture (#304) + YAML align indent sizes for docs readability (#323) [Tak Nishigori] + network_state: add missing space to log message (#325) + tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910) + test_mounts: expand happy path test for both happy paths (#319) + cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836) + swap file "size" being used before checked if str (#315) [Eduardo Otubo] + HACKING.rst: add pytest version gotchas section (#311) + docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers] + readme: OpenBSD is now supported (#309) [Gon??ri Le Bouder] + net: ignore 'renderer' key in netplan config (#306) (LP: #1870421) + Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370) + openbsd: set_passwd should not unlock user (#289) [Gon??ri Le Bouder] + tools/.github-cla-signers: add beezly as CLA signer (#301) + util: remove unnecessary lru_cache import fallback (#299) + HACKING.rst: reorganise/update CLA signature info (#297) + distros: drop leading/trailing hyphens from mirror URL labels (#296) + HACKING.rst: add note about variable annotations (#295) + CiTestCase: stop using and remove sys_exit helper (#283) + distros: replace invalid characters in mirror URLs with hyphens (#291) (LP: #1868232) + rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy] + Fix cloud-init ignoring some misdeclared mimetypes in user-data. [Kurt Garloff] + net: ubuntu focal prioritize netplan over eni even if both present (#267) (LP: #1867029) + cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292) + net/cmdline: replace type comments with annotations (#294) + HACKING.rst: add Type Annotations design section (#293) + net: introduce is_ip_address function (#288) + CiTestCase: remove now-unneeded parse_and_read helper method (#286) + .travis.yml: allow 30 minutes of inactivity in cloud tests (#287) + sources/tests/test_init: drop use of deprecated inspect.getargspec (#285) + setup.py: drop NIH check_output implementation (#282) + Identify SAP Converged Cloud as OpenStack [Silvio Knizek] + add Openbsd support (#147) [Gon??ri Le Bouder] + HACKING.rst: add examples of the two test class types (#278) + VMWware: support to update guest info gc status if enabled (#261) [xiaofengw-vmware] + Add lp-to-git mapping for kgarloff (#279) + set_passwords: avoid chpasswd on BSD (#268) [Gon??ri Le Bouder] + HACKING.rst: add Unit Testing design section (#277) + util: read_cc_from_cmdline handle urlencoded yaml content (#275) + distros/tests/test_init: add tests for _get_package_mirror_info (#272) + HACKING.rst: add links to new Code Review Process doc (#276) + freebsd: ensure package update works (#273) [Gon??ri Le Bouder] + doc: introduce Code Review Process documentation (#160) + tools: use python3 (#274) + cc_disk_setup: fix RuntimeError (#270) (LP: #1868327) + cc_apt_configure/util: combine search_for_mirror implementations (#271) + bsd: boottime does not depend on the libc soname (#269) [Gon??ri Le Bouder] + test_oracle,DataSourceOracle: sort imports (#266) + DataSourceOracle: update .network_config docstring (#257) + cloudinit/tests: remove unneeded with_logs configuration (#263) + .travis.yml: drop stale comment (#255) + .gitignore: add more common directories (#258) + ec2: render network on all NICs and add secondary IPs as static (#114) (LP: #1866930) + ec2 json validation: fix the reference to the 'merged_cfg' key (#256) [Paride Legovini] + releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini] + cloudinit: remove six from packaging/tooling (#253) + util/netbsd: drop six usage (#252) + workflows: introduce stale pull request workflow (#125) + cc_resolv_conf: introduce tests and stabilise output across Python versions (#251) + fix minor issue with resolv_conf template (#144) [andreaf74] + doc: CloudInit also support NetBSD (#250) [Gon??ri Le Bouder] + Add Netbsd support (#62) [Gon??ri Le Bouder] + tox.ini: avoid substition syntax that causes a traceback on xenial (#245) + Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby] + Introduce and use of a list of GitHub usernames that have signed CLA (#244) + workflows/cla.yml: use correct username for CLA check (#243) + tox.ini: use xenial version of jsonpatch in CI (#242) + workflows: CLA validation altered to fail status on pull_request (#164) + tox.ini: bump pyflakes version to 2.1.1 (#239) + cloudinit: move to pytest for running tests (#211) + instance-data: add cloud-init merged_cfg and sys_info keys to json (#214) (LP: #1865969) + ec2: Do not fallback to IMDSv1 on EC2 (#216) + instance-data: write redacted cfg to instance-data.json (#233) (LP: #1865947) + net: support network-config:disabled on the kernel commandline (#232) (LP: #1862702) + ec2: only redact token request headers in logs, avoid altering request (#230) (LP: #1865882) + docs: typo fixed: dta ??? data [Alexey Vazhnov] + Fixes typo on Amazon Web Services (#217) [Nick Wales] + Fix docs for OpenStack DMI Asset Tag (#228) [Mark T. Voelker] (LP: #1669875) + Add physical network type: cascading to openstack helpers (#200) [sab-systems] + tests: add focal integration tests for ubuntu (#225) - From 20.1 (first vesrion after 19.4) + ec2: Do not log IMDSv2 token values, instead use REDACTED (#219) (LP: #1863943) + utils: use SystemRandom when generating random password. (#204) [Dimitri John Ledkov] + docs: mount_default_files is a list of 6 items, not 7 (#212) + azurecloud: fix issues with instances not starting (#205) (LP: #1861921) + unittest: fix stderr leak in cc_set_password random unittest output. (#208) + cc_disk_setup: add swap filesystem force flag (#207) + import sysvinit patches from freebsd-ports tree (#161) [Igor Gali??] + docs: fix typo (#195) [Edwin Kofler] + sysconfig: distro-specific config rendering for BOOTPROTO option (#162) [Robert Schweikert] (LP: #1800854) + cloudinit: replace "from six import X" imports (except in util.py) (#183) + run-container: use 'test -n' instead of 'test ! -z' (#202) [Paride Legovini] + net/cmdline: correctly handle static ip= config (#201) [Dimitri John Ledkov] (LP: #1861412) + Replace mock library with unittest.mock (#186) + HACKING.rst: update CLA link (#199) + Scaleway: Fix DatasourceScaleway to avoid backtrace (#128) [Louis Bouchard] + cloudinit/cmd/devel/net_convert.py: add missing space (#191) + tools/run-container: drop support for python2 (#192) [Paride Legovini] + Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789) + Make the RPM build use Python 3 (#190) [Paride Legovini] + cc_set_password: increase random pwlength from 9 to 20 (#189) (LP: #1860795) + .travis.yml: use correct Python version for xenial tests (#185) + cloudinit: remove ImportError handling for mock imports (#182) + Do not use fallocate in swap file creation on xfs. (#70) [Eduardo Otubo] (LP: #1781781) + .readthedocs.yaml: install cloud-init when building docs (#181) (LP: #1860450) + Introduce an RTD config file, and pin the Sphinx version to the RTD default (#180) + Drop most of the remaining use of six (#179) + Start removing dependency on six (#178) + Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy] + docs: add proposed SRU testing procedure (#167) + util: rename get_architecture to get_dpkg_architecture (#173) + Ensure util.get_architecture() runs only once (#172) + Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann] + freebsd: remove superflu exception mapping (#166) [Gon??ri Le Bouder] + ssh_auth_key_fingerprints_disable test: fix capitalization (#165) [Paride Legovini] + util: move uptime's else branch into its own boottime function (#53) [Igor Gali??] (LP: #1853160) + workflows: add contributor license agreement checker (#155) + net: fix rendering of 'static6' in network config (#77) (LP: #1850988) + Make tests work with Python 3.8 (#139) [Conrad Hoffmann] + fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74] + freebsd: fix create_group() cmd (#146) [Gon??ri Le Bouder] + doc: make apt_update example consistent (#154) + doc: add modules page toc with links (#153) (LP: #1852456) + Add support for the amazon variant in cloud.cfg.tmpl (#119) [Frederick Lefebvre] + ci: remove Python 2.7 from CI runs (#137) + modules: drop cc_snap_config config module (#134) + migrate-lp-user-to-github: ensure Launchpad repo exists (#136) + docs: add initial troubleshooting to FAQ (#104) [Joshua Powers] + doc: update cc_set_hostname frequency and descrip (#109) [Joshua Powers] (LP: #1827021) + freebsd: introduce the freebsd renderer (#61) [Gon??ri Le Bouder] + cc_snappy: remove deprecated module (#127) + HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130) + freebsd: cloudinit service requires devd (#132) [Gon??ri Le Bouder] + cloud-init: fix capitalisation of SSH (#126) + doc: update cc_ssh clarify host and auth keys [Joshua Powers] (LP: #1827021) + ci: emit names of tests run in Travis (#120) - Disable testing to aid elimination of unittest2 in Factory Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-2617=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-5.33.1 cloud-init-config-suse-20.2-5.33.1 References: https://bugzilla.suse.com/1174443 https://bugzilla.suse.com/1174444 From sle-updates at lists.suse.com Mon Sep 14 10:14:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2020 18:14:35 +0200 (CEST) Subject: SUSE-SU-2020:2623-1: important: Security update for the Linux Kernel Message-ID: <20200914161435.C0243F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2623-1 Rating: important References: #1058115 #1071995 #1144333 #1154366 #1165629 #1171988 #1172428 #1172963 #1173798 #1173954 #1174205 #1174689 #1174699 #1174757 #1174784 #1174978 #1175112 #1175127 #1175213 #1175228 #1175515 #1175518 #1175691 #1175749 #1176069 Cross-References: CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 17 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - Revert "ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963)." This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b. - Revert "ocfs2: load global_inode_alloc (bsc#1172963)." This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47. - scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen: do not reschedule in preemption off sections (bsc#1175749). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2623=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.60.1 kernel-default-kgraft-devel-4.12.14-95.60.1 kgraft-patch-4_12_14-95_60-default-1-6.3.1 References: https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174784 https://bugzilla.suse.com/1174978 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Mon Sep 14 10:17:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2020 18:17:54 +0200 (CEST) Subject: SUSE-SU-2020:2623-1: important: Security update for the Linux Kernel Message-ID: <20200914161754.C304CF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2623-1 Rating: important References: #1058115 #1071995 #1144333 #1154366 #1165629 #1171988 #1172428 #1172963 #1173798 #1173954 #1174205 #1174689 #1174699 #1174757 #1174784 #1174978 #1175112 #1175127 #1175213 #1175228 #1175515 #1175518 #1175691 #1175749 #1176069 Cross-References: CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 17 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - Revert "ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963)." This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b. - Revert "ocfs2: load global_inode_alloc (bsc#1172963)." This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47. - scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen: do not reschedule in preemption off sections (bsc#1175749). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2623=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2623=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2623=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2623=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2623=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2623=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.60.1 kernel-default-base-4.12.14-95.60.1 kernel-default-base-debuginfo-4.12.14-95.60.1 kernel-default-debuginfo-4.12.14-95.60.1 kernel-default-debugsource-4.12.14-95.60.1 kernel-default-devel-4.12.14-95.60.1 kernel-default-devel-debuginfo-4.12.14-95.60.1 kernel-syms-4.12.14-95.60.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.60.1 kernel-macros-4.12.14-95.60.1 kernel-source-4.12.14-95.60.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.60.1 kernel-default-base-4.12.14-95.60.1 kernel-default-base-debuginfo-4.12.14-95.60.1 kernel-default-debuginfo-4.12.14-95.60.1 kernel-default-debugsource-4.12.14-95.60.1 kernel-default-devel-4.12.14-95.60.1 kernel-default-devel-debuginfo-4.12.14-95.60.1 kernel-syms-4.12.14-95.60.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.60.1 kernel-macros-4.12.14-95.60.1 kernel-source-4.12.14-95.60.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.60.1 kernel-default-base-4.12.14-95.60.1 kernel-default-base-debuginfo-4.12.14-95.60.1 kernel-default-debuginfo-4.12.14-95.60.1 kernel-default-debugsource-4.12.14-95.60.1 kernel-default-devel-4.12.14-95.60.1 kernel-syms-4.12.14-95.60.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.60.1 kernel-macros-4.12.14-95.60.1 kernel-source-4.12.14-95.60.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.60.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.60.1 kernel-default-base-4.12.14-95.60.1 kernel-default-base-debuginfo-4.12.14-95.60.1 kernel-default-debuginfo-4.12.14-95.60.1 kernel-default-debugsource-4.12.14-95.60.1 kernel-default-devel-4.12.14-95.60.1 kernel-syms-4.12.14-95.60.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.60.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.60.1 kernel-macros-4.12.14-95.60.1 kernel-source-4.12.14-95.60.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.60.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.60.1 kernel-default-kgraft-devel-4.12.14-95.60.1 kgraft-patch-4_12_14-95_60-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.60.1 cluster-md-kmp-default-debuginfo-4.12.14-95.60.1 dlm-kmp-default-4.12.14-95.60.1 dlm-kmp-default-debuginfo-4.12.14-95.60.1 gfs2-kmp-default-4.12.14-95.60.1 gfs2-kmp-default-debuginfo-4.12.14-95.60.1 kernel-default-debuginfo-4.12.14-95.60.1 kernel-default-debugsource-4.12.14-95.60.1 ocfs2-kmp-default-4.12.14-95.60.1 ocfs2-kmp-default-debuginfo-4.12.14-95.60.1 References: https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-14386.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174784 https://bugzilla.suse.com/1174978 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1176069 From sle-updates at lists.suse.com Mon Sep 14 10:21:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2020 18:21:06 +0200 (CEST) Subject: SUSE-RU-2020:2621-1: moderate: Recommended update for sssd Message-ID: <20200914162106.05CD9F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2621-1 Rating: moderate References: #1072728 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issues: - Fix segfault in sss_cache command. (bsc#1072728) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2621=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2621=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2621=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2621=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libipa_hbac0-1.16.1-4.26.1 libipa_hbac0-debuginfo-1.16.1-4.26.1 libsss_certmap0-1.16.1-4.26.1 libsss_certmap0-debuginfo-1.16.1-4.26.1 libsss_idmap0-1.16.1-4.26.1 libsss_idmap0-debuginfo-1.16.1-4.26.1 libsss_nss_idmap0-1.16.1-4.26.1 libsss_nss_idmap0-debuginfo-1.16.1-4.26.1 libsss_simpleifp0-1.16.1-4.26.1 libsss_simpleifp0-debuginfo-1.16.1-4.26.1 python-sssd-config-1.16.1-4.26.1 python-sssd-config-debuginfo-1.16.1-4.26.1 sssd-1.16.1-4.26.1 sssd-32bit-1.16.1-4.26.1 sssd-ad-1.16.1-4.26.1 sssd-ad-debuginfo-1.16.1-4.26.1 sssd-debuginfo-1.16.1-4.26.1 sssd-debuginfo-32bit-1.16.1-4.26.1 sssd-debugsource-1.16.1-4.26.1 sssd-ipa-1.16.1-4.26.1 sssd-ipa-debuginfo-1.16.1-4.26.1 sssd-krb5-1.16.1-4.26.1 sssd-krb5-common-1.16.1-4.26.1 sssd-krb5-common-debuginfo-1.16.1-4.26.1 sssd-krb5-debuginfo-1.16.1-4.26.1 sssd-ldap-1.16.1-4.26.1 sssd-ldap-debuginfo-1.16.1-4.26.1 sssd-proxy-1.16.1-4.26.1 sssd-proxy-debuginfo-1.16.1-4.26.1 sssd-tools-1.16.1-4.26.1 sssd-tools-debuginfo-1.16.1-4.26.1 - SUSE OpenStack Cloud 9 (x86_64): libipa_hbac0-1.16.1-4.26.1 libipa_hbac0-debuginfo-1.16.1-4.26.1 libsss_certmap0-1.16.1-4.26.1 libsss_certmap0-debuginfo-1.16.1-4.26.1 libsss_idmap0-1.16.1-4.26.1 libsss_idmap0-debuginfo-1.16.1-4.26.1 libsss_nss_idmap0-1.16.1-4.26.1 libsss_nss_idmap0-debuginfo-1.16.1-4.26.1 libsss_simpleifp0-1.16.1-4.26.1 libsss_simpleifp0-debuginfo-1.16.1-4.26.1 python-sssd-config-1.16.1-4.26.1 python-sssd-config-debuginfo-1.16.1-4.26.1 sssd-1.16.1-4.26.1 sssd-32bit-1.16.1-4.26.1 sssd-ad-1.16.1-4.26.1 sssd-ad-debuginfo-1.16.1-4.26.1 sssd-debuginfo-1.16.1-4.26.1 sssd-debuginfo-32bit-1.16.1-4.26.1 sssd-debugsource-1.16.1-4.26.1 sssd-ipa-1.16.1-4.26.1 sssd-ipa-debuginfo-1.16.1-4.26.1 sssd-krb5-1.16.1-4.26.1 sssd-krb5-common-1.16.1-4.26.1 sssd-krb5-common-debuginfo-1.16.1-4.26.1 sssd-krb5-debuginfo-1.16.1-4.26.1 sssd-ldap-1.16.1-4.26.1 sssd-ldap-debuginfo-1.16.1-4.26.1 sssd-proxy-1.16.1-4.26.1 sssd-proxy-debuginfo-1.16.1-4.26.1 sssd-tools-1.16.1-4.26.1 sssd-tools-debuginfo-1.16.1-4.26.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libipa_hbac0-1.16.1-4.26.1 libipa_hbac0-debuginfo-1.16.1-4.26.1 libsss_certmap0-1.16.1-4.26.1 libsss_certmap0-debuginfo-1.16.1-4.26.1 libsss_idmap0-1.16.1-4.26.1 libsss_idmap0-debuginfo-1.16.1-4.26.1 libsss_nss_idmap0-1.16.1-4.26.1 libsss_nss_idmap0-debuginfo-1.16.1-4.26.1 libsss_simpleifp0-1.16.1-4.26.1 libsss_simpleifp0-debuginfo-1.16.1-4.26.1 python-sssd-config-1.16.1-4.26.1 python-sssd-config-debuginfo-1.16.1-4.26.1 sssd-1.16.1-4.26.1 sssd-ad-1.16.1-4.26.1 sssd-ad-debuginfo-1.16.1-4.26.1 sssd-debuginfo-1.16.1-4.26.1 sssd-debugsource-1.16.1-4.26.1 sssd-ipa-1.16.1-4.26.1 sssd-ipa-debuginfo-1.16.1-4.26.1 sssd-krb5-1.16.1-4.26.1 sssd-krb5-common-1.16.1-4.26.1 sssd-krb5-common-debuginfo-1.16.1-4.26.1 sssd-krb5-debuginfo-1.16.1-4.26.1 sssd-ldap-1.16.1-4.26.1 sssd-ldap-debuginfo-1.16.1-4.26.1 sssd-proxy-1.16.1-4.26.1 sssd-proxy-debuginfo-1.16.1-4.26.1 sssd-tools-1.16.1-4.26.1 sssd-tools-debuginfo-1.16.1-4.26.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): sssd-32bit-1.16.1-4.26.1 sssd-debuginfo-32bit-1.16.1-4.26.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-4.26.1 libipa_hbac0-debuginfo-1.16.1-4.26.1 libsss_certmap0-1.16.1-4.26.1 libsss_certmap0-debuginfo-1.16.1-4.26.1 libsss_idmap0-1.16.1-4.26.1 libsss_idmap0-debuginfo-1.16.1-4.26.1 libsss_nss_idmap0-1.16.1-4.26.1 libsss_nss_idmap0-debuginfo-1.16.1-4.26.1 libsss_simpleifp0-1.16.1-4.26.1 libsss_simpleifp0-debuginfo-1.16.1-4.26.1 python-sssd-config-1.16.1-4.26.1 python-sssd-config-debuginfo-1.16.1-4.26.1 sssd-1.16.1-4.26.1 sssd-ad-1.16.1-4.26.1 sssd-ad-debuginfo-1.16.1-4.26.1 sssd-debuginfo-1.16.1-4.26.1 sssd-debugsource-1.16.1-4.26.1 sssd-ipa-1.16.1-4.26.1 sssd-ipa-debuginfo-1.16.1-4.26.1 sssd-krb5-1.16.1-4.26.1 sssd-krb5-common-1.16.1-4.26.1 sssd-krb5-common-debuginfo-1.16.1-4.26.1 sssd-krb5-debuginfo-1.16.1-4.26.1 sssd-ldap-1.16.1-4.26.1 sssd-ldap-debuginfo-1.16.1-4.26.1 sssd-proxy-1.16.1-4.26.1 sssd-proxy-debuginfo-1.16.1-4.26.1 sssd-tools-1.16.1-4.26.1 sssd-tools-debuginfo-1.16.1-4.26.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): sssd-32bit-1.16.1-4.26.1 sssd-debuginfo-32bit-1.16.1-4.26.1 References: https://bugzilla.suse.com/1072728 From sle-updates at lists.suse.com Mon Sep 14 10:21:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2020 18:21:58 +0200 (CEST) Subject: SUSE-OU-2020:2620-1: moderate: Optional update for bdftopcf Message-ID: <20200914162158.7F539F794@maintenance.suse.de> SUSE Optional Update: Optional update for bdftopcf ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2620-1 Rating: moderate References: ECO-2416 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update for bdftopcf provides the following fix: - Provide the missing package bdftopcf. (jsc#ECO-2416) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2620=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 i586 ppc64le s390 s390x x86_64): bdftopcf-1.0.4-7.2.2 bdftopcf-debuginfo-1.0.4-7.2.2 bdftopcf-debugsource-1.0.4-7.2.2 References: From sle-updates at lists.suse.com Mon Sep 14 13:14:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2020 21:14:20 +0200 (CEST) Subject: SUSE-SU-2020:2629-1: moderate: Security update for shim Message-ID: <20200914191420.B424DF794@maintenance.suse.de> SUSE Security Update: Security update for shim ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2629-1 Rating: moderate References: #1113225 #1121268 #1153953 #1168104 #1168994 #1173411 #1174320 #1175626 #1175656 Cross-References: CVE-2020-10713 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: This update for shim fixes the following issues: This update addresses the "BootHole" security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Changes: Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994) + Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin + Add vendor-dbx.bin as the vendor dbx to block unwanted keys - Update the path to grub-tpm.efi in shim-install (bsc#1174320) - Only check EFI variable copying when Secure Boot is enabled (bsc#1173411) - Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd (bsc#1168104) - shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. (bsc#1153953) - shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2629=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2629=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): shim-15+git47-3.8.1 shim-debuginfo-15+git47-3.8.1 shim-debugsource-15+git47-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): shim-15+git47-3.8.1 shim-debuginfo-15+git47-3.8.1 shim-debugsource-15+git47-3.8.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://bugzilla.suse.com/1113225 https://bugzilla.suse.com/1121268 https://bugzilla.suse.com/1153953 https://bugzilla.suse.com/1168104 https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173411 https://bugzilla.suse.com/1174320 https://bugzilla.suse.com/1175626 https://bugzilla.suse.com/1175656 From sle-updates at lists.suse.com Mon Sep 14 13:15:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2020 21:15:59 +0200 (CEST) Subject: SUSE-SU-2020:2628-1: moderate: Security update for shim Message-ID: <20200914191559.68501F794@maintenance.suse.de> SUSE Security Update: Security update for shim ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2628-1 Rating: moderate References: #1168994 #1175626 #1175656 Cross-References: CVE-2020-10713 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for shim fixes the following issues: - Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the "BootHole" security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Additional fixes: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2628=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2628=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2628=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2628=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): shim-15+git47-22.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): shim-15+git47-22.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): shim-15+git47-22.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): shim-15+git47-22.8.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1175626 https://bugzilla.suse.com/1175656 From sle-updates at lists.suse.com Mon Sep 14 13:17:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2020 21:17:50 +0200 (CEST) Subject: SUSE-RU-2020:2625-1: moderate: Recommended update for sssd Message-ID: <20200914191750.EFDA5F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2625-1 Rating: moderate References: #1072728 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issue: - Fix segfault in sss_cache command. (bsc#1072728) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2625=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2625=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-7.8.1 libsss_idmap-devel-1.16.1-7.8.1 libsss_nss_idmap-devel-1.16.1-7.8.1 sssd-debuginfo-1.16.1-7.8.1 sssd-debugsource-1.16.1-7.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-7.8.1 libipa_hbac0-debuginfo-1.16.1-7.8.1 libsss_certmap0-1.16.1-7.8.1 libsss_certmap0-debuginfo-1.16.1-7.8.1 libsss_idmap0-1.16.1-7.8.1 libsss_idmap0-debuginfo-1.16.1-7.8.1 libsss_nss_idmap0-1.16.1-7.8.1 libsss_nss_idmap0-debuginfo-1.16.1-7.8.1 libsss_simpleifp0-1.16.1-7.8.1 libsss_simpleifp0-debuginfo-1.16.1-7.8.1 python-sssd-config-1.16.1-7.8.1 python-sssd-config-debuginfo-1.16.1-7.8.1 sssd-1.16.1-7.8.1 sssd-ad-1.16.1-7.8.1 sssd-ad-debuginfo-1.16.1-7.8.1 sssd-debuginfo-1.16.1-7.8.1 sssd-debugsource-1.16.1-7.8.1 sssd-ipa-1.16.1-7.8.1 sssd-ipa-debuginfo-1.16.1-7.8.1 sssd-krb5-1.16.1-7.8.1 sssd-krb5-common-1.16.1-7.8.1 sssd-krb5-common-debuginfo-1.16.1-7.8.1 sssd-krb5-debuginfo-1.16.1-7.8.1 sssd-ldap-1.16.1-7.8.1 sssd-ldap-debuginfo-1.16.1-7.8.1 sssd-proxy-1.16.1-7.8.1 sssd-proxy-debuginfo-1.16.1-7.8.1 sssd-tools-1.16.1-7.8.1 sssd-tools-debuginfo-1.16.1-7.8.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): sssd-32bit-1.16.1-7.8.1 sssd-debuginfo-32bit-1.16.1-7.8.1 References: https://bugzilla.suse.com/1072728 From sle-updates at lists.suse.com Mon Sep 14 13:18:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2020 21:18:44 +0200 (CEST) Subject: SUSE-SU-2020:2626-1: moderate: Security update for shim Message-ID: <20200914191844.44875F794@maintenance.suse.de> SUSE Security Update: Security update for shim ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2626-1 Rating: moderate References: #1168994 #1175626 #1175656 Cross-References: CVE-2020-10713 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for shim fixes the following issues: - Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the "BootHole" security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Additional fixes: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2626=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2626=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2626=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): shim-15+git47-7.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): shim-15+git47-7.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): shim-15+git47-7.15.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1175626 https://bugzilla.suse.com/1175656 From sle-updates at lists.suse.com Mon Sep 14 13:19:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 14 Sep 2020 21:19:51 +0200 (CEST) Subject: SUSE-SU-2020:2627-1: moderate: Security update for shim Message-ID: <20200914191951.7C3D3F794@maintenance.suse.de> SUSE Security Update: Security update for shim ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2627-1 Rating: moderate References: #1168994 #1175626 #1175656 Cross-References: CVE-2020-10713 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for shim fixes the following issues: - Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the "BootHole" security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Additional fixes: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2627=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2627=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2627=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2627=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2627=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2627=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2627=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2627=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2627=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2627=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2627=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2627=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): shim-15+git47-25.11.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): shim-15+git47-25.11.1 - SUSE OpenStack Cloud 9 (x86_64): shim-15+git47-25.11.1 - SUSE OpenStack Cloud 8 (x86_64): shim-15+git47-25.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): shim-15+git47-25.11.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): shim-15+git47-25.11.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): shim-15+git47-25.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): shim-15+git47-25.11.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): shim-15+git47-25.11.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): shim-15+git47-25.11.1 - SUSE Enterprise Storage 5 (x86_64): shim-15+git47-25.11.1 - HPE Helion Openstack 8 (x86_64): shim-15+git47-25.11.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1175626 https://bugzilla.suse.com/1175656 From sle-updates at lists.suse.com Mon Sep 14 16:15:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2020 00:15:26 +0200 (CEST) Subject: SUSE-SU-2020:14489-1: moderate: Security update for MozillaFirefox Message-ID: <20200914221526.431DDFCEB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14489-1 Rating: moderate References: #1174284 #1175686 Cross-References: CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14489=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14489=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-78.2.0-78.90.2 MozillaFirefox-translations-common-78.2.0-78.90.2 MozillaFirefox-translations-other-78.2.0-78.90.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-78.2.0-78.90.2 References: https://www.suse.com/security/cve/CVE-2020-15663.html https://www.suse.com/security/cve/CVE-2020-15664.html https://www.suse.com/security/cve/CVE-2020-15670.html https://bugzilla.suse.com/1174284 https://bugzilla.suse.com/1175686 From sle-updates at lists.suse.com Mon Sep 14 16:16:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2020 00:16:26 +0200 (CEST) Subject: SUSE-SU-2020:2631-1: important: Security update for the Linux Kernel Message-ID: <20200914221626.E2C57FCEB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2631-1 Rating: important References: #1065729 #1071995 #1074701 #1083548 #1085030 #1085235 #1085308 #1087078 #1100394 #1102640 #1105412 #1111666 #1112178 #1113956 #1120163 #1133021 #1144333 #1169790 #1171688 #1172108 #1172247 #1172418 #1172428 #1172781 #1172782 #1172783 #1172871 #1172872 #1172963 #1173485 #1173798 #1173954 #1174003 #1174026 #1174070 #1174161 #1174205 #1174247 #1174298 #1174299 #1174387 #1174484 #1174547 #1174549 #1174550 #1174625 #1174658 #1174685 #1174689 #1174699 #1174734 #1174757 #1174771 #1174840 #1174841 #1174843 #1174844 #1174845 #1174852 #1174873 #1174887 #1174904 #1174926 #1174968 #1175062 #1175063 #1175064 #1175065 #1175066 #1175067 #1175112 #1175127 #1175128 #1175149 #1175199 #1175213 #1175228 #1175232 #1175284 #1175393 #1175394 #1175396 #1175397 #1175398 #1175399 #1175400 #1175401 #1175402 #1175403 #1175404 #1175405 #1175406 #1175407 #1175408 #1175409 #1175410 #1175411 #1175412 #1175413 #1175414 #1175415 #1175416 #1175417 #1175418 #1175419 #1175420 #1175421 #1175422 #1175423 #1175440 #1175493 #1175515 #1175518 #1175526 #1175550 #1175654 #1175666 #1175668 #1175669 #1175670 #1175767 #1175768 #1175769 #1175770 #1175771 #1175772 #1175786 #1175873 #1175992 Cross-References: CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-16166 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 124 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). The following non-security bugs were fixed: - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) - drm/debugfs: fix plain echo to connector "force" attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. (bsc#1112178) - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: remove unused struct member (bsc#1174550). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI: genetlink: remove genl_bind (kabi). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - kvm: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - net/xfrm: fix compress vs decompress serialization (bsc#1174298) - net/xfrm/input: Protect queue with lock (bsc#1174299) - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - NTB: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - NTB: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix "try" semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging/speakup: fix get_word non-space look-ahead (git-fixes). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-2631=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): cluster-md-kmp-rt-4.12.14-14.31.1 cluster-md-kmp-rt-debuginfo-4.12.14-14.31.1 dlm-kmp-rt-4.12.14-14.31.1 dlm-kmp-rt-debuginfo-4.12.14-14.31.1 gfs2-kmp-rt-4.12.14-14.31.1 gfs2-kmp-rt-debuginfo-4.12.14-14.31.1 kernel-rt-4.12.14-14.31.1 kernel-rt-base-4.12.14-14.31.1 kernel-rt-base-debuginfo-4.12.14-14.31.1 kernel-rt-debuginfo-4.12.14-14.31.1 kernel-rt-debugsource-4.12.14-14.31.1 kernel-rt-devel-4.12.14-14.31.1 kernel-rt-devel-debuginfo-4.12.14-14.31.1 kernel-rt_debug-debuginfo-4.12.14-14.31.1 kernel-rt_debug-debugsource-4.12.14-14.31.1 kernel-rt_debug-devel-4.12.14-14.31.1 kernel-rt_debug-devel-debuginfo-4.12.14-14.31.1 kernel-syms-rt-4.12.14-14.31.1 ocfs2-kmp-rt-4.12.14-14.31.1 ocfs2-kmp-rt-debuginfo-4.12.14-14.31.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (noarch): kernel-devel-rt-4.12.14-14.31.1 kernel-source-rt-4.12.14-14.31.1 References: https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085235 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1087078 https://bugzilla.suse.com/1100394 https://bugzilla.suse.com/1102640 https://bugzilla.suse.com/1105412 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174070 https://bugzilla.suse.com/1174161 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174247 https://bugzilla.suse.com/1174298 https://bugzilla.suse.com/1174299 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174547 https://bugzilla.suse.com/1174549 https://bugzilla.suse.com/1174550 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174658 https://bugzilla.suse.com/1174685 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174734 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174840 https://bugzilla.suse.com/1174841 https://bugzilla.suse.com/1174843 https://bugzilla.suse.com/1174844 https://bugzilla.suse.com/1174845 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174873 https://bugzilla.suse.com/1174887 https://bugzilla.suse.com/1174904 https://bugzilla.suse.com/1174926 https://bugzilla.suse.com/1174968 https://bugzilla.suse.com/1175062 https://bugzilla.suse.com/1175063 https://bugzilla.suse.com/1175064 https://bugzilla.suse.com/1175065 https://bugzilla.suse.com/1175066 https://bugzilla.suse.com/1175067 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175393 https://bugzilla.suse.com/1175394 https://bugzilla.suse.com/1175396 https://bugzilla.suse.com/1175397 https://bugzilla.suse.com/1175398 https://bugzilla.suse.com/1175399 https://bugzilla.suse.com/1175400 https://bugzilla.suse.com/1175401 https://bugzilla.suse.com/1175402 https://bugzilla.suse.com/1175403 https://bugzilla.suse.com/1175404 https://bugzilla.suse.com/1175405 https://bugzilla.suse.com/1175406 https://bugzilla.suse.com/1175407 https://bugzilla.suse.com/1175408 https://bugzilla.suse.com/1175409 https://bugzilla.suse.com/1175410 https://bugzilla.suse.com/1175411 https://bugzilla.suse.com/1175412 https://bugzilla.suse.com/1175413 https://bugzilla.suse.com/1175414 https://bugzilla.suse.com/1175415 https://bugzilla.suse.com/1175416 https://bugzilla.suse.com/1175417 https://bugzilla.suse.com/1175418 https://bugzilla.suse.com/1175419 https://bugzilla.suse.com/1175420 https://bugzilla.suse.com/1175421 https://bugzilla.suse.com/1175422 https://bugzilla.suse.com/1175423 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175526 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175666 https://bugzilla.suse.com/1175668 https://bugzilla.suse.com/1175669 https://bugzilla.suse.com/1175670 https://bugzilla.suse.com/1175767 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175786 https://bugzilla.suse.com/1175873 https://bugzilla.suse.com/1175992 From sle-updates at lists.suse.com Mon Sep 14 16:30:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2020 00:30:37 +0200 (CEST) Subject: SUSE-RU-2020:2630-1: moderate: Recommended update for biosdevname Message-ID: <20200914223037.ACF0CF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for biosdevname ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2630-1 Rating: moderate References: #1174491 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for biosdevname fixes the following issues: - Read DMI info rom sysfs. (bsc#1174491) A kernel with Secure Boot lockdown may prohibit reading the contents of /dev/mem, hence biosdevname fails. The recent kernel provides the DMI byte contents in /sys/firmware/dmi/tables/*. - Add buffer read helper using read explicitly. mmap can't work well with a sysfs file and it's required to read the contents explicitly via read, even if USE_MMAP is enabled. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2630=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2630=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): biosdevname-0.7.3-5.3.1 biosdevname-debuginfo-0.7.3-5.3.1 biosdevname-debugsource-0.7.3-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): biosdevname-0.7.3-5.3.1 biosdevname-debuginfo-0.7.3-5.3.1 biosdevname-debugsource-0.7.3-5.3.1 References: https://bugzilla.suse.com/1174491 From sle-updates at lists.suse.com Tue Sep 15 07:14:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2020 15:14:20 +0200 (CEST) Subject: SUSE-SU-2020:2634-1: important: Security update for compat-openssl098 Message-ID: <20200915131420.05C86F794@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2634-1 Rating: important References: #1153785 #1176331 Cross-References: CVE-2019-1563 CVE-2020-1968 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for compat-openssl098 fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-2634=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2634=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2634=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2634=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2020-2634=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (x86_64): compat-openssl098-debugsource-0.9.8j-106.21.1 libopenssl0_9_8-0.9.8j-106.21.1 libopenssl0_9_8-debuginfo-0.9.8j-106.21.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.21.1 libopenssl0_9_8-0.9.8j-106.21.1 libopenssl0_9_8-debuginfo-0.9.8j-106.21.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): compat-openssl098-debugsource-0.9.8j-106.21.1 libopenssl0_9_8-0.9.8j-106.21.1 libopenssl0_9_8-debuginfo-0.9.8j-106.21.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): compat-openssl098-debugsource-0.9.8j-106.21.1 libopenssl0_9_8-0.9.8j-106.21.1 libopenssl0_9_8-debuginfo-0.9.8j-106.21.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-106.21.1 libopenssl0_9_8-0.9.8j-106.21.1 libopenssl0_9_8-32bit-0.9.8j-106.21.1 libopenssl0_9_8-debuginfo-0.9.8j-106.21.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.21.1 References: https://www.suse.com/security/cve/CVE-2019-1563.html https://www.suse.com/security/cve/CVE-2020-1968.html https://bugzilla.suse.com/1153785 https://bugzilla.suse.com/1176331 From sle-updates at lists.suse.com Tue Sep 15 07:15:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2020 15:15:17 +0200 (CEST) Subject: SUSE-SU-2020:14490-1: moderate: Security update for shim Message-ID: <20200915131517.5FDEAF794@maintenance.suse.de> SUSE Security Update: Security update for shim ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14490-1 Rating: moderate References: #1168994 #1175626 #1175656 Cross-References: CVE-2020-10713 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for shim fixes the following issues: Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the "BootHole" security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from or after July / August 2020 are applied. Also fixed: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-shim-14490=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): shim-15+git47-12.5.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1175626 https://bugzilla.suse.com/1175656 From sle-updates at lists.suse.com Tue Sep 15 07:16:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2020 15:16:26 +0200 (CEST) Subject: SUSE-SU-2020:14491-1: important: Security update for openssl Message-ID: <20200915131626.253D6F794@maintenance.suse.de> SUSE Security Update: Security update for openssl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14491-1 Rating: important References: #1176331 Cross-References: CVE-2020-1968 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssl-14491=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-14491=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssl-14491=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openssl-14491=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.106.34.1 libopenssl0_9_8-hmac-0.9.8j-0.106.34.1 openssl-0.9.8j-0.106.34.1 openssl-doc-0.9.8j-0.106.34.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.106.34.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.34.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libopenssl-devel-0.9.8j-0.106.34.1 libopenssl0_9_8-0.9.8j-0.106.34.1 libopenssl0_9_8-hmac-0.9.8j-0.106.34.1 openssl-0.9.8j-0.106.34.1 openssl-doc-0.9.8j-0.106.34.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.34.1 openssl-debugsource-0.9.8j-0.106.34.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openssl-debuginfo-0.9.8j-0.106.34.1 openssl-debugsource-0.9.8j-0.106.34.1 References: https://www.suse.com/security/cve/CVE-2020-1968.html https://bugzilla.suse.com/1176331 From sle-updates at lists.suse.com Tue Sep 15 13:14:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2020 21:14:14 +0200 (CEST) Subject: SUSE-RU-2020:2639-1: moderate: Recommended update for realmd Message-ID: <20200915191414.C1099F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for realmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2639-1 Rating: moderate References: #1175616 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for realmd fixes the following issue: - Fix pam misconfiguration. (bsc#1175616) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2639=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): realmd-0.16.3-3.3.1 realmd-debuginfo-0.16.3-3.3.1 realmd-debugsource-0.16.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): realmd-lang-0.16.3-3.3.1 References: https://bugzilla.suse.com/1175616 From sle-updates at lists.suse.com Tue Sep 15 13:15:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2020 21:15:06 +0200 (CEST) Subject: SUSE-RU-2020:2640-1: moderate: Recommended update for skelcd-control-leanos Message-ID: <20200915191506.743A4F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for skelcd-control-leanos ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2640-1 Rating: moderate References: SLE-16203 Affected Products: SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for skelcd-control-leanos fixes the following issues: - Add SUSE Linux Enterprise Real Time 15 SP2 base product. (jsc#SLE-16203) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2020-2640=1 Package List: - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): skelcd-control-leanos-15.2.13-3.6.1 References: From sle-updates at lists.suse.com Tue Sep 15 13:15:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 15 Sep 2020 21:15:55 +0200 (CEST) Subject: SUSE-RU-2020:2638-1: moderate: Recommended update for cryptsetup Message-ID: <20200915191555.38785F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for cryptsetup ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2638-1 Rating: moderate References: #1165580 SLE-5911 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2638=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2638=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cryptsetup-2.0.6-4.3.1 cryptsetup-debuginfo-2.0.6-4.3.1 cryptsetup-debugsource-2.0.6-4.3.1 libcryptsetup-devel-2.0.6-4.3.1 libcryptsetup12-2.0.6-4.3.1 libcryptsetup12-debuginfo-2.0.6-4.3.1 libcryptsetup12-hmac-2.0.6-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcryptsetup12-32bit-2.0.6-4.3.1 libcryptsetup12-32bit-debuginfo-2.0.6-4.3.1 libcryptsetup12-hmac-32bit-2.0.6-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cryptsetup-2.0.6-4.3.1 cryptsetup-debuginfo-2.0.6-4.3.1 cryptsetup-debugsource-2.0.6-4.3.1 libcryptsetup-devel-2.0.6-4.3.1 libcryptsetup12-2.0.6-4.3.1 libcryptsetup12-debuginfo-2.0.6-4.3.1 libcryptsetup12-hmac-2.0.6-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcryptsetup12-32bit-2.0.6-4.3.1 libcryptsetup12-32bit-debuginfo-2.0.6-4.3.1 libcryptsetup12-hmac-32bit-2.0.6-4.3.1 References: https://bugzilla.suse.com/1165580 From sle-updates at lists.suse.com Wed Sep 16 07:14:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 15:14:40 +0200 (CEST) Subject: SUSE-SU-2020:14493-1: important: Security update for perl-DBI Message-ID: <20200916131440.E1DA1FCEB@maintenance.suse.de> SUSE Security Update: Security update for perl-DBI ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14493-1 Rating: important References: #1176409 #1176412 Cross-References: CVE-2020-14392 CVE-2020-14393 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-perl-DBI-14493=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-perl-DBI-14493=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-perl-DBI-14493=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-perl-DBI-14493=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): perl-DBI-1.607-3.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): perl-DBI-1.607-3.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): perl-DBI-debuginfo-1.607-3.3.1 perl-DBI-debugsource-1.607-3.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): perl-DBI-debuginfo-1.607-3.3.1 perl-DBI-debugsource-1.607-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-14392.html https://www.suse.com/security/cve/CVE-2020-14393.html https://bugzilla.suse.com/1176409 https://bugzilla.suse.com/1176412 From sle-updates at lists.suse.com Wed Sep 16 07:15:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 15:15:35 +0200 (CEST) Subject: SUSE-RU-2020:2642-1: important: Recommended update for crmsh Message-ID: <20200916131535.13A28FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2642-1 Rating: important References: #1175057 #1176178 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fixes an issue by 'ssh_merge' function for compatibility. (bsc#1175057) - Adjust sbd config process to fix bug on sbd stage. (bsc#1175057) - Fixes an issue when parallax shows an error by joining a node. (bsc#1176178) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2642=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2642=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.0+git.1599639106.b8652332-2.38.1 crmsh-scripts-4.1.0+git.1599639106.b8652332-2.38.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.0+git.1599639106.b8652332-2.38.1 crmsh-scripts-4.1.0+git.1599639106.b8652332-2.38.1 References: https://bugzilla.suse.com/1175057 https://bugzilla.suse.com/1176178 From sle-updates at lists.suse.com Wed Sep 16 07:16:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 15:16:27 +0200 (CEST) Subject: SUSE-RU-2020:2641-1: important: Recommended update for crmsh Message-ID: <20200916131627.9CD41FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2641-1 Rating: important References: #1169581 #1170037 #1170426 #1170999 #1174517 #1175057 #1176178 ECO-2035 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has 7 recommended fixes and contains one feature can now be installed. Description: This update for crmsh fixes the following issues: - Fix for collecting of binary data to avoid CRC error in report. (bsc#1166962) - Implement ssh key configuration improvement to avoid security issues. (bsc#1169581, ECO-2035) - Fix for using class 'SBDManager' for sbd configuration and management. (bsc#1170037, bsc#1170999) - Fix for 'yaml' loader warning for 'HAWK2'. (bsc#1170426) - Implement using class 'SBDManager' for sbd configuration and management. (bsc#1170037, bsc#1170999) - Fixes an issue by 'ssh_merge' function for compatibility. (bsc#1175057, bsc#1174517) - Adjust sbd config process to fix bug on sbd stage. (bsc#1175057) - Fixes an issue when parallax shows an error by joining a node. (bsc#1176178) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-2641=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): crmsh-3.0.4+git.1599639121.8450fe43-13.44.1 crmsh-scripts-3.0.4+git.1599639121.8450fe43-13.44.1 References: https://bugzilla.suse.com/1169581 https://bugzilla.suse.com/1170037 https://bugzilla.suse.com/1170426 https://bugzilla.suse.com/1170999 https://bugzilla.suse.com/1174517 https://bugzilla.suse.com/1175057 https://bugzilla.suse.com/1176178 From sle-updates at lists.suse.com Wed Sep 16 07:17:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 15:17:51 +0200 (CEST) Subject: SUSE-SU-2020:2645-1: important: Security update for perl-DBI Message-ID: <20200916131751.2E7EFFCEB@maintenance.suse.de> SUSE Security Update: Security update for perl-DBI ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2645-1 Rating: important References: #1176409 #1176412 Cross-References: CVE-2020-14392 CVE-2020-14393 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2645=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2645=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2645=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2645=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2645=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): perl-DBI-1.639-3.8.1 perl-DBI-debuginfo-1.639-3.8.1 perl-DBI-debugsource-1.639-3.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): perl-DBI-1.639-3.8.1 perl-DBI-debuginfo-1.639-3.8.1 perl-DBI-debugsource-1.639-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): perl-DBI-1.639-3.8.1 perl-DBI-debuginfo-1.639-3.8.1 perl-DBI-debugsource-1.639-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): perl-DBI-1.639-3.8.1 perl-DBI-debuginfo-1.639-3.8.1 perl-DBI-debugsource-1.639-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): perl-DBI-1.639-3.8.1 perl-DBI-debuginfo-1.639-3.8.1 perl-DBI-debugsource-1.639-3.8.1 References: https://www.suse.com/security/cve/CVE-2020-14392.html https://www.suse.com/security/cve/CVE-2020-14393.html https://bugzilla.suse.com/1176409 https://bugzilla.suse.com/1176412 From sle-updates at lists.suse.com Wed Sep 16 07:18:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 15:18:43 +0200 (CEST) Subject: SUSE-RU-2020:2643-1: moderate: Recommended update for netcdf-fortran Message-ID: <20200916131843.D353EFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for netcdf-fortran ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2643-1 Rating: moderate References: #1173598 #1174177 #1174291 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for netcdf-fortran fixes the following issues: - The convention is to use the module name 'pnetcdf' for Parallel-NetCDF (called PnetCDF now). - Fix ldconfig args for HPC packages: no caching should be done as the libs are made available via LD_LIBRARY_PATH. - Add serial HPC build flavor. (bsc#1174177) - For loading serial module, run 'module load netcdf-fortran' for an MPI variant use 'module load pnetcdf-fortran'. - Gfortran from gcc-10 requires -std=legacy to build the Fortran code in netcdf-fortran. (bsc#1173598) This update for netcdf fixes the following issues: - Make environment module name conform standards: NetCDF modules should be called 'netcdf' - regardless whether they are 'serial' or use MPI. (bsc#1174291) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2020-2643=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): libnetcdf-fortran-gnu-mpich-hpc-4.4.4-9.6.1 libnetcdf-fortran-gnu-openmpi2-hpc-4.4.4-9.6.1 libnetcdf-fortran_4_4_4-gnu-mpich-hpc-4.4.4-9.6.1 libnetcdf-fortran_4_4_4-gnu-mpich-hpc-debuginfo-4.4.4-9.6.1 libnetcdf-fortran_4_4_4-gnu-openmpi2-hpc-4.4.4-9.6.1 libnetcdf-fortran_4_4_4-gnu-openmpi2-hpc-debuginfo-4.4.4-9.6.1 netcdf-fortran_4_4_4-gnu-mpich-hpc-4.4.4-9.6.1 netcdf-fortran_4_4_4-gnu-mpich-hpc-debugsource-4.4.4-9.6.1 netcdf-fortran_4_4_4-gnu-mpich-hpc-devel-4.4.4-9.6.1 netcdf-fortran_4_4_4-gnu-mpich-hpc-devel-static-4.4.4-9.6.1 netcdf-fortran_4_4_4-gnu-openmpi2-hpc-4.4.4-9.6.1 netcdf-fortran_4_4_4-gnu-openmpi2-hpc-debugsource-4.4.4-9.6.1 netcdf-fortran_4_4_4-gnu-openmpi2-hpc-devel-4.4.4-9.6.1 netcdf-fortran_4_4_4-gnu-openmpi2-hpc-devel-static-4.4.4-9.6.1 - SUSE Linux Enterprise Module for HPC 15-SP1 (noarch): netcdf-fortran-gnu-mpich-hpc-4.4.4-9.6.1 netcdf-fortran-gnu-openmpi2-hpc-4.4.4-9.6.1 References: https://bugzilla.suse.com/1173598 https://bugzilla.suse.com/1174177 https://bugzilla.suse.com/1174291 From sle-updates at lists.suse.com Wed Sep 16 07:19:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 15:19:43 +0200 (CEST) Subject: SUSE-SU-2020:2646-1: important: Security update for perl-DBI Message-ID: <20200916131943.01917FCEB@maintenance.suse.de> SUSE Security Update: Security update for perl-DBI ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2646-1 Rating: important References: #1176409 #1176412 Cross-References: CVE-2020-14392 CVE-2020-14393 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2646=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): perl-DBI-1.642-3.3.1 perl-DBI-debuginfo-1.642-3.3.1 perl-DBI-debugsource-1.642-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-14392.html https://www.suse.com/security/cve/CVE-2020-14393.html https://bugzilla.suse.com/1176409 https://bugzilla.suse.com/1176412 From sle-updates at lists.suse.com Wed Sep 16 10:15:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:15:04 +0200 (CEST) Subject: SUSE-RU-2020:2653-1: moderate: Recommended update for perf Message-ID: <20200916161504.4A2A6FD04@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2653-1 Rating: moderate References: #1175256 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perf provides the following fixes: - Add latest git-fixes (bsc#1175256): * perf bpf-loader: Add missing '*' for key_scan_pos * perf cs-etm: Move definition of 'traceid_list' global variable from header file * perf env: Do not return pointers to local variables * perf intel-pt: Fix PEBS sample for XMM registers * perf: Make perf able to build with latest libbfd * perf metrics: Fix parse errors in power8 metrics * perf metrics: Fix parse errors in power9 metrics * perf metrics: Fix parse errors in skylake metrics * perf parse-events: Fix an incompatible pointer * perf probe: Check address correctness by map instead of _etext * perf probe: Do not show the skipped events * perf probe: Fix to check blacklist address correctly * perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events * perf report TUI: Fix segmentation fault in perf_evsel__hists_browse() * perf scripts python: export-to-postgresql.py: Fix struct.pack() int argument * perf scripts python: exported-sql-viewer.py: Fix unexpanded 'Find' result * perf scripts python: exported-sql-viewer.py: Fix zero id in call graph find result * perf scripts python: exported-sql-viewer.py: Fix zero id in call tree find result * perf stat: Ensure group is defined on top of the same cpu mask * perf stat: Fix duration_time value for higher intervals * perf stat: Fix NULL pointer dereference * perf stat: Fix wrong per-thread runtime stat for interval mode * perf stat: Honour --timeout for forked workloads * perf stat: Improve runtime stat for interval mode * perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode * perf test session topology: Fix data path * perf tools: Fix reading new topology attribute "core_cpus" * perf tools: Fix record failure when mixed with ARM SPE event * perf vendor events intel: Update all the Intel JSON metrics from TMAM Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2653=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): perf-5.3.18-25.6.3 perf-debuginfo-5.3.18-25.6.3 perf-debugsource-5.3.18-25.6.3 References: https://bugzilla.suse.com/1175256 From sle-updates at lists.suse.com Wed Sep 16 10:15:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:15:56 +0200 (CEST) Subject: SUSE-RU-2020:2651-1: moderate: Recommended update for zlib Message-ID: <20200916161556.12D73FCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2651-1 Rating: moderate References: #1175811 #1175830 #1175831 SLE-13776 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2651=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2651=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2651=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2651=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): zlib-debugsource-1.2.11-3.18.1 zlib-devel-32bit-1.2.11-3.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): zlib-debugsource-1.2.11-3.18.1 zlib-devel-32bit-1.2.11-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.18.1 libminizip1-debuginfo-1.2.11-3.18.1 libz1-1.2.11-3.18.1 libz1-debuginfo-1.2.11-3.18.1 minizip-devel-1.2.11-3.18.1 zlib-debugsource-1.2.11-3.18.1 zlib-devel-1.2.11-3.18.1 zlib-devel-static-1.2.11-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libz1-32bit-1.2.11-3.18.1 libz1-32bit-debuginfo-1.2.11-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.18.1 libminizip1-debuginfo-1.2.11-3.18.1 libz1-1.2.11-3.18.1 libz1-debuginfo-1.2.11-3.18.1 minizip-devel-1.2.11-3.18.1 zlib-debugsource-1.2.11-3.18.1 zlib-devel-1.2.11-3.18.1 zlib-devel-static-1.2.11-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libz1-32bit-1.2.11-3.18.1 libz1-32bit-debuginfo-1.2.11-3.18.1 References: https://bugzilla.suse.com/1175811 https://bugzilla.suse.com/1175830 https://bugzilla.suse.com/1175831 From sle-updates at lists.suse.com Wed Sep 16 10:17:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:17:02 +0200 (CEST) Subject: SUSE-RU-2020:2658-1: moderate: Recommended update for build Message-ID: <20200916161702.386ACFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for build ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2658-1 Rating: moderate References: #1170956 #1172563 #1174854 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for build fixes the following issues: - fix factory version in config file (bsc#1170956) - add missing ignores for Leap 15.2 (bsc#1174854) - fix sysrq handling for KVM builds - avoid double removal of obscpio files - docker: * support builds using USER root statements * proper error handling when obs-docker-support gets called as non-root * helm build target support * support milestone handling - support repo files without types set (SLE 15 SP2 zypp) - add default substitute for system-packages:repo-creation - Support recursive kiwi profile usage - fix dependencies for Fedora 33 - Set $YAML::XS::LoadBlessed = 0 for Appimage/Snapcraft - add a new variable to track build time needed for ccache eviction - create folder for ccache archive to be copied before rsync - also package pkg-config files by default into baselibs. (bsc#1172563) - Use shorter kernel flag for mitigations - Ignore, if shutdown behavior changed by build in z/VM - Control disk-space consumption while creating ccache archive - cleaning ccache - create folders before trying to copy ccache.tar - Generate .packages and .basepackages files for docker builds - enable sysrq operations on boot - Set kvm_serial_device to virtio-serial in the fixup - Split console arg setting code into kvm_add_console_args - Update for zVM to make container builds work. - Write to /proc/sys/kernel/hostname if the hostname command is not available - Use --cgroup-manager=cgroupfs when calling podman - Also squash by default in podman builds - Support different interpreters in prein/postin scriptlets - Use grep -E instead of egrep to check for the needsbinariesforbuild flag - Use new Build::Intrepo module - Add new Intrepo module to read/write build's internal repo format - remove .gz from _ccache archive as it is no longer compressed - Add support for Arch in build-recipe-kiwi - Autodetect whether to use --pipe option of systemd-nspawn. - Split parse_depfile() from readdeps() - enable compression on ccache - add bugzilla numbers for s390 workaround - extend --ccache to generate _ccache.tar.gz and implement --pkg-ccache - disable transparent_hugepage on s390x guests for now, causes hangs - set buildflavor also for Build::parse - Leap 15.2 config update (libzstd1 for rpm) - handle obscpio extraction error as fatal - Return correct exit code from systemd-nspawn build - Spec parser: do not parse included files from end to start - running disk full check also outside of VM - run disk full check only for chroot - Spec parser: add support for %elif, %elifarch, %elifos - Support rpm's %include statement (EXPERIMENTAL, known limitations) - Do not do vminstall expansion in expanddeps unless --vm is used - 15.2 config: preinstall gcrypt deps again - Recommends for Fedora based distros - support obsgendiff functionality - various smaller code cleanups - additional test cases for spec file parsing - various fixes for cornercases during spec file parsing - fix regression in && operator handling of rpm spec file parser - Correctly expand macros defined with %global - 15.2 config: temporary revert gcrypt preinstall until distro has changed - factory config: ignore libxtables for iproute2, not needed for ip tool - Follow upstream rpm changes in regard to logical ops - Fix macro expansion of lines containing newlines - add missing header file to avoid compile warnings - support OBS-Milestone comment for kiwi - switch to preinstall expansion for factory Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2658=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): build-20200520-3.3.1 build-mkbaselibs-20200520-3.3.1 References: https://bugzilla.suse.com/1170956 https://bugzilla.suse.com/1172563 https://bugzilla.suse.com/1174854 From sle-updates at lists.suse.com Wed Sep 16 10:18:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:18:06 +0200 (CEST) Subject: SUSE-SU-2020:2648-1: important: Security update for SUSE Manager 3.2 Message-ID: <20200916161806.2B21FFCFD@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager 3.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2648-1 Rating: important References: #1175884 Cross-References: CVE-2020-8028 Affected Products: SUSE Manager Server 3.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SUSE Manager 3.2 fixes the following issues: salt-netapi-client: - Refresh authentication module list to newer Salt versions spacewalk-admin: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-java: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-setup: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-2648=1 Package List: - SUSE Manager Server 3.2 (noarch): salt-netapi-client-0.16.0-4.14.1 spacewalk-admin-2.8.4.7-3.15.1 spacewalk-java-2.8.78.30-3.53.1 spacewalk-java-config-2.8.78.30-3.53.1 spacewalk-java-lib-2.8.78.30-3.53.1 spacewalk-java-oracle-2.8.78.30-3.53.1 spacewalk-java-postgresql-2.8.78.30-3.53.1 spacewalk-setup-2.8.7.11-3.28.1 spacewalk-taskomatic-2.8.78.30-3.53.1 References: https://www.suse.com/security/cve/CVE-2020-8028.html https://bugzilla.suse.com/1175884 From sle-updates at lists.suse.com Wed Sep 16 10:18:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:18:59 +0200 (CEST) Subject: SUSE-RU-2020:2654-1: moderate: Recommended update for btrfsprogs Message-ID: <20200916161859.4722AFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2654-1 Rating: moderate References: #1166006 #1174851 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for btrfsprogs contains the following fixes: - btrfs fi du: Skip non btrfs dir/file and don't call lookup_path_rootid for BTRFS_EMPTY_SUBVOL_DIR_OBJECTID. (bsc#1166006) - Make possible for progs to detect and fix invalid generations. (bsc#1174851) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2654=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2654=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): btrfsprogs-debuginfo-4.5.3-26.6.2 btrfsprogs-debugsource-4.5.3-26.6.2 libbtrfs-devel-4.5.3-26.6.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): btrfsprogs-4.5.3-26.6.2 btrfsprogs-debuginfo-4.5.3-26.6.2 btrfsprogs-debugsource-4.5.3-26.6.2 libbtrfs0-4.5.3-26.6.2 libbtrfs0-debuginfo-4.5.3-26.6.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): btrfsprogs-udev-rules-4.5.3-26.6.2 References: https://bugzilla.suse.com/1166006 https://bugzilla.suse.com/1174851 From sle-updates at lists.suse.com Wed Sep 16 10:19:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:19:57 +0200 (CEST) Subject: SUSE-RU-2020:2656-1: moderate: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin Message-ID: <20200916161957.3A6FFFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2656-1 Rating: moderate References: #1174745 #1175173 #1175740 #1175741 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for google-guest-agent, google-guest-configs, google-guest-oslogin contains the following fixes: - Update to version 20200819.00. (bsc#1175740, bsc#1175741) * handle oslogin enable/disable cases (#70). (bsc#1175173) * add README (#69) * Fix metric for addIPForwardEntry (#68) * Correctly determine default route index (#67) * oslogin: dont add entry to pam.d/su (#66) * end group.conf with newline (#64) * Add source field in googet spec (#59) * Set route to metadata on interface with default route (#47) * fix typo in boto.cfg (#62) - Properly handle enabling of systemd services when upgrading from the old google-compute-engine-init package. (bsc#1174745) - Update to version 20200626.00. (bsc#1175740, bsc#1175741) * Updates the udev rules for local SSD disks. (#9) * Fix tx affinity logic when number of CPUs is above 32 (#6) - Switch udev requires to pkgconfig to allow the build service to use the -mini package for build optimization - Update to version 20200819.00. (bsc#1175740, bsc#1175741) * deny non-2fa users (#37) * use asterisks instead (#39) * set passwords to ! (#38) * correct index 0 bug (#36) * Support security key generated OTP challenges. (#35) - No post action for ssh Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2656=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-guest-agent-20200819.00-1.6.1 google-guest-oslogin-20200819.00-1.6.1 google-guest-oslogin-debuginfo-20200819.00-1.6.1 google-guest-oslogin-debugsource-20200819.00-1.6.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-guest-configs-20200731.00-1.6.1 References: https://bugzilla.suse.com/1174745 https://bugzilla.suse.com/1175173 https://bugzilla.suse.com/1175740 https://bugzilla.suse.com/1175741 From sle-updates at lists.suse.com Wed Sep 16 10:21:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:21:07 +0200 (CEST) Subject: SUSE-RU-2020:2652-1: moderate: Recommended update for zlib Message-ID: <20200916162107.E745DFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2652-1 Rating: moderate References: #1175811 #1175830 #1175831 SLE-13776 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2652=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2652=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): zlib-debugsource-1.2.11-11.9.1 zlib-devel-1.2.11-11.9.1 zlib-devel-static-1.2.11-11.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): zlib-devel-32bit-1.2.11-11.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libz1-1.2.11-11.9.1 libz1-debuginfo-1.2.11-11.9.1 zlib-debugsource-1.2.11-11.9.1 zlib-devel-1.2.11-11.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libz1-32bit-1.2.11-11.9.1 libz1-debuginfo-32bit-1.2.11-11.9.1 References: https://bugzilla.suse.com/1175811 https://bugzilla.suse.com/1175830 https://bugzilla.suse.com/1175831 From sle-updates at lists.suse.com Wed Sep 16 10:22:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:22:11 +0200 (CEST) Subject: SUSE-SU-2020:2647-1: important: Security update for for SUSE Manager 4.1 Message-ID: <20200916162211.3C8BAFCEB@maintenance.suse.de> SUSE Security Update: Security update for for SUSE Manager 4.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2647-1 Rating: important References: #1175884 Cross-References: CVE-2020-8028 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SUSE Manager 4.1 fixes the following issues: google-gson: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages. httpcomponents-client: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages. httpcomponents-core: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages. salt-netapi-client: - Refresh authentication module list to newer Salt versions spacewalk-admin: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-java: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-setup: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) velocity: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2647=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): google-gson-2.8.5-3.4.3 httpcomponents-client-4.5.6-3.4.2 httpcomponents-core-4.4.10-3.4.2 salt-netapi-client-0.17.0-3.3.2 spacewalk-admin-4.1.6-3.3.3 spacewalk-java-4.1.19-3.8.2 spacewalk-java-config-4.1.19-3.8.2 spacewalk-java-lib-4.1.19-3.8.2 spacewalk-java-postgresql-4.1.19-3.8.2 spacewalk-setup-4.1.6-3.3.2 spacewalk-taskomatic-4.1.19-3.8.2 References: https://www.suse.com/security/cve/CVE-2020-8028.html https://bugzilla.suse.com/1175884 From sle-updates at lists.suse.com Wed Sep 16 10:23:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:23:03 +0200 (CEST) Subject: SUSE-SU-2020:2650-1: moderate: Security update for SUSE Manager Proxy 4.0 Message-ID: <20200916162303.37F81FCEB@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Proxy 4.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2650-1 Rating: moderate References: #1167907 #1169664 #1171281 #1172831 #1173535 #1173554 #1174201 #1175224 #1175889 Cross-References: CVE-2020-11022 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: This update fixes the following issues: spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Python3 fix for sorted usage (bsc#1167907) - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) - Fix escaping of package names (bsc#1171281) spacewalk-certs-tools: - Add option --nostricthostkeychecking to spacewalk-ssh-push-init - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535) spacewalk-proxy: - Python3 fix for loading pickle file during kickstart procedure (bsc#1174201) spacewalk-web: - Fix login page after jQuery upgrade (bsc#1175224) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Warn when a system is in multiple groups that configure the same formula in the system formula's UI (bsc#1173554) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-certs-tools-4.0.17-3.21.3 spacecmd-4.0.20-3.19.2 spacewalk-base-minimal-4.0.23-3.30.3 spacewalk-base-minimal-config-4.0.23-3.30.3 spacewalk-certs-tools-4.0.17-3.21.3 spacewalk-proxy-broker-4.0.14-3.10.3 spacewalk-proxy-common-4.0.14-3.10.3 spacewalk-proxy-management-4.0.14-3.10.3 spacewalk-proxy-package-manager-4.0.14-3.10.3 spacewalk-proxy-redirect-4.0.14-3.10.3 spacewalk-proxy-salt-4.0.14-3.10.3 References: https://www.suse.com/security/cve/CVE-2020-11022.html https://bugzilla.suse.com/1167907 https://bugzilla.suse.com/1169664 https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1172831 https://bugzilla.suse.com/1173535 https://bugzilla.suse.com/1173554 https://bugzilla.suse.com/1174201 https://bugzilla.suse.com/1175224 https://bugzilla.suse.com/1175889 From sle-updates at lists.suse.com Wed Sep 16 10:24:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:24:41 +0200 (CEST) Subject: SUSE-RU-2020:2655-1: moderate: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin Message-ID: <20200916162441.53255FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2655-1 Rating: moderate References: #1174745 #1175173 #1175740 #1175741 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for google-guest-agent, google-guest-configs, google-guest-oslogin contains the following fixes: - Update to version 20200819.00. (bsc#1175740, bsc#1175741) * handle oslogin enable/disable cases (#70). (bsc#1175173) * add README (#69) * Fix metric for addIPForwardEntry (#68) * Correctly determine default route index (#67) * oslogin: dont add entry to pam.d/su (#66) * end group.conf with newline (#64) * Add source field in googet spec (#59) * Set route to metadata on interface with default route (#47) * fix typo in boto.cfg (#62) - Properly handle enabling of systemd services when upgrading from the old google-compute-engine-init package (bsc#1174745) - Update to version 20200626.00. (bsc#1175740, bsc#1175741) * Updates the udev rules for local SSD disks. (#9) * Fix tx affinity logic when number of CPUs is above 32 (#6) - Switch udev requires to pkgconfig to allow the build service to use the -mini package for build optimization - Update to version 20200819.00. (bsc#1175740, bsc#1175741) * deny non-2fa users (#37) * use asterisks instead (#39) * set passwords to ! (#38) * correct index 0 bug (#36) * Support security key generated OTP challenges. (#35) - No post action for ssh Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2655=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2655=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-2655=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): google-guest-agent-20200819.00-1.6.1 google-guest-oslogin-20200819.00-1.6.2 google-guest-oslogin-debuginfo-20200819.00-1.6.2 google-guest-oslogin-debugsource-20200819.00-1.6.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): google-guest-configs-20200731.00-1.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-guest-agent-20200819.00-1.6.1 google-guest-oslogin-20200819.00-1.6.2 google-guest-oslogin-debuginfo-20200819.00-1.6.2 google-guest-oslogin-debugsource-20200819.00-1.6.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-guest-configs-20200731.00-1.6.1 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): google-guest-agent-20200819.00-1.6.1 google-guest-oslogin-20200819.00-1.6.2 google-guest-oslogin-debuginfo-20200819.00-1.6.2 google-guest-oslogin-debugsource-20200819.00-1.6.2 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): google-guest-configs-20200731.00-1.6.1 References: https://bugzilla.suse.com/1174745 https://bugzilla.suse.com/1175173 https://bugzilla.suse.com/1175740 https://bugzilla.suse.com/1175741 From sle-updates at lists.suse.com Wed Sep 16 10:25:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:25:51 +0200 (CEST) Subject: SUSE-RU-2020:2649-1: Recommended update for SUSE Manager 4.0.9 Release Notes Message-ID: <20200916162551.79FF9FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.0.9 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2649-1 Rating: low References: #1136857 #1165829 #1167907 #1169664 #1170244 #1171281 #1172079 #1172279 #1172504 #1172831 #1173073 #1173535 #1173554 #1173566 #1173584 #1173982 #1173997 #1174201 #1174254 #1174470 #1175224 #1175529 #1175555 #1175556 #1175558 #1175724 #1175791 #1175884 #1175889 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that has 29 recommended fixes can now be installed. Description: This update for the SUSE Manager 4.0.9 Release Notes provides the following additions: Release notes for SUSE Manager: - Revision 4.0.9 - Bugs mentioned: bsc#1136857, bsc#1165829, bsc#1167907, bsc#1169664, bsc#1170244, bsc#1171281, bsc#1172079, bsc#1172279, bsc#1172504, bsc#1172831, bsc#1173073, bsc#1173535, bsc#1173554, bsc#1173566, bsc#1173584, bsc#1173982, bsc#1173997, bsc#1174254, bsc#1174470, bsc#1175224, bsc#1175529, bsc#1175555, bsc#1175556, bsc#1175558, bsc#1175724, bsc#1175791, bsc#1175884, bsc#1175889 Release notes for SUSE Manager proxy: - Update to 4.0.9 - Bugs mentioned: bsc#1167907, bsc#1169664, bsc#1171281, bsc#1172831, bsc#1173535, bsc#1173554, bsc#1174201, bsc#1175224, bsc#1175889 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2020-2649=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2020-2649=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2020-2649=1 Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): release-notes-susemanager-4.0.9-3.54.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): release-notes-susemanager-proxy-4.0.9-0.16.38.1 - SUSE Manager Proxy 4.0 (x86_64): release-notes-susemanager-proxy-4.0.9-0.16.38.1 References: https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1165829 https://bugzilla.suse.com/1167907 https://bugzilla.suse.com/1169664 https://bugzilla.suse.com/1170244 https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1172079 https://bugzilla.suse.com/1172279 https://bugzilla.suse.com/1172504 https://bugzilla.suse.com/1172831 https://bugzilla.suse.com/1173073 https://bugzilla.suse.com/1173535 https://bugzilla.suse.com/1173554 https://bugzilla.suse.com/1173566 https://bugzilla.suse.com/1173584 https://bugzilla.suse.com/1173982 https://bugzilla.suse.com/1173997 https://bugzilla.suse.com/1174201 https://bugzilla.suse.com/1174254 https://bugzilla.suse.com/1174470 https://bugzilla.suse.com/1175224 https://bugzilla.suse.com/1175529 https://bugzilla.suse.com/1175555 https://bugzilla.suse.com/1175556 https://bugzilla.suse.com/1175558 https://bugzilla.suse.com/1175724 https://bugzilla.suse.com/1175791 https://bugzilla.suse.com/1175884 https://bugzilla.suse.com/1175889 From sle-updates at lists.suse.com Wed Sep 16 10:29:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:29:39 +0200 (CEST) Subject: SUSE-RU-2020:2659-1: moderate: Recommended update for openwsman Message-ID: <20200916162939.47B57FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for openwsman ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2659-1 Rating: moderate References: #1174541 #1175631 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openwsman fixes the following issues: - Don't crash if OpenSSL SSL context fails to initialize. (bsc#1175631) - Adapt to openssl 1.1.1. (bsc#1174541) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2659=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2659=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libwsman-devel-2.6.7-3.9.1 libwsman3-2.6.7-3.9.1 libwsman3-debuginfo-2.6.7-3.9.1 openwsman-debuginfo-2.6.7-3.9.1 openwsman-debugsource-2.6.7-3.9.1 openwsman-server-2.6.7-3.9.1 openwsman-server-debuginfo-2.6.7-3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libwsman-devel-2.6.7-3.9.1 libwsman3-2.6.7-3.9.1 libwsman3-debuginfo-2.6.7-3.9.1 openwsman-debuginfo-2.6.7-3.9.1 openwsman-debugsource-2.6.7-3.9.1 openwsman-server-2.6.7-3.9.1 openwsman-server-debuginfo-2.6.7-3.9.1 References: https://bugzilla.suse.com/1174541 https://bugzilla.suse.com/1175631 From sle-updates at lists.suse.com Wed Sep 16 10:30:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:30:40 +0200 (CEST) Subject: SUSE-SU-2020:2650-1: important: Security update for SUSE Manager Server 4.0 Message-ID: <20200916163040.84197FCEB@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2650-1 Rating: important References: #1136857 #1165829 #1167907 #1169664 #1170244 #1171281 #1172079 #1172279 #1172504 #1172831 #1173073 #1173535 #1173554 #1173566 #1173584 #1173982 #1173997 #1174201 #1174254 #1174470 #1175224 #1175529 #1175555 #1175556 #1175558 #1175724 #1175791 #1175884 #1175889 Cross-References: CVE-2019-14900 CVE-2020-11022 CVE-2020-8028 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has 26 fixes is now available. Description: This update fixes the following issues: hibernate5: - Address CVE-2019-14900 (bsc#1172079) image-sync-formula: - Allow image-sync state on regular minion. Image sync state requires branch-network pillars to get the directory where to sync images. Use default `/srv/saltboot` if that pillar is missing so image-sync can be applied on non branch minions as well. openvpn-formula: - Add hint that ssl certs must be on system (bsc#1172279) prometheus-exporters-formula: - Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555) - Add support for exporters proxy (exporter_exporter) - Update the apache exporter config file for Debian salt-netapi-client: - Refresh authentication module list to newer Salt versions saltboot-formula: - Better fix for rounding errors (bsc#1136857) spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Python3 fix for sorted usage (bsc#1167907) - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) - Fix escaping of package names (bsc#1171281) spacewalk-admin: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-certs-tools: - Add option --nostricthostkeychecking to spacewalk-ssh-push-init - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535) spacewalk-java: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) - Fix EntityExistsException on migration from traditional to salt minion via proxy (bsc#1175556) - Use media.1/products from media when not specified different (bsc#1175558) - Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529) - Fix alignment on icon on entitlement page - Reset the server path on minion registration (bsc#1174254) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Fix error when rolling back a system to a snapshot (bsc#1173997) - Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566) - Provide comps.xml and modules.yaml when using onlinerepo for kickstart - Set CPU and memory info for virtual instances (bsc#1170244) - Change system list header text to something better (bsc#1173982) spacewalk-setup: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-utils: - Avoid exceptions on the logs when looking for channels that do not exist (bsc#1175529) spacewalk-web: - Fix login page after jQuery upgrade (bsc#1175224) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Warn when a system is in multiple groups that configure the same formula in the system formula's UI (bsc#1173554) susemanager: - Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470) susemanager-frontend-libs: - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831) susemanager-schema: - Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073) susemanager-sls: - Fix the dnf plugin to add the token to the HTTP header (bsc#1175724) - Fix reporting of missing products in product.all_installed (bsc#1165829) - Require PyYAML version >= 5.1 - Get redhat-release only when it is not a symlink - Fix: supply a dnf base when dealing w/repos (bsc#1172504) - Fix: autorefresh in repos is zypper-only susemanager-sync-data: - Remove version from centos and oracle linux identifier (bsc#1173584) virtualization-host-formula: - Update to version 0.5 - Ensure kernel-default and libvirt-python3 are installed - Set bridge network as default - Fix conditionals (bsc#1175791) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2650=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): openvpn-formula-0.1.1-4.6.2 susemanager-4.0.28-3.36.3 susemanager-tools-4.0.28-3.36.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): hibernate5-5.3.7-4.3.2 image-sync-formula-0.1.1595937550.0285244-3.20.2 prometheus-exporters-formula-0.7.1-3.10.2 python3-spacewalk-certs-tools-4.0.17-3.21.3 salt-netapi-client-0.17.0-4.6.3 saltboot-formula-0.1.1595937550.0285244-3.19.2 spacecmd-4.0.20-3.19.2 spacewalk-admin-4.0.11-3.12.1 spacewalk-base-4.0.23-3.30.3 spacewalk-base-minimal-4.0.23-3.30.3 spacewalk-base-minimal-config-4.0.23-3.30.3 spacewalk-certs-tools-4.0.17-3.21.3 spacewalk-html-4.0.23-3.30.3 spacewalk-java-4.0.37-3.39.1 spacewalk-java-config-4.0.37-3.39.1 spacewalk-java-lib-4.0.37-3.39.1 spacewalk-java-postgresql-4.0.37-3.39.1 spacewalk-setup-4.0.14-3.14.1 spacewalk-taskomatic-4.0.37-3.39.1 spacewalk-utils-4.0.18-3.21.3 susemanager-frontend-libs-4.0.2-4.3.2 susemanager-schema-4.0.22-3.29.2 susemanager-sls-4.0.29-3.31.3 susemanager-sync-data-4.0.18-3.24.2 susemanager-web-libs-4.0.23-3.30.3 virtualization-host-formula-0.5-4.12.3 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-certs-tools-4.0.17-3.21.3 spacecmd-4.0.20-3.19.2 spacewalk-base-minimal-4.0.23-3.30.3 spacewalk-base-minimal-config-4.0.23-3.30.3 spacewalk-certs-tools-4.0.17-3.21.3 spacewalk-proxy-broker-4.0.14-3.10.3 spacewalk-proxy-common-4.0.14-3.10.3 spacewalk-proxy-management-4.0.14-3.10.3 spacewalk-proxy-package-manager-4.0.14-3.10.3 spacewalk-proxy-redirect-4.0.14-3.10.3 spacewalk-proxy-salt-4.0.14-3.10.3 References: https://www.suse.com/security/cve/CVE-2019-14900.html https://www.suse.com/security/cve/CVE-2020-11022.html https://www.suse.com/security/cve/CVE-2020-8028.html https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1165829 https://bugzilla.suse.com/1167907 https://bugzilla.suse.com/1169664 https://bugzilla.suse.com/1170244 https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1172079 https://bugzilla.suse.com/1172279 https://bugzilla.suse.com/1172504 https://bugzilla.suse.com/1172831 https://bugzilla.suse.com/1173073 https://bugzilla.suse.com/1173535 https://bugzilla.suse.com/1173554 https://bugzilla.suse.com/1173566 https://bugzilla.suse.com/1173584 https://bugzilla.suse.com/1173982 https://bugzilla.suse.com/1173997 https://bugzilla.suse.com/1174201 https://bugzilla.suse.com/1174254 https://bugzilla.suse.com/1174470 https://bugzilla.suse.com/1175224 https://bugzilla.suse.com/1175529 https://bugzilla.suse.com/1175555 https://bugzilla.suse.com/1175556 https://bugzilla.suse.com/1175558 https://bugzilla.suse.com/1175724 https://bugzilla.suse.com/1175791 https://bugzilla.suse.com/1175884 https://bugzilla.suse.com/1175889 From sle-updates at lists.suse.com Wed Sep 16 10:34:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 18:34:24 +0200 (CEST) Subject: SUSE-RU-2020:2657-1: moderate: Recommended update for mutter Message-ID: <20200916163424.C9823FCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutter ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2657-1 Rating: moderate References: #1175559 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mutter provides the following fixes: - Don't use libGLESv2.so but libGLESv2.so.2 for COGL driver. (bsc#1175559) - Update to version 3.34.6: + Fix various clipboard issues. + Fix locate-pointer feature interfering with keybindings. + Fix overview key on X11 when using multiple keyboard layouts. + Preserve keyboard state on VT switch. + Fixed crashes. + Plugged memory leaks. + Misc. bug fixes and cleanups. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2657=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libmutter-5-0-3.34.6-3.3.1 libmutter-5-0-debuginfo-3.34.6-3.3.1 mutter-3.34.6-3.3.1 mutter-data-3.34.6-3.3.1 mutter-debuginfo-3.34.6-3.3.1 mutter-debugsource-3.34.6-3.3.1 mutter-devel-3.34.6-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): mutter-lang-3.34.6-3.3.1 References: https://bugzilla.suse.com/1175559 From sle-updates at lists.suse.com Wed Sep 16 13:14:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 21:14:46 +0200 (CEST) Subject: SUSE-SU-2020:0079-2: moderate: Security update for libzypp Message-ID: <20200916191446.B07DBFCEB@maintenance.suse.de> SUSE Security Update: Security update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0079-2 Rating: moderate References: #1158763 Cross-References: CVE-2019-18900 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libzypp fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-79=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-79=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-79=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-79=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-79=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-79=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-79=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-79=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-79=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-79=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-79=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libzypp-16.21.2-2.45.1 libzypp-debuginfo-16.21.2-2.45.1 libzypp-debugsource-16.21.2-2.45.1 libzypp-devel-16.21.2-2.45.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libzypp-16.21.2-2.45.1 libzypp-debuginfo-16.21.2-2.45.1 libzypp-debugsource-16.21.2-2.45.1 libzypp-devel-16.21.2-2.45.1 - SUSE OpenStack Cloud 9 (x86_64): libzypp-16.21.2-2.45.1 libzypp-debuginfo-16.21.2-2.45.1 libzypp-debugsource-16.21.2-2.45.1 libzypp-devel-16.21.2-2.45.1 - SUSE OpenStack Cloud 8 (x86_64): libzypp-16.21.2-2.45.1 libzypp-debuginfo-16.21.2-2.45.1 libzypp-debugsource-16.21.2-2.45.1 libzypp-devel-16.21.2-2.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libzypp-16.21.2-2.45.1 libzypp-debuginfo-16.21.2-2.45.1 libzypp-debugsource-16.21.2-2.45.1 libzypp-devel-16.21.2-2.45.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libzypp-16.21.2-2.45.1 libzypp-debuginfo-16.21.2-2.45.1 libzypp-debugsource-16.21.2-2.45.1 libzypp-devel-16.21.2-2.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libzypp-16.21.2-2.45.1 libzypp-debuginfo-16.21.2-2.45.1 libzypp-debugsource-16.21.2-2.45.1 libzypp-devel-16.21.2-2.45.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libzypp-16.21.2-2.45.1 libzypp-debuginfo-16.21.2-2.45.1 libzypp-debugsource-16.21.2-2.45.1 libzypp-devel-16.21.2-2.45.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libzypp-16.21.2-2.45.1 libzypp-debuginfo-16.21.2-2.45.1 libzypp-debugsource-16.21.2-2.45.1 libzypp-devel-16.21.2-2.45.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libzypp-16.21.2-2.45.1 libzypp-debuginfo-16.21.2-2.45.1 libzypp-debugsource-16.21.2-2.45.1 libzypp-devel-16.21.2-2.45.1 - HPE Helion Openstack 8 (x86_64): libzypp-16.21.2-2.45.1 libzypp-debuginfo-16.21.2-2.45.1 libzypp-debugsource-16.21.2-2.45.1 libzypp-devel-16.21.2-2.45.1 References: https://www.suse.com/security/cve/CVE-2019-18900.html https://bugzilla.suse.com/1158763 From sle-updates at lists.suse.com Wed Sep 16 13:15:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 21:15:46 +0200 (CEST) Subject: SUSE-SU-2020:2660-1: moderate: Security update for libsolv Message-ID: <20200916191546.E7B94F794@maintenance.suse.de> SUSE Security Update: Security update for libsolv ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2660-1 Rating: moderate References: #1120629 #1120630 #1120631 #1127155 #1131823 #1137977 Cross-References: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for libsolv fixes the following issues: This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products. libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2660=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2660=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2660=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2660=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2660=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2660=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2660=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2660=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2660=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2660=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2660=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2660=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2660=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 - SUSE OpenStack Cloud 9 (x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 - SUSE OpenStack Cloud 8 (x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-devel-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 - HPE Helion Openstack 8 (x86_64): libsolv-debugsource-0.6.36-2.30.1 libsolv-devel-0.6.36-2.30.1 libsolv-tools-0.6.36-2.30.1 libsolv-tools-debuginfo-0.6.36-2.30.1 perl-solv-0.6.36-2.30.1 perl-solv-debuginfo-0.6.36-2.30.1 python-solv-0.6.36-2.30.1 python-solv-debuginfo-0.6.36-2.30.1 References: https://www.suse.com/security/cve/CVE-2018-20532.html https://www.suse.com/security/cve/CVE-2018-20533.html https://www.suse.com/security/cve/CVE-2018-20534.html https://bugzilla.suse.com/1120629 https://bugzilla.suse.com/1120630 https://bugzilla.suse.com/1120631 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1131823 https://bugzilla.suse.com/1137977 From sle-updates at lists.suse.com Wed Sep 16 13:17:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 16 Sep 2020 21:17:21 +0200 (CEST) Subject: SUSE-SU-2020:2661-1: important: Security update for perl-DBI Message-ID: <20200916191721.0220FF794@maintenance.suse.de> SUSE Security Update: Security update for perl-DBI ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2661-1 Rating: important References: #1176409 #1176412 Cross-References: CVE-2020-14392 CVE-2020-14393 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2661=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2661=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2661=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2661=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2661=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2661=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2661=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2661=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2661=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2661=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2661=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2661=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2661=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2661=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2661=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2661=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE OpenStack Cloud 9 (x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE OpenStack Cloud 8 (x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE OpenStack Cloud 7 (s390x x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 - HPE Helion Openstack 8 (x86_64): perl-DBI-1.628-5.3.1 perl-DBI-debuginfo-1.628-5.3.1 perl-DBI-debugsource-1.628-5.3.1 References: https://www.suse.com/security/cve/CVE-2020-14392.html https://www.suse.com/security/cve/CVE-2020-14393.html https://bugzilla.suse.com/1176409 https://bugzilla.suse.com/1176412 From sle-updates at lists.suse.com Thu Sep 17 01:09:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2020 09:09:19 +0200 (CEST) Subject: SUSE-CU-2020:495-1: Recommended update of suse/sle15 Message-ID: <20200917070919.ECA91FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:495-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.306 Container Release : 6.2.306 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Thu Sep 17 01:09:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2020 09:09:29 +0200 (CEST) Subject: SUSE-CU-2020:496-1: Recommended update of suse/sle15 Message-ID: <20200917070929.D412AFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:496-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.307 Container Release : 6.2.307 Severity : moderate Type : recommended References : 1175811 1175830 1175831 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) From sle-updates at lists.suse.com Thu Sep 17 01:11:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2020 09:11:51 +0200 (CEST) Subject: SUSE-CU-2020:497-1: Recommended update of suse/sle15 Message-ID: <20200917071151.1A1C9FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:497-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.745 Container Release : 8.2.745 Severity : low Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: From sle-updates at lists.suse.com Thu Sep 17 01:12:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2020 09:12:00 +0200 (CEST) Subject: SUSE-CU-2020:498-1: Recommended update of suse/sle15 Message-ID: <20200917071200.07A7BFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:498-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.746 Container Release : 8.2.746 Severity : moderate Type : recommended References : 1175811 1175830 1175831 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) From sle-updates at lists.suse.com Thu Sep 17 10:14:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2020 18:14:59 +0200 (CEST) Subject: SUSE-RU-2020:2663-1: moderate: Recommended update for crmsh Message-ID: <20200917161459.3F9CFFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2663-1 Rating: moderate References: #1176178 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fixes an issue when parallax shows an error by joining a node. (bsc#1176178) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2663=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.1.0+git.1599639106.b8652332-3.31.1 crmsh-scripts-4.1.0+git.1599639106.b8652332-3.31.1 References: https://bugzilla.suse.com/1176178 From sle-updates at lists.suse.com Thu Sep 17 10:15:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2020 18:15:54 +0200 (CEST) Subject: SUSE-RU-2020:2667-1: moderate: Recommended update for openssl-1_0_0 Message-ID: <20200917161554.7E403FCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2667-1 Rating: moderate References: #1175429 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_0_0 fixes the following issues: - Provide the same symbols as other distros in a compatible package. (bsc#1175429) - Add OPENSSL_1.0.1_EC symbol. (bsc#1175429) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2667=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2667=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-2667=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.31.1 libopenssl1_0_0-1.0.2p-3.31.1 libopenssl1_0_0-debuginfo-1.0.2p-3.31.1 openssl-1_0_0-1.0.2p-3.31.1 openssl-1_0_0-debuginfo-1.0.2p-3.31.1 openssl-1_0_0-debugsource-1.0.2p-3.31.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.31.1 libopenssl1_0_0-1.0.2p-3.31.1 libopenssl1_0_0-debuginfo-1.0.2p-3.31.1 openssl-1_0_0-1.0.2p-3.31.1 openssl-1_0_0-debuginfo-1.0.2p-3.31.1 openssl-1_0_0-debugsource-1.0.2p-3.31.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl1_0_0-1.0.2p-3.31.1 libopenssl1_0_0-debuginfo-1.0.2p-3.31.1 openssl-1_0_0-debuginfo-1.0.2p-3.31.1 openssl-1_0_0-debugsource-1.0.2p-3.31.1 References: https://bugzilla.suse.com/1175429 From sle-updates at lists.suse.com Thu Sep 17 10:16:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2020 18:16:50 +0200 (CEST) Subject: SUSE-OU-2020:2671-1: Optional update for libxmlb Message-ID: <20200917161650.2FC49FCFD@maintenance.suse.de> SUSE Optional Update: Optional update for libxmlb ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2671-1 Rating: low References: #1174848 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for libxmlb fixes the following issues: - libxmlb-devel was missing in the Desktop Applications module. This update adds it (bsc#1174848) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2671=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libxmlb-debuginfo-0.1.11-3.2.1 libxmlb-debugsource-0.1.11-3.2.1 libxmlb-devel-0.1.11-3.2.1 libxmlb1-0.1.11-3.2.1 libxmlb1-debuginfo-0.1.11-3.2.1 typelib-1_0-Xmlb-1_0-0.1.11-3.2.1 xmlb-tool-0.1.11-3.2.1 References: https://bugzilla.suse.com/1174848 From sle-updates at lists.suse.com Thu Sep 17 10:17:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2020 18:17:45 +0200 (CEST) Subject: SUSE-RU-2020:2668-1: moderate: Recommended update for PackageKit Message-ID: <20200917161745.1925BFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for PackageKit ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2668-1 Rating: moderate References: #1169739 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for PackageKit provides the following fix: - zypp: Cleanup temporary files when PackageKit quits. (bsc#1169739) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2668=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2668=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): PackageKit-debuginfo-1.1.13-4.6.1 PackageKit-debugsource-1.1.13-4.6.1 PackageKit-gstreamer-plugin-1.1.13-4.6.1 PackageKit-gstreamer-plugin-debuginfo-1.1.13-4.6.1 PackageKit-gtk3-module-1.1.13-4.6.1 PackageKit-gtk3-module-debuginfo-1.1.13-4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): PackageKit-1.1.13-4.6.1 PackageKit-backend-zypp-1.1.13-4.6.1 PackageKit-backend-zypp-debuginfo-1.1.13-4.6.1 PackageKit-debuginfo-1.1.13-4.6.1 PackageKit-debugsource-1.1.13-4.6.1 PackageKit-devel-1.1.13-4.6.1 PackageKit-devel-debuginfo-1.1.13-4.6.1 libpackagekit-glib2-18-1.1.13-4.6.1 libpackagekit-glib2-18-debuginfo-1.1.13-4.6.1 libpackagekit-glib2-devel-1.1.13-4.6.1 typelib-1_0-PackageKitGlib-1_0-1.1.13-4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): PackageKit-lang-1.1.13-4.6.1 References: https://bugzilla.suse.com/1169739 From sle-updates at lists.suse.com Thu Sep 17 10:18:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2020 18:18:42 +0200 (CEST) Subject: SUSE-RU-2020:2662-1: Recommended update for release-notes-sles Message-ID: <20200917161842.303BFFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2662-1 Rating: low References: #1144071 #1150224 #1150672 #1153309 #1154285 #1163166 #1171541 #1173569 #1174879 SLE-11271 SLE-7191 Affected Products: SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has 9 recommended fixes and contains two features can now be installed. Description: This update for release-notes-sles fixes the following issues: Release notes 15.1.20200804 (bsc#1174879) Added notes: - Transactional updates as tech preview (bsc#1144071) - KVM nested virtualization as tech preview (jsc#SLE-11271) - List of GNU AGPL software (jsc#SLE-7191) - List of software requiring external contracts (bsc#1173569) - Alternatives system & display manager (bsc#1163166) - RoCE ConnectX-4 performance drops (bsc#1153309) - Removal of libjpeg-turbo (bsc#1150224) Improvements and fixes: - Java version support information (bsc#1171541, bsc#1154285) - Updated URL for source code download (bsc#1150672) - TLS 1.0/1.1 are deprecated, but not removed in 15 SP2 (FATE#323868) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-2020-2662=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-2662=1 Package List: - SUSE Linux Enterprise Server 15-SP1 (noarch): release-notes-sles-15.1.20200804-3.11.1 - SUSE Linux Enterprise Installer 15-SP1 (noarch): release-notes-sles-15.1.20200804-3.11.1 References: https://bugzilla.suse.com/1144071 https://bugzilla.suse.com/1150224 https://bugzilla.suse.com/1150672 https://bugzilla.suse.com/1153309 https://bugzilla.suse.com/1154285 https://bugzilla.suse.com/1163166 https://bugzilla.suse.com/1171541 https://bugzilla.suse.com/1173569 https://bugzilla.suse.com/1174879 From sle-updates at lists.suse.com Thu Sep 17 10:20:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2020 18:20:29 +0200 (CEST) Subject: SUSE-RU-2020:2670-1: moderate: Recommended update for biosdevname Message-ID: <20200917162029.29440FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for biosdevname ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2670-1 Rating: moderate References: #1174491 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for biosdevname fixes the following issue: - Read DMI info rom sysfs. (bsc#1174491) A kernel with Secure Boot lockdown may prohibit reading the contents of /dev/mem, hence biosdevname fails. The recent kernel provides the DMI byte contents in /sys/firmware/dmi/tables/*. - Add buffer read helper using read explicitly. mmap can't work well with a sysfs file and it's required to read the contents explicitly via read, even if USE_MMAP is enabled. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2670=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): biosdevname-0.7.2-11.16.1 biosdevname-debuginfo-0.7.2-11.16.1 biosdevname-debugsource-0.7.2-11.16.1 References: https://bugzilla.suse.com/1174491 From sle-updates at lists.suse.com Thu Sep 17 13:14:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 17 Sep 2020 21:14:17 +0200 (CEST) Subject: SUSE-SU-2020:2673-1: important: Security update for samba Message-ID: <20200917191417.8B686FCEB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2673-1 Rating: important References: #1141267 #1144902 #1154289 #1154598 #1158108 #1158109 #1160850 #1160852 #1160888 #1169850 #1169851 #1173159 #1173160 #1173359 #1174120 Cross-References: CVE-2019-10197 CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 CVE-2019-14861 CVE-2019-14870 CVE-2019-14902 CVE-2019-14907 CVE-2019-19344 CVE-2020-10700 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for samba to version 4.10.17 fixes the following issues: - Fixed net command unable to negotiate SMB2; (bsc#1174120); - Update to 4.10.17 - CVE-2020-10745: Invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). - CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). - CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (1173161). - CVE-2020-14303: Fix endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined, ldb: Bump version to 1.5.8; (bso#14364); (bsc#1173159). - Update to 4.10.16 s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer from a getenv() pointer. lib:util: Fix smbclient -l basename dir; (bso#14345). Malicous SMB1 server can crash libsmbclient; (bso#14366). s3:libads: Fix ads_get_upn(); (bso#14336). docs-xml: Fix usernames in pam_winbind manpages; (bso#14358). Client tools are not able to read gencache anymore since 4.10; (bso#14370). - Update to 4.10.15 - CVE-2020-10700: Fix use-after-free in AD DC LDAP server when ASQ and paged_results combined; (bso#14331); (bsc#1169850). - CVE-2020-10704: Fix LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#20454); (bsc#1169851). - Update to 4.10.14 s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283). nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#20193). dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL), auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL); (bso#14247). winbind member (source3) fails local SAM auth with empty domain name; (bso#14247). winbindd: Handling missing idmap in getgrgid(); (bso#14265). lib:util: Log mkdir error on correct debug levels; (bso#14253). wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295). - Update to 4.10.13 s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number; (bso#14161). s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum() on an SMB1 connection; (bso#14174). s3: libsmb: Ensure return from net_share_enum_rpc() sets cli->raw_status on error; (bso#14176). s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response; (bso#14189). s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds; (bso#14205). pygpo: Use correct method flags; (bso#14209). s3: Remove now unneeded call to cmdline_messaging_context(); (bso#13925). Incomplete conversion of former parametric options; (bso#14069). Fix sync dosmode fallback in async dosmode codepath; (bso#14070). vfs_fruit returns capped resource fork length; (bso#14171). s3:printing: Fix %J substition; (bso#13745). libnet_join: Add SPNs for additional-dns-hostnames entries; (bso#14116). Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). ctdb-tcp: Close inflight connecting TCP sockets after fork; (bso#14175). s4:dirsync: Fix interaction of dirsync and extended_dn controls; (bso#14153). upgradedns: Ensure lmdb lock files linked; (bso#14199). s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). wscript: Remove checks for shm_open and shmget; (bso#14140). libsmbclient: smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1); (bso#14101). replace: Only link libnsl and libsocket if required; (bso#14168). librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). heimdal-build: Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code; (bso#13856). ctdb-tcp: Drop tracking of file descriptor for incoming connections; (bso#14175). ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Update to 4.10.12 - CVE-2019-14902: Replication of ACLs down subtree on AD Directory not automatic; (bso#12497); (bsc#1160850); - CVE-2019-14907: lib/util: Do not print the failed to convert string into the logs; (bso#14208); (bsc#1160888). - CVE-2019-19344: kcc dns scavenging: Fix use after free in dns_tombstone_records_zone; (bso#14050); (bsc#1160852). - Update to 4.10.11 - CVE-2019-14861: Fix DNSServer RPC server crash; (bso#14138); (bsc#1158108). - CVE-2019-14870: DelegationNotAllowed not being enforced; (bso#14187); (bsc#1158109). - Update to 4.10.10 - CVE-2019-10218 - s3: libsmb: Protect SMB1 and SMB2 client code from evil server returned names; (bso#14071); (bsc#1144902). - CVE-2019-14833: Use utf8 characters in the unacceptable password; (bso#12438); (bsc#1154289). - CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with dirsync; (bso#14040); (bsc#1154598). - CVE-2019-14833 dsdb: Send full password to check password script; (bso#12438); (bsc#1154289). - Update to 4.10.9 Different Device Id for GlusterFS FUSE mount is causing data loss in CTDB cluster; (bso#13972). winbind: Provide passwd struct for group sid with ID_TYPE_BOTH mapping (again); (bso#14141). smbc_readdirplus() is incompatible with smbc_telldir() and smbc_lseekdir(); (bso#14094). s3: smbclient: Stop an SMB2-connection from blundering into SMB1-specific calls; (bso#14152). s4/scripting: MORE py3 compatible print functions. ldb: Release ldb 1.5.6; (bso#13978). undoduididx: Add "or later" to warning about using tools from Samba 4.8; (bso#13978). ldb_tdb fails to check error return when parsing pack formats; (bso#13959). ctdb: Fix compilation on systems with glibc robust mutexes; (bso#14038). GPO security filtering based on the groups in Kerberos PAC (but primary group is missing); (bso#11362). Fix spnego fallback from kerberos to ntlmssp in smbd server; (bso#14106). s3-winbindd: fix forest trusts with additional trust attributes; (bso#14130). vfs_glusterfs: Use pthreadpool for scheduling aio operations; (bso#14098). ldb: baseinfo pack format check on init; (bso#13977). ldb: ldbdump key and pack format version comments; (bso#13978). Overlinking libreplace against librt and pthread against every binary or library causes issues; (bso#14140). ctdb-vacuum: Process all records not deleted on a remote node; (bso#14147). classicupgrade: Fix uncaught exception; (bso#14136). fault.c: Improve fault_report message text pointing to our wiki; (bso#14139). s3:client:Use DEVICE_URI, instead of argv[0],for Device URI; (bso#14128). We should send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID negotiation context; (bso#14055). 'pam_winbind' with 'krb5_auth' or 'wbinfo -K' doesn't work for users of trusted domains/forests principals" logic; (bso#14124). vfs_glusterfs: Enable profiling for file system operations; (bso#14093). vfs_gpfs: Implement special case for denying owner access to ACL; (bso#14032). Joining Active Directory should not use SAMR to set the password; (bso#13884). s3:libsmb: Do not check the SPNEGO neg token for KRB5; (bso#14106). Overlinking libreplace against librt and pthread against every binary or library causes issues; (bso#14140). 'kpasswd' fails when built with MIT Kerberos; (bso#14155). CTDB replies can be lost before nodes are bidirectionally connected; (bso#14084). "ctdb stop" command completes before databases are frozen; (bso#14087). ctdb-tools: Stop deleted nodes from influencing ctdb nodestatus exit code; (bso#14129). s3:ldap: Fix join with don't exists machine account; (bso#14007). - Update to 4.10.8 - CVE-2019-10197: Permissions check deny can allow user to escape from the share; (bso#14035); (bsc#1141267). - CVE-2019-10197: Permissions check deny can allow user to escape from the share; (bso#14035); (bsc#1141267). - Update to 4.10.7 Unable to create or rename file/directory inside shares configured with vfs_glusterfs_fuse module; (bso#14010). build: Allow build when '--disable-gnutls' is set; (bso#13844). samba-tool: Add 'import samba.drs_utils' to fsmo.py; (bso#13973). Fix 'Error 32 determining PSOs in system' message on old DB with FL upgrade; (bso#14008). s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021). join: Use a specific attribute order for the DsAddEntry nTDSDSA object; (bso#14046). vfs_catia: Pass stat info to synthetic_smb_fname(); (bso#14015). lookup_name: Allow own domain lookup when flags == 0; (bso#14091). s4 librpc rpc pyrpc: Ensure tevent_context deleted last; (bso#13932). DEBUGC and DEBUGADDC doesn't print into a class specific log file; (bso#13915). Request to keep deprecated option "server schannel", VMWare Quickprep requires "auto"; (bso#13949). dbcheck: Fallback to the default tombstoneLifetime of 180 days; (bso#13967). dnsProperty fails to decode values from older Windows versions; (bso#13969). samba-tool: Use only one LDAP modify for dns partition fsmo role transfer; (bso#13973). third_party: Update waf to version 2.0.17; (bso#13960). netcmd: Allow 'drs replicate --local' to create partitions; (bso#14051). ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017). - Update to 4.10.6 s3: winbind: Fix crash when invoking winbind idmap scripts; (bso#13956). smbd does not correctly parse arguments passed to dfree and quota scripts; (bso#13964). samba-tool dns: use bytes for inet_ntop; (bso#13965). samba-tool domain provision: Fix --interactive module in python3; (bso#13828). ldb_kv: Skip @ records early in a search full scan; (bso#13893). docs: Improve documentation of "lanman auth" and "ntlm auth" connection; (bso#13981). python/ntacls: Use correct "state directory" smb.conf option instead of "state dir"; (bso#14002). registry: Add a missing include; (bso#13840). Fix SMB guest authentication; (bso#13944). AppleDouble conversion breaks Resourceforks; (bso#13958). vfs_fruit makes direct use of syscalls like mmap() and pread(); (bso#13968). s3:mdssvc: Fix flex compilation error; (bso#13987). s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly:; (bso#13872). dsdb:samdb: schemainfo update with relax control; (bso#13799). s3:util: Move static file_pload() function to lib/util; (bso#13964). smbd: Fix a panic; (bso#13957). ldap server: Generate correct referral schemes; (bso#12478). s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value; (bso#13941). s4 dsdb: Fix use after free in samldb_rename_search_base_callback; (bso#13942). dsdb/repl: we need to replicate the whole schema before we can apply it; (bso#12204). ldb: Release ldb 1.5.5; (bso#12478). Schema replication fails if link crosses chunk boundary backwards; (bso#13713). 'samba-tool domain schemaupgrade' uses relax control and skips the schemaInfo update provision; (bso#13799). dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."; (bso#13916). python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to get the ACL; (bso#13917). s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary; (bso#13947). Using Kerberos credentials to print using spoolss doesn't work; (bso#13939). wafsamba: Use native waf timer; (bso#13998). ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984). This update for ldb to version 1.5.8 fixes the following issues: - Update to 1.5.8 - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). - Update to 1.5.7 - CVE-2020-10700: Fixed a use-after-free in AD DC LDAP server when ASQ and paged_results combined (bsc#1169850). - Update to 1.5.6 - Fix segfault parsing new pack formats or invalid packed data - Check for new pack formats during startup - Making ldbdump print out pack format info and keys so we have low level visibility for testing in python - Update to 1.5.5 LDAP_REFERRAL_SCHEME_OPAQUE was added Skip @ records early in a search full scan Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2673=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2673=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2673=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.5.8-3.5.1 libldb-devel-1.5.8-3.5.1 libndr-devel-4.10.17+git.203.862547088ca-3.14.1 libndr-krb5pac-devel-4.10.17+git.203.862547088ca-3.14.1 libndr-nbt-devel-4.10.17+git.203.862547088ca-3.14.1 libndr-standard-devel-4.10.17+git.203.862547088ca-3.14.1 libsamba-util-devel-4.10.17+git.203.862547088ca-3.14.1 libsmbclient-devel-4.10.17+git.203.862547088ca-3.14.1 libwbclient-devel-4.10.17+git.203.862547088ca-3.14.1 python-ldb-1.5.8-3.5.1 python-ldb-debuginfo-1.5.8-3.5.1 python-ldb-devel-1.5.8-3.5.1 samba-core-devel-4.10.17+git.203.862547088ca-3.14.1 samba-debuginfo-4.10.17+git.203.862547088ca-3.14.1 samba-debugsource-4.10.17+git.203.862547088ca-3.14.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.5.8-3.5.1 ldb-tools-1.5.8-3.5.1 ldb-tools-debuginfo-1.5.8-3.5.1 libdcerpc-binding0-4.10.17+git.203.862547088ca-3.14.1 libdcerpc-binding0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libdcerpc0-4.10.17+git.203.862547088ca-3.14.1 libdcerpc0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libldb1-1.5.8-3.5.1 libldb1-debuginfo-1.5.8-3.5.1 libndr-krb5pac0-4.10.17+git.203.862547088ca-3.14.1 libndr-krb5pac0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libndr-nbt0-4.10.17+git.203.862547088ca-3.14.1 libndr-nbt0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libndr-standard0-4.10.17+git.203.862547088ca-3.14.1 libndr-standard0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libndr0-4.10.17+git.203.862547088ca-3.14.1 libndr0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libnetapi0-4.10.17+git.203.862547088ca-3.14.1 libnetapi0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libsamba-credentials0-4.10.17+git.203.862547088ca-3.14.1 libsamba-credentials0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libsamba-errors0-4.10.17+git.203.862547088ca-3.14.1 libsamba-errors0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libsamba-hostconfig0-4.10.17+git.203.862547088ca-3.14.1 libsamba-hostconfig0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libsamba-passdb0-4.10.17+git.203.862547088ca-3.14.1 libsamba-passdb0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libsamba-util0-4.10.17+git.203.862547088ca-3.14.1 libsamba-util0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libsamdb0-4.10.17+git.203.862547088ca-3.14.1 libsamdb0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libsmbclient0-4.10.17+git.203.862547088ca-3.14.1 libsmbclient0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libsmbconf0-4.10.17+git.203.862547088ca-3.14.1 libsmbconf0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libsmbldap2-4.10.17+git.203.862547088ca-3.14.1 libsmbldap2-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libtevent-util0-4.10.17+git.203.862547088ca-3.14.1 libtevent-util0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 libwbclient0-4.10.17+git.203.862547088ca-3.14.1 libwbclient0-debuginfo-4.10.17+git.203.862547088ca-3.14.1 samba-4.10.17+git.203.862547088ca-3.14.1 samba-client-4.10.17+git.203.862547088ca-3.14.1 samba-client-debuginfo-4.10.17+git.203.862547088ca-3.14.1 samba-debuginfo-4.10.17+git.203.862547088ca-3.14.1 samba-debugsource-4.10.17+git.203.862547088ca-3.14.1 samba-libs-4.10.17+git.203.862547088ca-3.14.1 samba-libs-debuginfo-4.10.17+git.203.862547088ca-3.14.1 samba-libs-python3-4.10.17+git.203.862547088ca-3.14.1 samba-libs-python3-debuginfo-4.10.17+git.203.862547088ca-3.14.1 samba-winbind-4.10.17+git.203.862547088ca-3.14.1 samba-winbind-debuginfo-4.10.17+git.203.862547088ca-3.14.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdcerpc-binding0-32bit-4.10.17+git.203.862547088ca-3.14.1 libdcerpc-binding0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libdcerpc0-32bit-4.10.17+git.203.862547088ca-3.14.1 libdcerpc0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libldb1-32bit-1.5.8-3.5.1 libldb1-debuginfo-32bit-1.5.8-3.5.1 libndr-krb5pac0-32bit-4.10.17+git.203.862547088ca-3.14.1 libndr-krb5pac0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libndr-nbt0-32bit-4.10.17+git.203.862547088ca-3.14.1 libndr-nbt0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libndr-standard0-32bit-4.10.17+git.203.862547088ca-3.14.1 libndr-standard0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libndr0-32bit-4.10.17+git.203.862547088ca-3.14.1 libndr0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libnetapi0-32bit-4.10.17+git.203.862547088ca-3.14.1 libnetapi0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamba-credentials0-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamba-credentials0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamba-errors0-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamba-errors0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamba-hostconfig0-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamba-hostconfig0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamba-passdb0-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamba-passdb0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamba-util0-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamba-util0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamdb0-32bit-4.10.17+git.203.862547088ca-3.14.1 libsamdb0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libsmbclient0-32bit-4.10.17+git.203.862547088ca-3.14.1 libsmbclient0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libsmbconf0-32bit-4.10.17+git.203.862547088ca-3.14.1 libsmbconf0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libsmbldap2-32bit-4.10.17+git.203.862547088ca-3.14.1 libsmbldap2-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libtevent-util0-32bit-4.10.17+git.203.862547088ca-3.14.1 libtevent-util0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 libwbclient0-32bit-4.10.17+git.203.862547088ca-3.14.1 libwbclient0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 samba-client-32bit-4.10.17+git.203.862547088ca-3.14.1 samba-client-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 samba-libs-32bit-4.10.17+git.203.862547088ca-3.14.1 samba-libs-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 samba-libs-python3-32bit-4.10.17+git.203.862547088ca-3.14.1 samba-libs-python3-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 samba-winbind-32bit-4.10.17+git.203.862547088ca-3.14.1 samba-winbind-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.10.17+git.203.862547088ca-3.14.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.10.17+git.203.862547088ca-3.14.1 ctdb-debuginfo-4.10.17+git.203.862547088ca-3.14.1 samba-debuginfo-4.10.17+git.203.862547088ca-3.14.1 samba-debugsource-4.10.17+git.203.862547088ca-3.14.1 References: https://www.suse.com/security/cve/CVE-2019-10197.html https://www.suse.com/security/cve/CVE-2019-10218.html https://www.suse.com/security/cve/CVE-2019-14833.html https://www.suse.com/security/cve/CVE-2019-14847.html https://www.suse.com/security/cve/CVE-2019-14861.html https://www.suse.com/security/cve/CVE-2019-14870.html https://www.suse.com/security/cve/CVE-2019-14902.html https://www.suse.com/security/cve/CVE-2019-14907.html https://www.suse.com/security/cve/CVE-2019-19344.html https://www.suse.com/security/cve/CVE-2020-10700.html https://www.suse.com/security/cve/CVE-2020-10704.html https://www.suse.com/security/cve/CVE-2020-10730.html https://www.suse.com/security/cve/CVE-2020-10745.html https://www.suse.com/security/cve/CVE-2020-10760.html https://www.suse.com/security/cve/CVE-2020-14303.html https://bugzilla.suse.com/1141267 https://bugzilla.suse.com/1144902 https://bugzilla.suse.com/1154289 https://bugzilla.suse.com/1154598 https://bugzilla.suse.com/1158108 https://bugzilla.suse.com/1158109 https://bugzilla.suse.com/1160850 https://bugzilla.suse.com/1160852 https://bugzilla.suse.com/1160888 https://bugzilla.suse.com/1169850 https://bugzilla.suse.com/1169851 https://bugzilla.suse.com/1173159 https://bugzilla.suse.com/1173160 https://bugzilla.suse.com/1173359 https://bugzilla.suse.com/1174120 From sle-updates at lists.suse.com Thu Sep 17 19:14:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2020 03:14:32 +0200 (CEST) Subject: SUSE-RU-2020:2676-1: moderate: Recommended update for star Message-ID: <20200918011432.1CCA4FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for star ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2676-1 Rating: moderate References: #1170726 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for star fixes the following issues: - Support backreferences for spax. (bsc#1170726) The subst command for pax now supports the \1, \2, ... escapes for \(...\) selections in the from pattern, like it is used by sed(1). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2676=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2676=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2676=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2676=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): star-debuginfo-1.5.3-3.3.1 star-debugsource-1.5.3-3.3.1 star-rmt-1.5.3-3.3.1 star-rmt-debuginfo-1.5.3-3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): star-debuginfo-1.5.3-3.3.1 star-debugsource-1.5.3-3.3.1 star-rmt-1.5.3-3.3.1 star-rmt-debuginfo-1.5.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): spax-1.5.3-3.3.1 spax-debuginfo-1.5.3-3.3.1 star-1.5.3-3.3.1 star-debuginfo-1.5.3-3.3.1 star-debugsource-1.5.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): spax-1.5.3-3.3.1 spax-debuginfo-1.5.3-3.3.1 star-1.5.3-3.3.1 star-debuginfo-1.5.3-3.3.1 star-debugsource-1.5.3-3.3.1 References: https://bugzilla.suse.com/1170726 From sle-updates at lists.suse.com Thu Sep 17 19:15:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2020 03:15:26 +0200 (CEST) Subject: SUSE-RU-2020:2675-1: moderate: Recommended update for sbd Message-ID: <20200918011526.14B41FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2675-1 Rating: moderate References: #1108393 #1140065 #1143064 #1148236 #1150429 #1174915 #963674 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - Add a warning log if failed to open/read device on startup. (bsc#1150429) - agent: log detailed errors for monitor failures (bsc#1148236) - Query if 'rt-budget > 0' otherwise try moving to 'root-slice'. (bsc#1143064) - Rebase fix for SBD cluster in case of exiting disconnected 'cmap'. (bsc#1140065) - sbd-inquisitor: refuse to start if any of the configured device names is invalid. (bsc#1174915) - systemd: make pacemaker wait for sbd-start to complete. (bsc#1108393) - Fix node name parameter in manpage. (bsc#963674) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2675=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): sbd-1.4.1+20200807.883c2f8-3.11.2 sbd-debuginfo-1.4.1+20200807.883c2f8-3.11.2 sbd-debugsource-1.4.1+20200807.883c2f8-3.11.2 References: https://bugzilla.suse.com/1108393 https://bugzilla.suse.com/1140065 https://bugzilla.suse.com/1143064 https://bugzilla.suse.com/1148236 https://bugzilla.suse.com/1150429 https://bugzilla.suse.com/1174915 https://bugzilla.suse.com/963674 From sle-updates at lists.suse.com Thu Sep 17 19:16:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2020 03:16:58 +0200 (CEST) Subject: SUSE-RU-2020:2674-1: moderate: Recommended update for libvirt Message-ID: <20200918011658.2610EFCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2674-1 Rating: moderate References: #1175465 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libvirt fixes the following issue: - Handle kernel without device-mapper support. (bsc#1175465) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2674=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2674=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-13.12.1 libvirt-devel-5.1.0-13.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-5.1.0-13.12.1 libvirt-admin-5.1.0-13.12.1 libvirt-admin-debuginfo-5.1.0-13.12.1 libvirt-client-5.1.0-13.12.1 libvirt-client-debuginfo-5.1.0-13.12.1 libvirt-daemon-5.1.0-13.12.1 libvirt-daemon-config-network-5.1.0-13.12.1 libvirt-daemon-config-nwfilter-5.1.0-13.12.1 libvirt-daemon-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-interface-5.1.0-13.12.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-lxc-5.1.0-13.12.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-network-5.1.0-13.12.1 libvirt-daemon-driver-network-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-nodedev-5.1.0-13.12.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-nwfilter-5.1.0-13.12.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-qemu-5.1.0-13.12.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-secret-5.1.0-13.12.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-storage-5.1.0-13.12.1 libvirt-daemon-driver-storage-core-5.1.0-13.12.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-storage-disk-5.1.0-13.12.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-storage-iscsi-5.1.0-13.12.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-storage-logical-5.1.0-13.12.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-storage-mpath-5.1.0-13.12.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-13.12.1 libvirt-daemon-driver-storage-scsi-5.1.0-13.12.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-13.12.1 libvirt-daemon-hooks-5.1.0-13.12.1 libvirt-daemon-lxc-5.1.0-13.12.1 libvirt-daemon-qemu-5.1.0-13.12.1 libvirt-debugsource-5.1.0-13.12.1 libvirt-doc-5.1.0-13.12.1 libvirt-libs-5.1.0-13.12.1 libvirt-libs-debuginfo-5.1.0-13.12.1 libvirt-lock-sanlock-5.1.0-13.12.1 libvirt-lock-sanlock-debuginfo-5.1.0-13.12.1 libvirt-nss-5.1.0-13.12.1 libvirt-nss-debuginfo-5.1.0-13.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-5.1.0-13.12.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-13.12.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libvirt-daemon-driver-libxl-5.1.0-13.12.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-13.12.1 libvirt-daemon-xen-5.1.0-13.12.1 References: https://bugzilla.suse.com/1175465 From sle-updates at lists.suse.com Fri Sep 18 07:15:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2020 15:15:38 +0200 (CEST) Subject: SUSE-SU-2020:2678-1: moderate: Security update for rubygem-rack Message-ID: <20200918131538.68AC7FCEB@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rack ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2678-1 Rating: moderate References: #1159548 #1172037 #1173351 Cross-References: CVE-2019-16782 CVE-2020-8161 CVE-2020-8184 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for rubygem-rack to version 1.6.13 fixes the following issues: - CVE-2020-8184: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1173351). - CVE-2020-8161: Fixed a directory traversal (bsc#1172037). - CVE-2019-16782: Fixed an information leak / session hijack vulnerability (bsc#1159548). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2678=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2678=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2678=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-rack-1.6.13-3.8.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-rack-1.6.13-3.8.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-rack-1.6.13-3.8.1 References: https://www.suse.com/security/cve/CVE-2019-16782.html https://www.suse.com/security/cve/CVE-2020-8161.html https://www.suse.com/security/cve/CVE-2020-8184.html https://bugzilla.suse.com/1159548 https://bugzilla.suse.com/1172037 https://bugzilla.suse.com/1173351 From sle-updates at lists.suse.com Fri Sep 18 10:18:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2020 18:18:58 +0200 (CEST) Subject: SUSE-RU-2020:2684-1: important: Recommended update for grub2 Message-ID: <20200918161858.25605FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2684-1 Rating: important References: #1176134 #1176591 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Make efi hand off the default entry point of the linux command (bsc#1176134) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2684=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2684=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): grub2-x86_64-xen-2.04-9.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.04-9.22.1 grub2-debuginfo-2.04-9.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.04-9.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): grub2-arm64-efi-2.04-9.22.1 grub2-i386-pc-2.04-9.22.1 grub2-powerpc-ieee1275-2.04-9.22.1 grub2-snapper-plugin-2.04-9.22.1 grub2-systemd-sleep-plugin-2.04-9.22.1 grub2-x86_64-efi-2.04-9.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): grub2-s390x-emu-2.04-9.22.1 References: https://bugzilla.suse.com/1176134 https://bugzilla.suse.com/1176591 From sle-updates at lists.suse.com Fri Sep 18 10:19:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2020 18:19:54 +0200 (CEST) Subject: SUSE-RU-2020:2680-1: moderate: Recommended update for crmsh Message-ID: <20200918161954.87E86FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2680-1 Rating: moderate References: #1176178 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fixes an issue when parallax shows an error by joining a node. (bsc#1176178) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2680=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.1.0+git.1599639106.b8652332-3.39.1 crmsh-scripts-4.1.0+git.1599639106.b8652332-3.39.1 References: https://bugzilla.suse.com/1176178 From sle-updates at lists.suse.com Fri Sep 18 10:34:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2020 18:34:34 +0200 (CEST) Subject: SUSE-SU-2020:2650-1: important: Security update for SUSE Manager Server 4.0 Message-ID: <20200918163434.CB00CFCE2@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2650-1 Rating: important References: #1136857 #1165829 #1167907 #1169664 #1170244 #1171281 #1172079 #1172279 #1172504 #1172831 #1173073 #1173535 #1173554 #1173566 #1173584 #1173982 #1173997 #1174201 #1174254 #1174470 #1175224 #1175529 #1175555 #1175556 #1175558 #1175724 #1175791 #1175884 #1175889 Cross-References: CVE-2019-14900 CVE-2020-11022 CVE-2020-8028 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has 26 fixes is now available. Description: This update fixes the following issues: hibernate5: - Address CVE-2019-14900 (bsc#1172079) image-sync-formula: - Allow image-sync state on regular minion. Image sync state requires branch-network pillars to get the directory where to sync images. Use default `/srv/saltboot` if that pillar is missing so image-sync can be applied on non branch minions as well. openvpn-formula: - Add hint that ssl certs must be on system (bsc#1172279) prometheus-exporters-formula: - Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555) - Add support for exporters proxy (exporter_exporter) - Update the apache exporter config file for Debian salt-netapi-client: - Refresh authentication module list to newer Salt versions saltboot-formula: - Better fix for rounding errors (bsc#1136857) spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Python3 fix for sorted usage (bsc#1167907) - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) - Fix escaping of package names (bsc#1171281) spacewalk-admin: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-certs-tools: - Add option --nostricthostkeychecking to spacewalk-ssh-push-init - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535) spacewalk-java: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) - Fix EntityExistsException on migration from traditional to salt minion via proxy (bsc#1175556) - Use media.1/products from media when not specified different (bsc#1175558) - Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529) - Fix alignment on icon on entitlement page - Reset the server path on minion registration (bsc#1174254) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Fix error when rolling back a system to a snapshot (bsc#1173997) - Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566) - Provide comps.xml and modules.yaml when using onlinerepo for kickstart - Set CPU and memory info for virtual instances (bsc#1170244) - Change system list header text to something better (bsc#1173982) spacewalk-setup: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-utils: - Avoid exceptions on the logs when looking for channels that do not exist (bsc#1175529) spacewalk-web: - Fix login page after jQuery upgrade (bsc#1175224) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Warn when a system is in multiple groups that configure the same formula in the system formula's UI (bsc#1173554) susemanager: - Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470) susemanager-frontend-libs: - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831) susemanager-schema: - Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073) susemanager-sls: - Fix the dnf plugin to add the token to the HTTP header (bsc#1175724) - Fix reporting of missing products in product.all_installed (bsc#1165829) - Require PyYAML version >= 5.1 - Get redhat-release only when it is not a symlink - Fix: supply a dnf base when dealing w/repos (bsc#1172504) - Fix: autorefresh in repos is zypper-only susemanager-sync-data: - Remove version from centos and oracle linux identifier (bsc#1173584) virtualization-host-formula: - Update to version 0.5 - Ensure kernel-default and libvirt-python3 are installed - Set bridge network as default - Fix conditionals (bsc#1175791) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2650=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): openvpn-formula-0.1.1-4.6.2 susemanager-4.0.28-3.36.3 susemanager-tools-4.0.28-3.36.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch): hibernate5-5.3.7-4.3.2 image-sync-formula-0.1.1595937550.0285244-3.20.2 prometheus-exporters-formula-0.7.1-3.10.2 python3-spacewalk-certs-tools-4.0.17-3.21.3 salt-netapi-client-0.17.0-4.6.3 saltboot-formula-0.1.1595937550.0285244-3.19.2 spacecmd-4.0.20-3.19.2 spacewalk-admin-4.0.11-3.12.1 spacewalk-base-4.0.23-3.30.3 spacewalk-base-minimal-4.0.23-3.30.3 spacewalk-base-minimal-config-4.0.23-3.30.3 spacewalk-certs-tools-4.0.17-3.21.3 spacewalk-html-4.0.23-3.30.3 spacewalk-java-4.0.37-3.39.1 spacewalk-java-config-4.0.37-3.39.1 spacewalk-java-lib-4.0.37-3.39.1 spacewalk-java-postgresql-4.0.37-3.39.1 spacewalk-setup-4.0.14-3.14.1 spacewalk-taskomatic-4.0.37-3.39.1 spacewalk-utils-4.0.18-3.21.3 susemanager-frontend-libs-4.0.2-4.3.2 susemanager-schema-4.0.22-3.29.2 susemanager-sls-4.0.29-3.31.3 susemanager-sync-data-4.0.18-3.24.2 susemanager-web-libs-4.0.23-3.30.3 virtualization-host-formula-0.5-4.12.3 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch): python3-spacewalk-certs-tools-4.0.17-3.21.3 spacecmd-4.0.20-3.19.2 spacewalk-base-minimal-4.0.23-3.30.3 spacewalk-base-minimal-config-4.0.23-3.30.3 spacewalk-certs-tools-4.0.17-3.21.3 spacewalk-proxy-broker-4.0.14-3.10.3 spacewalk-proxy-common-4.0.14-3.10.3 spacewalk-proxy-management-4.0.14-3.10.3 spacewalk-proxy-package-manager-4.0.14-3.10.3 spacewalk-proxy-redirect-4.0.14-3.10.3 spacewalk-proxy-salt-4.0.14-3.10.3 References: https://www.suse.com/security/cve/CVE-2019-14900.html https://www.suse.com/security/cve/CVE-2020-11022.html https://www.suse.com/security/cve/CVE-2020-8028.html https://bugzilla.suse.com/1136857 https://bugzilla.suse.com/1165829 https://bugzilla.suse.com/1167907 https://bugzilla.suse.com/1169664 https://bugzilla.suse.com/1170244 https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1172079 https://bugzilla.suse.com/1172279 https://bugzilla.suse.com/1172504 https://bugzilla.suse.com/1172831 https://bugzilla.suse.com/1173073 https://bugzilla.suse.com/1173535 https://bugzilla.suse.com/1173554 https://bugzilla.suse.com/1173566 https://bugzilla.suse.com/1173584 https://bugzilla.suse.com/1173982 https://bugzilla.suse.com/1173997 https://bugzilla.suse.com/1174201 https://bugzilla.suse.com/1174254 https://bugzilla.suse.com/1174470 https://bugzilla.suse.com/1175224 https://bugzilla.suse.com/1175529 https://bugzilla.suse.com/1175555 https://bugzilla.suse.com/1175556 https://bugzilla.suse.com/1175558 https://bugzilla.suse.com/1175724 https://bugzilla.suse.com/1175791 https://bugzilla.suse.com/1175884 https://bugzilla.suse.com/1175889 From sle-updates at lists.suse.com Fri Sep 18 10:40:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2020 18:40:32 +0200 (CEST) Subject: SUSE-RU-2020:2682-1: moderate: Recommended update for star Message-ID: <20200918164032.EED5FFCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for star ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2682-1 Rating: moderate References: #1170726 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for star fixes the following issue: - Support backreferences for spax. (bsc#1170726) The subst command for pax now supports the \1, \2, ... escapes for \(...\) selections in the from pattern, like it is used by sed(1). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2682=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): star-1.5final-72.3.1 star-debuginfo-1.5final-72.3.1 star-debugsource-1.5final-72.3.1 References: https://bugzilla.suse.com/1170726 From sle-updates at lists.suse.com Fri Sep 18 10:43:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2020 18:43:53 +0200 (CEST) Subject: SUSE-RU-2020:2683-1: moderate: Recommended update for u-boot Message-ID: <20200918164353.AD424FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2683-1 Rating: moderate References: #1175902 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for u-boot fixes the following issue: - Fix network synchronization issue between send and receive buffer. (bsc#1175902) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2683=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): u-boot-tools-2020.01-10.6.1 u-boot-tools-debuginfo-2020.01-10.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64): u-boot-rpiarm64-2020.01-10.6.1 u-boot-rpiarm64-doc-2020.01-10.6.1 References: https://bugzilla.suse.com/1175902 From sle-updates at lists.suse.com Fri Sep 18 10:47:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2020 18:47:04 +0200 (CEST) Subject: SUSE-RU-2020:2681-1: important: Recommended update for libvirt Message-ID: <20200918164704.791DFFCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2681-1 Rating: important References: #1137137 #1145586 #1175361 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libvirt fixes the following issues: - qemu: solve issues during soft reboot of instances. (bsc#1175361) - virsh: use upstream name for migration precopy bandwidth parameter. (bsc#1145586) - virsh: support for setting precopy bandwidth in migrate. (bsc#1145586) - logging: ensure virtlogd rollover takes priority over logrotate. (bsc#1137137) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2681=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2681=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2681=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2681=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2681=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2681=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2681=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libvirt-3.3.0-5.43.1 libvirt-admin-3.3.0-5.43.1 libvirt-admin-debuginfo-3.3.0-5.43.1 libvirt-client-3.3.0-5.43.1 libvirt-client-debuginfo-3.3.0-5.43.1 libvirt-daemon-3.3.0-5.43.1 libvirt-daemon-config-network-3.3.0-5.43.1 libvirt-daemon-config-nwfilter-3.3.0-5.43.1 libvirt-daemon-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-interface-3.3.0-5.43.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-libxl-3.3.0-5.43.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-lxc-3.3.0-5.43.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-network-3.3.0-5.43.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-qemu-3.3.0-5.43.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-secret-3.3.0-5.43.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-hooks-3.3.0-5.43.1 libvirt-daemon-lxc-3.3.0-5.43.1 libvirt-daemon-qemu-3.3.0-5.43.1 libvirt-daemon-xen-3.3.0-5.43.1 libvirt-debugsource-3.3.0-5.43.1 libvirt-doc-3.3.0-5.43.1 libvirt-libs-3.3.0-5.43.1 libvirt-libs-debuginfo-3.3.0-5.43.1 libvirt-lock-sanlock-3.3.0-5.43.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.43.1 libvirt-nss-3.3.0-5.43.1 libvirt-nss-debuginfo-3.3.0-5.43.1 - SUSE OpenStack Cloud 8 (x86_64): libvirt-3.3.0-5.43.1 libvirt-admin-3.3.0-5.43.1 libvirt-admin-debuginfo-3.3.0-5.43.1 libvirt-client-3.3.0-5.43.1 libvirt-client-debuginfo-3.3.0-5.43.1 libvirt-daemon-3.3.0-5.43.1 libvirt-daemon-config-network-3.3.0-5.43.1 libvirt-daemon-config-nwfilter-3.3.0-5.43.1 libvirt-daemon-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-interface-3.3.0-5.43.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-libxl-3.3.0-5.43.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-lxc-3.3.0-5.43.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-network-3.3.0-5.43.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-qemu-3.3.0-5.43.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-secret-3.3.0-5.43.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-hooks-3.3.0-5.43.1 libvirt-daemon-lxc-3.3.0-5.43.1 libvirt-daemon-qemu-3.3.0-5.43.1 libvirt-daemon-xen-3.3.0-5.43.1 libvirt-debugsource-3.3.0-5.43.1 libvirt-doc-3.3.0-5.43.1 libvirt-libs-3.3.0-5.43.1 libvirt-libs-debuginfo-3.3.0-5.43.1 libvirt-lock-sanlock-3.3.0-5.43.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.43.1 libvirt-nss-3.3.0-5.43.1 libvirt-nss-debuginfo-3.3.0-5.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libvirt-3.3.0-5.43.1 libvirt-admin-3.3.0-5.43.1 libvirt-admin-debuginfo-3.3.0-5.43.1 libvirt-client-3.3.0-5.43.1 libvirt-client-debuginfo-3.3.0-5.43.1 libvirt-daemon-3.3.0-5.43.1 libvirt-daemon-config-network-3.3.0-5.43.1 libvirt-daemon-config-nwfilter-3.3.0-5.43.1 libvirt-daemon-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-interface-3.3.0-5.43.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-lxc-3.3.0-5.43.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-network-3.3.0-5.43.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-qemu-3.3.0-5.43.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-secret-3.3.0-5.43.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-hooks-3.3.0-5.43.1 libvirt-daemon-lxc-3.3.0-5.43.1 libvirt-daemon-qemu-3.3.0-5.43.1 libvirt-debugsource-3.3.0-5.43.1 libvirt-doc-3.3.0-5.43.1 libvirt-libs-3.3.0-5.43.1 libvirt-libs-debuginfo-3.3.0-5.43.1 libvirt-lock-sanlock-3.3.0-5.43.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.43.1 libvirt-nss-3.3.0-5.43.1 libvirt-nss-debuginfo-3.3.0-5.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.43.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.43.1 libvirt-daemon-xen-3.3.0-5.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libvirt-3.3.0-5.43.1 libvirt-admin-3.3.0-5.43.1 libvirt-admin-debuginfo-3.3.0-5.43.1 libvirt-client-3.3.0-5.43.1 libvirt-client-debuginfo-3.3.0-5.43.1 libvirt-daemon-3.3.0-5.43.1 libvirt-daemon-config-network-3.3.0-5.43.1 libvirt-daemon-config-nwfilter-3.3.0-5.43.1 libvirt-daemon-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-interface-3.3.0-5.43.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-lxc-3.3.0-5.43.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-network-3.3.0-5.43.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-qemu-3.3.0-5.43.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-secret-3.3.0-5.43.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-hooks-3.3.0-5.43.1 libvirt-daemon-lxc-3.3.0-5.43.1 libvirt-daemon-qemu-3.3.0-5.43.1 libvirt-debugsource-3.3.0-5.43.1 libvirt-doc-3.3.0-5.43.1 libvirt-libs-3.3.0-5.43.1 libvirt-libs-debuginfo-3.3.0-5.43.1 libvirt-lock-sanlock-3.3.0-5.43.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.43.1 libvirt-nss-3.3.0-5.43.1 libvirt-nss-debuginfo-3.3.0-5.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.43.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.43.1 libvirt-daemon-xen-3.3.0-5.43.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libvirt-3.3.0-5.43.1 libvirt-admin-3.3.0-5.43.1 libvirt-admin-debuginfo-3.3.0-5.43.1 libvirt-client-3.3.0-5.43.1 libvirt-client-debuginfo-3.3.0-5.43.1 libvirt-daemon-3.3.0-5.43.1 libvirt-daemon-config-network-3.3.0-5.43.1 libvirt-daemon-config-nwfilter-3.3.0-5.43.1 libvirt-daemon-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-interface-3.3.0-5.43.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-libxl-3.3.0-5.43.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-lxc-3.3.0-5.43.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-network-3.3.0-5.43.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-qemu-3.3.0-5.43.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-secret-3.3.0-5.43.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-hooks-3.3.0-5.43.1 libvirt-daemon-lxc-3.3.0-5.43.1 libvirt-daemon-qemu-3.3.0-5.43.1 libvirt-daemon-xen-3.3.0-5.43.1 libvirt-debugsource-3.3.0-5.43.1 libvirt-doc-3.3.0-5.43.1 libvirt-libs-3.3.0-5.43.1 libvirt-libs-debuginfo-3.3.0-5.43.1 libvirt-lock-sanlock-3.3.0-5.43.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.43.1 libvirt-nss-3.3.0-5.43.1 libvirt-nss-debuginfo-3.3.0-5.43.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libvirt-3.3.0-5.43.1 libvirt-admin-3.3.0-5.43.1 libvirt-admin-debuginfo-3.3.0-5.43.1 libvirt-client-3.3.0-5.43.1 libvirt-client-debuginfo-3.3.0-5.43.1 libvirt-daemon-3.3.0-5.43.1 libvirt-daemon-config-network-3.3.0-5.43.1 libvirt-daemon-config-nwfilter-3.3.0-5.43.1 libvirt-daemon-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-interface-3.3.0-5.43.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-lxc-3.3.0-5.43.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-network-3.3.0-5.43.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-qemu-3.3.0-5.43.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-secret-3.3.0-5.43.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-hooks-3.3.0-5.43.1 libvirt-daemon-lxc-3.3.0-5.43.1 libvirt-daemon-qemu-3.3.0-5.43.1 libvirt-debugsource-3.3.0-5.43.1 libvirt-doc-3.3.0-5.43.1 libvirt-libs-3.3.0-5.43.1 libvirt-libs-debuginfo-3.3.0-5.43.1 libvirt-lock-sanlock-3.3.0-5.43.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.43.1 libvirt-nss-3.3.0-5.43.1 libvirt-nss-debuginfo-3.3.0-5.43.1 - SUSE Enterprise Storage 5 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.43.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.43.1 libvirt-daemon-xen-3.3.0-5.43.1 - HPE Helion Openstack 8 (x86_64): libvirt-3.3.0-5.43.1 libvirt-admin-3.3.0-5.43.1 libvirt-admin-debuginfo-3.3.0-5.43.1 libvirt-client-3.3.0-5.43.1 libvirt-client-debuginfo-3.3.0-5.43.1 libvirt-daemon-3.3.0-5.43.1 libvirt-daemon-config-network-3.3.0-5.43.1 libvirt-daemon-config-nwfilter-3.3.0-5.43.1 libvirt-daemon-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-interface-3.3.0-5.43.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-libxl-3.3.0-5.43.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-lxc-3.3.0-5.43.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-network-3.3.0-5.43.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-3.3.0-5.43.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-3.3.0-5.43.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-qemu-3.3.0-5.43.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-secret-3.3.0-5.43.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-3.3.0-5.43.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-3.3.0-5.43.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-3.3.0-5.43.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.43.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.43.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.43.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.43.1 libvirt-daemon-hooks-3.3.0-5.43.1 libvirt-daemon-lxc-3.3.0-5.43.1 libvirt-daemon-qemu-3.3.0-5.43.1 libvirt-daemon-xen-3.3.0-5.43.1 libvirt-debugsource-3.3.0-5.43.1 libvirt-doc-3.3.0-5.43.1 libvirt-libs-3.3.0-5.43.1 libvirt-libs-debuginfo-3.3.0-5.43.1 libvirt-lock-sanlock-3.3.0-5.43.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.43.1 libvirt-nss-3.3.0-5.43.1 libvirt-nss-debuginfo-3.3.0-5.43.1 References: https://bugzilla.suse.com/1137137 https://bugzilla.suse.com/1145586 https://bugzilla.suse.com/1175361 From sle-updates at lists.suse.com Fri Sep 18 13:14:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 18 Sep 2020 21:14:16 +0200 (CEST) Subject: SUSE-RU-2020:2685-1: moderate: Recommended update for sapwmp Message-ID: <20200918191416.E03B9FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapwmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2685-1 Rating: moderate References: #1174002 #1175458 #1176264 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sapwmp fixes the following issues: sapwmp was updated to version 0.1+git.1599582034.723ec7d: * RPM: Update documentation URL * supportconfig: Adjust for generic slice name * RPM: Migrate configuration from sap.slice to SAP.slice * All: Rename sap.slice to SAP.slice * RPM: Don't treat sap.slice as service (bsc#1176264) * calibration: Row oriented format * RPM: Require kernel fix for bsc#1174002 * calibration: Randomize time of sampling * cgroups: sap.slice has MemoryAccounting=yes (bsc#1175458) * supportconfig: Graceful handling of gone PIDs * Calibration: Make sure memory controller is enabled * RPM: Add better explanation of missing sapsys group Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2020-2685=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): sapwmp-0.1+git.1599582034.723ec7d-3.3.1 sapwmp-debuginfo-0.1+git.1599582034.723ec7d-3.3.1 sapwmp-debugsource-0.1+git.1599582034.723ec7d-3.3.1 References: https://bugzilla.suse.com/1174002 https://bugzilla.suse.com/1175458 https://bugzilla.suse.com/1176264 From sle-updates at lists.suse.com Mon Sep 21 07:14:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 15:14:52 +0200 (CEST) Subject: SUSE-SU-2020:2690-1: Security update for jasper Message-ID: <20200921131452.94BA5FCEB@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2690-1 Rating: low References: #1010786 #1010979 #1010980 #1011829 #1020451 #1020456 #1020458 #1020460 #1045450 #1057152 #1088278 #1092115 #1114498 #1115637 #1117328 #1120805 #1120807 Cross-References: CVE-2016-9397 CVE-2016-9398 CVE-2016-9399 CVE-2016-9557 CVE-2017-14132 CVE-2017-5499 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 CVE-2017-9782 CVE-2018-18873 CVE-2018-19139 CVE-2018-19543 CVE-2018-20570 CVE-2018-20622 CVE-2018-9154 CVE-2018-9252 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979). - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980). - CVE-2016-9397: Fix assert in jpc_dequantize (bsc#1010786). - CVE-2016-9557: Fix signed integer overflow (bsc#1011829). - CVE-2017-5499: Validate component depth bit (bsc#1020451). - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456). - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458). - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460). - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152). - CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115). - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278). - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498). - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637). - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328). - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807). - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2690=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2690=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.22.1 jasper-debugsource-1.900.14-195.22.1 libjasper-devel-1.900.14-195.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.22.1 jasper-debugsource-1.900.14-195.22.1 libjasper1-1.900.14-195.22.1 libjasper1-debuginfo-1.900.14-195.22.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libjasper1-32bit-1.900.14-195.22.1 libjasper1-debuginfo-32bit-1.900.14-195.22.1 References: https://www.suse.com/security/cve/CVE-2016-9397.html https://www.suse.com/security/cve/CVE-2016-9398.html https://www.suse.com/security/cve/CVE-2016-9399.html https://www.suse.com/security/cve/CVE-2016-9557.html https://www.suse.com/security/cve/CVE-2017-14132.html https://www.suse.com/security/cve/CVE-2017-5499.html https://www.suse.com/security/cve/CVE-2017-5503.html https://www.suse.com/security/cve/CVE-2017-5504.html https://www.suse.com/security/cve/CVE-2017-5505.html https://www.suse.com/security/cve/CVE-2017-9782.html https://www.suse.com/security/cve/CVE-2018-18873.html https://www.suse.com/security/cve/CVE-2018-19139.html https://www.suse.com/security/cve/CVE-2018-19543.html https://www.suse.com/security/cve/CVE-2018-20570.html https://www.suse.com/security/cve/CVE-2018-20622.html https://www.suse.com/security/cve/CVE-2018-9154.html https://www.suse.com/security/cve/CVE-2018-9252.html https://bugzilla.suse.com/1010786 https://bugzilla.suse.com/1010979 https://bugzilla.suse.com/1010980 https://bugzilla.suse.com/1011829 https://bugzilla.suse.com/1020451 https://bugzilla.suse.com/1020456 https://bugzilla.suse.com/1020458 https://bugzilla.suse.com/1020460 https://bugzilla.suse.com/1045450 https://bugzilla.suse.com/1057152 https://bugzilla.suse.com/1088278 https://bugzilla.suse.com/1092115 https://bugzilla.suse.com/1114498 https://bugzilla.suse.com/1115637 https://bugzilla.suse.com/1117328 https://bugzilla.suse.com/1120805 https://bugzilla.suse.com/1120807 From sle-updates at lists.suse.com Mon Sep 21 07:17:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 15:17:38 +0200 (CEST) Subject: SUSE-SU-2020:2691-1: moderate: Security update for ovmf Message-ID: <20200921131738.1B5D4FCEB@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2691-1 Rating: moderate References: #1119454 #1175476 Cross-References: CVE-2019-14562 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - Support more SCSI drivers (PvScsi, MptScsi and LsiScsi). (bsc#1119454) - Enable LsiScsi explicitly since it's disabled by default Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2691=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 x86_64): ovmf-201911-7.5.2 ovmf-tools-201911-7.5.2 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): qemu-ovmf-x86_64-201911-7.5.2 qemu-uefi-aarch64-201911-7.5.2 References: https://www.suse.com/security/cve/CVE-2019-14562.html https://bugzilla.suse.com/1119454 https://bugzilla.suse.com/1175476 From sle-updates at lists.suse.com Mon Sep 21 07:18:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 15:18:36 +0200 (CEST) Subject: SUSE-SU-2020:2687-1: moderate: Security update for less Message-ID: <20200921131836.B1C95FCEB@maintenance.suse.de> SUSE Security Update: Security update for less ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2687-1 Rating: moderate References: #921719 Cross-References: CVE-2014-9488 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for less fixes the following issues: Security issue fixed: - CVE-2014-9488: Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access (bsc#921719). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2687=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): less-458-7.3.3 less-debuginfo-458-7.3.3 less-debugsource-458-7.3.3 References: https://www.suse.com/security/cve/CVE-2014-9488.html https://bugzilla.suse.com/921719 From sle-updates at lists.suse.com Mon Sep 21 07:19:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 15:19:31 +0200 (CEST) Subject: SUSE-SU-2020:2686-1: important: Security update for rubygem-actionview-4_2 Message-ID: <20200921131931.2AEA7FCEB@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionview-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2686-1 Rating: important References: #1176421 Cross-References: CVE-2020-15169 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionview-4_2 fixes the following issues: - CVE-2020-15169: Fix cross-site scripting in translation helpers (bsc#1176421) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2686=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2686=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2686=1 - SUSE OpenStack Cloud 6-LTSS: zypper in -t patch SUSE-OpenStack-Cloud-6-LTSS-2020-2686=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.12.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.12.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.12.1 - SUSE OpenStack Cloud 6-LTSS (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.12.1 References: https://www.suse.com/security/cve/CVE-2020-15169.html https://bugzilla.suse.com/1176421 From sle-updates at lists.suse.com Mon Sep 21 07:20:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 15:20:26 +0200 (CEST) Subject: SUSE-RU-2020:2692-1: moderate: Recommended update for crmsh Message-ID: <20200921132026.20B5BFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2692-1 Rating: moderate References: #1176178 ECO-1745 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for crmsh fixes the following issues: - Fixes an issue when parallax shows an error by joining a node. (bsc#1176178) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2692=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.2.0+git.1599702667.157fc6b5-5.15.1 crmsh-scripts-4.2.0+git.1599702667.157fc6b5-5.15.1 References: https://bugzilla.suse.com/1176178 From sle-updates at lists.suse.com Mon Sep 21 07:22:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 15:22:19 +0200 (CEST) Subject: SUSE-SU-2020:2689-1: moderate: Security update for jasper Message-ID: <20200921132219.C6B58FCEB@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2689-1 Rating: moderate References: #1010979 #1010980 #1020451 #1020456 #1020458 #1020460 #1045450 #1057152 #1088278 #1114498 #1115637 #1117328 #1120805 #1120807 Cross-References: CVE-2016-9398 CVE-2016-9399 CVE-2017-14132 CVE-2017-5499 CVE-2017-5503 CVE-2017-5504 CVE-2017-5505 CVE-2017-9782 CVE-2018-18873 CVE-2018-19139 CVE-2018-19543 CVE-2018-20570 CVE-2018-20622 CVE-2018-9252 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue (bsc#1010979). - CVE-2016-9399: Fix assert in calcstepsizes (bsc#1010980). - CVE-2017-5499: Validate component depth bit (bsc#1020451). - CVE-2017-5503: Check bounds in jas_seq2d_bindsub() (bsc#1020456). - CVE-2017-5504: Check bounds in jas_seq2d_bindsub() (bsc#1020458). - CVE-2017-5505: Check bounds in jas_seq2d_bindsub() (bsc#1020460). - CVE-2017-14132: Fix heap base overflow in by checking components (bsc#1057152). - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize (bsc#1088278). - CVE-2018-18873: Fix null pointer deref in ras_putdatastd (bsc#1114498). - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms (bsc#1115637). - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup (bsc#1117328). - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode (bsc#1120807). - CVE-2018-20622: Fix memory leak in jas_malloc.c (bsc#1120805). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2689=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2689=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2689=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2689=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2689=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-3.16.1 jasper-debuginfo-2.0.14-3.16.1 jasper-debugsource-2.0.14-3.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.16.1 jasper-debugsource-2.0.14-3.16.1 libjasper-devel-2.0.14-3.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.16.1 jasper-debugsource-2.0.14-3.16.1 libjasper-devel-2.0.14-3.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.16.1 jasper-debugsource-2.0.14-3.16.1 libjasper4-2.0.14-3.16.1 libjasper4-debuginfo-2.0.14-3.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.16.1 jasper-debugsource-2.0.14-3.16.1 libjasper4-2.0.14-3.16.1 libjasper4-debuginfo-2.0.14-3.16.1 References: https://www.suse.com/security/cve/CVE-2016-9398.html https://www.suse.com/security/cve/CVE-2016-9399.html https://www.suse.com/security/cve/CVE-2017-14132.html https://www.suse.com/security/cve/CVE-2017-5499.html https://www.suse.com/security/cve/CVE-2017-5503.html https://www.suse.com/security/cve/CVE-2017-5504.html https://www.suse.com/security/cve/CVE-2017-5505.html https://www.suse.com/security/cve/CVE-2017-9782.html https://www.suse.com/security/cve/CVE-2018-18873.html https://www.suse.com/security/cve/CVE-2018-19139.html https://www.suse.com/security/cve/CVE-2018-19543.html https://www.suse.com/security/cve/CVE-2018-20570.html https://www.suse.com/security/cve/CVE-2018-20622.html https://www.suse.com/security/cve/CVE-2018-9252.html https://bugzilla.suse.com/1010979 https://bugzilla.suse.com/1010980 https://bugzilla.suse.com/1020451 https://bugzilla.suse.com/1020456 https://bugzilla.suse.com/1020458 https://bugzilla.suse.com/1020460 https://bugzilla.suse.com/1045450 https://bugzilla.suse.com/1057152 https://bugzilla.suse.com/1088278 https://bugzilla.suse.com/1114498 https://bugzilla.suse.com/1115637 https://bugzilla.suse.com/1117328 https://bugzilla.suse.com/1120805 https://bugzilla.suse.com/1120807 From sle-updates at lists.suse.com Mon Sep 21 10:15:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 18:15:11 +0200 (CEST) Subject: SUSE-RU-2020:2694-1: moderate: Recommended update for python-kiwi Message-ID: <20200921161511.F184CFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2694-1 Rating: moderate References: #1174009 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issue: - Skip filesystem check for XFS prior xfs_grow. (bsc#1174009) Running xfs_repair check isn't strictly necessary before resizing, and in some cases it may even prevent resizing by giving an error that would be cleared through mounting the fs (e.g. when the fs wasn't cleanly unmounted, and thus letting xfs recover and replay its journal). Given that xfs can only grow online (while being mounted), this is sufficient to ensure that the fs is in a state where it can be resized. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-2694=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2694=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (x86_64): kiwi-pxeboot-9.20.5-3.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.20.5-3.22.1 dracut-kiwi-live-9.20.5-3.22.1 dracut-kiwi-oem-dump-9.20.5-3.22.1 dracut-kiwi-oem-repart-9.20.5-3.22.1 dracut-kiwi-overlay-9.20.5-3.22.1 kiwi-man-pages-9.20.5-3.22.1 kiwi-tools-9.20.5-3.22.1 kiwi-tools-debuginfo-9.20.5-3.22.1 python-kiwi-debugsource-9.20.5-3.22.1 python3-kiwi-9.20.5-3.22.1 References: https://bugzilla.suse.com/1174009 From sle-updates at lists.suse.com Mon Sep 21 10:16:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 18:16:09 +0200 (CEST) Subject: SUSE-RU-2020:2695-1: moderate: Recommended update for ImageMagick Message-ID: <20200921161609.4A4E5FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2695-1 Rating: moderate References: #1106272 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ImageMagick fixes the following issue: - Set the correct colorspace. (bsc#1106272) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2695=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2695=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.82.1 ImageMagick-debugsource-7.0.7.34-3.82.1 perl-PerlMagick-7.0.7.34-3.82.1 perl-PerlMagick-debuginfo-7.0.7.34-3.82.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.82.1 ImageMagick-config-7-SUSE-7.0.7.34-3.82.1 ImageMagick-debuginfo-7.0.7.34-3.82.1 ImageMagick-debugsource-7.0.7.34-3.82.1 ImageMagick-devel-7.0.7.34-3.82.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.82.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.82.1 libMagick++-devel-7.0.7.34-3.82.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.82.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.82.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.82.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.82.1 References: https://bugzilla.suse.com/1106272 From sle-updates at lists.suse.com Mon Sep 21 10:18:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 18:18:02 +0200 (CEST) Subject: SUSE-RU-2020:2693-1: moderate: Recommended update for python-rtslib-fb Message-ID: <20200921161802.CEC0FFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-rtslib-fb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2693-1 Rating: moderate References: #1175808 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-rtslib-fb fixes the following issue: - Fixed the signature of the RBDStorageObject to match changes made to parent StorageObject class. (bsc#1175808) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2693=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2693=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-rtslib-fb-2.1.73-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-rtslib-fb-2.1.73-3.6.1 References: https://bugzilla.suse.com/1175808 From sle-updates at lists.suse.com Mon Sep 21 13:14:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 21:14:24 +0200 (CEST) Subject: SUSE-SU-2020:2698-1: moderate: Security update for python-pip Message-ID: <20200921191424.654BEFCE2@maintenance.suse.de> SUSE Security Update: Security update for python-pip ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2698-1 Rating: moderate References: #1176262 SOC-11388 Cross-References: CVE-2019-20916 Affected Products: SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 6-LTSS SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in _download_http_url (bsc#1176262) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2698=1 - SUSE OpenStack Cloud 6-LTSS: zypper in -t patch SUSE-OpenStack-Cloud-6-LTSS-2020-2698=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2698=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-pip-10.0.1-11.9.1 - SUSE OpenStack Cloud 6-LTSS (noarch): python-pip-10.0.1-11.9.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-pip-10.0.1-11.9.1 python3-pip-10.0.1-11.9.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 From sle-updates at lists.suse.com Mon Sep 21 13:15:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 21:15:23 +0200 (CEST) Subject: SUSE-SU-2020:2699-1: important: Security update for python3 Message-ID: <20200921191523.0D75DFCE2@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2699-1 Rating: important References: #1088004 #1088009 #1130840 #1141853 #1149955 #1153238 #1162423 #1173274 #1174091 #1174701 Cross-References: CVE-2018-14647 CVE-2018-20852 CVE-2019-16056 CVE-2019-16935 CVE-2019-20907 CVE-2019-9947 CVE-2020-14422 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Module for Web Scripting 12 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has three fixes is now available. Description: This update for python3 fixes the following issues: - CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091). - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). - If the locale is "C", coerce it to C.UTF-8 (bsc#1162423). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2699=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2699=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2699=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2699=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2699=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2699=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2699=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2699=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2699=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2699=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2699=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2699=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2699=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2699=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2699=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2699=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2699=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2699=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 python3-devel-debuginfo-3.4.10-25.52.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 python3-devel-debuginfo-3.4.10-25.52.1 - SUSE OpenStack Cloud 9 (x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 python3-devel-debuginfo-3.4.10-25.52.1 - SUSE OpenStack Cloud 8 (x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 python3-devel-debuginfo-3.4.10-25.52.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 python3-devel-debuginfo-3.4.10-25.52.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-dbm-3.4.10-25.52.1 python3-dbm-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.52.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 python3-devel-debuginfo-3.4.10-25.52.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 python3-devel-debuginfo-3.4.10-25.52.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 python3-devel-debuginfo-3.4.10-25.52.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 python3-tk-3.4.10-25.52.1 python3-tk-debuginfo-3.4.10-25.52.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.52.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-32bit-3.4.10-25.52.1 python3-base-debuginfo-32bit-3.4.10-25.52.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.52.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.52.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 python3-devel-debuginfo-3.4.10-25.52.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 - SUSE Enterprise Storage 5 (x86_64): python3-devel-debuginfo-3.4.10-25.52.1 - HPE Helion Openstack 8 (x86_64): libpython3_4m1_0-3.4.10-25.52.1 libpython3_4m1_0-debuginfo-3.4.10-25.52.1 python3-3.4.10-25.52.1 python3-base-3.4.10-25.52.1 python3-base-debuginfo-3.4.10-25.52.1 python3-base-debugsource-3.4.10-25.52.1 python3-curses-3.4.10-25.52.1 python3-curses-debuginfo-3.4.10-25.52.1 python3-debuginfo-3.4.10-25.52.1 python3-debugsource-3.4.10-25.52.1 python3-devel-3.4.10-25.52.1 python3-devel-debuginfo-3.4.10-25.52.1 References: https://www.suse.com/security/cve/CVE-2018-14647.html https://www.suse.com/security/cve/CVE-2018-20852.html https://www.suse.com/security/cve/CVE-2019-16056.html https://www.suse.com/security/cve/CVE-2019-16935.html https://www.suse.com/security/cve/CVE-2019-20907.html https://www.suse.com/security/cve/CVE-2019-9947.html https://www.suse.com/security/cve/CVE-2020-14422.html https://bugzilla.suse.com/1088004 https://bugzilla.suse.com/1088009 https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1141853 https://bugzilla.suse.com/1149955 https://bugzilla.suse.com/1153238 https://bugzilla.suse.com/1162423 https://bugzilla.suse.com/1173274 https://bugzilla.suse.com/1174091 https://bugzilla.suse.com/1174701 From sle-updates at lists.suse.com Mon Sep 21 13:17:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 21 Sep 2020 21:17:16 +0200 (CEST) Subject: SUSE-RU-2020:2696-1: moderate: Recommended update for crmsh Message-ID: <20200921191716.30655FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2696-1 Rating: moderate References: #1148873 #1176441 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fixed an issue when 'hb_report' does not collect data from archived logs. (bsc#1148873, bsc#1176441) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2696=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2696=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.0+git.1599810975.2a10dedb-2.41.1 crmsh-scripts-4.1.0+git.1599810975.2a10dedb-2.41.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.0+git.1599810975.2a10dedb-2.41.1 crmsh-scripts-4.1.0+git.1599810975.2a10dedb-2.41.1 References: https://bugzilla.suse.com/1148873 https://bugzilla.suse.com/1176441 From sle-updates at lists.suse.com Tue Sep 22 10:14:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 18:14:56 +0200 (CEST) Subject: SUSE-RU-2020:2704-1: moderate: Recommended update for krb5 Message-ID: <20200922161456.05AE4FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2704-1 Rating: moderate References: #1174079 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2704=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2704=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2704=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2704=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.16.3-3.12.2 krb5-debugsource-1.16.3-3.12.2 krb5-plugin-kdb-ldap-1.16.3-3.12.2 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.12.2 krb5-server-1.16.3-3.12.2 krb5-server-debuginfo-1.16.3-3.12.2 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.16.3-3.12.2 krb5-debugsource-1.16.3-3.12.2 krb5-plugin-kdb-ldap-1.16.3-3.12.2 krb5-plugin-kdb-ldap-debuginfo-1.16.3-3.12.2 krb5-server-1.16.3-3.12.2 krb5-server-debuginfo-1.16.3-3.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): krb5-1.16.3-3.12.2 krb5-client-1.16.3-3.12.2 krb5-client-debuginfo-1.16.3-3.12.2 krb5-debuginfo-1.16.3-3.12.2 krb5-debugsource-1.16.3-3.12.2 krb5-devel-1.16.3-3.12.2 krb5-plugin-preauth-otp-1.16.3-3.12.2 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.12.2 krb5-plugin-preauth-pkinit-1.16.3-3.12.2 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): krb5-32bit-1.16.3-3.12.2 krb5-32bit-debuginfo-1.16.3-3.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): krb5-1.16.3-3.12.2 krb5-client-1.16.3-3.12.2 krb5-client-debuginfo-1.16.3-3.12.2 krb5-debuginfo-1.16.3-3.12.2 krb5-debugsource-1.16.3-3.12.2 krb5-devel-1.16.3-3.12.2 krb5-plugin-preauth-otp-1.16.3-3.12.2 krb5-plugin-preauth-otp-debuginfo-1.16.3-3.12.2 krb5-plugin-preauth-pkinit-1.16.3-3.12.2 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-3.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): krb5-32bit-1.16.3-3.12.2 krb5-32bit-debuginfo-1.16.3-3.12.2 References: https://bugzilla.suse.com/1174079 From sle-updates at lists.suse.com Tue Sep 22 10:15:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 18:15:55 +0200 (CEST) Subject: SUSE-RU-2020:2700-1: moderate: Recommended update for sbd Message-ID: <20200922161555.601CAFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2700-1 Rating: moderate References: #1143064 #1174915 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - sbd-inquisitor: refuse to start if any of the configured device names is invalid (bsc#1174915) - scheduling: overhaul the whole thing (bsc#1143064) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2700=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): sbd-1.4.1+20200807.883c2f8-3.3.2 sbd-debuginfo-1.4.1+20200807.883c2f8-3.3.2 sbd-debugsource-1.4.1+20200807.883c2f8-3.3.2 References: https://bugzilla.suse.com/1143064 https://bugzilla.suse.com/1174915 From sle-updates at lists.suse.com Tue Sep 22 10:16:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 18:16:58 +0200 (CEST) Subject: SUSE-RU-2020:2703-1: moderate: Recommended update for open-vm-tools Message-ID: <20200922161658.69E45FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2703-1 Rating: moderate References: #1175573 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools fixes the following issues: - Fix for building 'open-vm-tools' on 'Linux From Scratch'. (bsc#1175573) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2703=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2703=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): open-vm-tools-debuginfo-11.1.5-4.6.1 open-vm-tools-debugsource-11.1.5-4.6.1 open-vm-tools-desktop-11.1.5-4.6.1 open-vm-tools-desktop-debuginfo-11.1.5-4.6.1 open-vm-tools-sdmp-11.1.5-4.6.1 open-vm-tools-sdmp-debuginfo-11.1.5-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libvmtools-devel-11.1.5-4.6.1 libvmtools0-11.1.5-4.6.1 libvmtools0-debuginfo-11.1.5-4.6.1 open-vm-tools-11.1.5-4.6.1 open-vm-tools-debuginfo-11.1.5-4.6.1 open-vm-tools-debugsource-11.1.5-4.6.1 open-vm-tools-sdmp-11.1.5-4.6.1 open-vm-tools-sdmp-debuginfo-11.1.5-4.6.1 References: https://bugzilla.suse.com/1175573 From sle-updates at lists.suse.com Tue Sep 22 10:17:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 18:17:51 +0200 (CEST) Subject: SUSE-RU-2020:2705-1: moderate: Recommended update for drbd Message-ID: <20200922161752.00104FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2705-1 Rating: moderate References: #1174783 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issue: - Fix GFP flags in data path and not cause other IO to start. (bsc#1174783) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2705=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): drbd-9.0.15+git.c46d2790-3.16.1 drbd-debugsource-9.0.15+git.c46d2790-3.16.1 drbd-kmp-default-9.0.15+git.c46d2790_k4.12.14_150.58-3.16.1 drbd-kmp-default-debuginfo-9.0.15+git.c46d2790_k4.12.14_150.58-3.16.1 References: https://bugzilla.suse.com/1174783 From sle-updates at lists.suse.com Tue Sep 22 10:18:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 18:18:47 +0200 (CEST) Subject: SUSE-RU-2020:2707-1: moderate: Recommended update for python-azure-agent Message-ID: <20200922161847.0403CFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2707-1 Rating: moderate References: #1176368 #1176369 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-azure-agent fixes the following issues: - Update to version 2.2.49.2 (bsc#1176368, bsc#1176369) + Remove paa_use_hostnamectl.patch included upstream + Forwrad port proper_dhcp_config_set.patch + Do not use --unit with systemd-cgls (#1910) + Report processes that do not belong to the agent's cgroup (#1908) + Use controller mount point for extension cgroup path (#1899) + Improvements in setup of cgroups (#1896) + Remove ExtensionsMetricsData and per-process Memory data (#1884) + Fix return value of start_extension_command (#1927) + Remove import * (#1900) + Fix flaky ExtensionCleanupTest class (#1898) + Fix codecov badge (#1883) + Changed codecov to run on py3.8 (#1875) + Update documentation on /dev/random (#1909) + Mount options are in mount(8) (#1893) + Remove ssh host key thumbprint in report ready (#1913) + Emit AutoUpdate value at service start only (#1907) + Add logging for version mismatch (#1895) + Send telemetry event if libdir changes (#1897) + Add log collector utility (#1847) + Move AutoUpdate reporting to HeartBeat event (#1919) + Removing infinite download of extension manifest without a new GS (#1874) + Fix wrongful dir deletion (#1873) + Fix the cleanup-outdated-handlers to only delete handlers that are not present in the GS (#1889) + Expose periods of environment thread in waagent.conf (#1891) + Added user @kevinclark19a as Contributor. (#1906) - From 2.2.48.1 + Refactoring GoalState class out of Protocol, making Protocol thread-safe, removing stale dependencies of Protocol and removing the dependency on the file system to read the Protocol info + Fetch goal state when creating HostPluginProtocol (#1799) + Separate goal state from the protocol class (#1777) + Make protocol util a singleton per thread (#1743, #1756) + Fetch goal state before sending telemetry (#1751) + Remove file dependency (#1754) + Others (#1758, #1767, #1744, #1749, #1816, #1820) + New logs for goal state fetch (#1797) and refresh (#1794). + Thread name added to logs (#1778) + Populate telemetry events at creation time (#1791) + Periodic HeartBeat to be logged to the file (#1755) + Add unit test to verify call stacks on telemetry events (#1828) + Others (#1841, #1842, #1846) + Handling errors while reading extension status files (Limiting Size and Transient issues)(#1761) + Enable SWAP on Resource Disk as Application Certification Support suggested (#1762) + Update 'Provisioning' options in default configs ( #1853) + Drop Metadata Server Support (#1806, #1839, #1840 ) + Improve documentation of ResourceDisk.EnableSwapEncryption (#1782) + Removed is_snappy function (#1774) + Handle exceptions in monitor thread (#1770) + Fix timestamp for periodic operations in the monitor thread (#1879) + Fix permissions on the Ubuntu systemd service file (#1814) + Update hostname setting for SUSE distros (#1832) + Python 3.8 improvements + support for Ubuntu 20.04 (#1860, #1865, #1738) + Testing and dev-infra improvements [#1771, #1768, #1800, #1826, #1827, #1833] + Others (#1854, #1858) - From 2.2.46 + [#1741] Do not update goal state when refreshing the host plugin + [#1731] Fix upgrade sequence when update command fails + [#1725] Initialize CPU usage + [#1716, #1737] Added UTC logging and correcting the format + [#1651, #1729] Start sending PerformanceCounter metrics and additional memory information for Cgroups Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-2707=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python-azure-agent-2.2.49.2-7.21.1 References: https://bugzilla.suse.com/1176368 https://bugzilla.suse.com/1176369 From sle-updates at lists.suse.com Tue Sep 22 10:19:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 18:19:47 +0200 (CEST) Subject: SUSE-RU-2020:2708-1: moderate: Recommended update for python-azure-agent Message-ID: <20200922161947.A88A5FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2708-1 Rating: moderate References: #1175198 #1176368 #1176369 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for python-azure-agent contains the following fixes: - Update to version 2.2.49.2 (bsc#1176368, bsc#1176369) + Remove paa_use_hostnamectl.patch included upstream + Forwrad port proper_dhcp_config_set.patch + Do not use --unit with systemd-cgls (#1910) + Report processes that do not belong to the agent's cgroup (#1908) + Use controller mount point for extension cgroup path (#1899) + Improvements in setup of cgroups (#1896) + Remove ExtensionsMetricsData and per-process Memory data (#1884) + Fix return value of start_extension_command (#1927) + Remove import * (#1900) + Fix flaky ExtensionCleanupTest class (#1898) + Fix codecov badge (#1883) + Changed codecov to run on py3.8 (#1875) + Update documentation on /dev/random (#1909) + Mount options are in mount(8) (#1893) + Remove ssh host key thumbprint in report ready (#1913) + Emit AutoUpdate value at service start only (#1907) + Add logging for version mismatch (#1895) + Send telemetry event if libdir changes (#1897) + Add log collector utility (#1847) + Move AutoUpdate reporting to HeartBeat event (#1919) + Removing infinite download of extension manifest without a new GS (#1874) + Fix wrongful dir deletion (#1873) + Fix the cleanup-outdated-handlers to only delete handlers that are not present in the GS (#1889) + Expose periods of environment thread in waagent.conf (#1891) + Added user @kevinclark19a as Contributor. (#1906) - From 2.2.48.1 + Refactoring GoalState class out of Protocol, making Protocol thread-safe, removing stale dependencies of Protocol and removing the dependency on the file system to read the Protocol info + Fetch goal state when creating HostPluginProtocol (#1799) + Separate goal state from the protocol class (#1777) + Make protocol util a singleton per thread (#1743, #1756) + Fetch goal state before sending telemetry (#1751) + Remove file dependency (#1754) + Others (#1758, #1767, #1744, #1749, #1816, #1820) + New logs for goal state fetch (#1797) and refresh (#1794). + Thread name added to logs (#1778) + Populate telemetry events at creation time (#1791) + Periodic HeartBeat to be logged to the file (#1755) + Add unit test to verify call stacks on telemetry events (#1828) + Others (#1841, #1842, #1846) + Handling errors while reading extension status files (Limiting Size and Transient issues)(#1761) + Enable SWAP on Resource Disk as Application Certification Support suggested (#1762) + Update 'Provisioning' options in default configs ( #1853) + Drop Metadata Server Support (#1806, #1839, #1840 ) + Improve documentation of ResourceDisk.EnableSwapEncryption (#1782) + Removed is_snappy function (#1774) + Handle exceptions in monitor thread (#1770) + Fix timestamp for periodic operations in the monitor thread (#1879) + Fix permissions on the Ubuntu systemd service file (#1814) + Update hostname setting for SUSE distros (#1832) + Python 3.8 improvements + support for Ubuntu 20.04 (#1860, #1865, #1738) + Testing and dev-infra improvements [#1771, #1768, #1800, #1826, #1827, #1833] + Others (#1854, #1858) - From 2.2.46 + [#1741] Do not update goal state when refreshing the host plugin + [#1731] Fix upgrade sequence when update command fails + [#1725] Initialize CPU usage + [#1716, #1737] Added UTC logging and correcting the format + [#1651, #1729] Start sending PerformanceCounter metrics and additional memory information for Cgroups - Drop paa_sudo_sle15_nopwd.patch (bsc#1175198) + sudoers file is managed by cloud-init we no longer need this hack Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2708=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-agent-2.2.49.2-34.29.1 References: https://bugzilla.suse.com/1175198 https://bugzilla.suse.com/1176368 https://bugzilla.suse.com/1176369 From sle-updates at lists.suse.com Tue Sep 22 10:20:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 18:20:55 +0200 (CEST) Subject: SUSE-RU-2020:2702-1: moderate: Recommended update for open-vm-tools Message-ID: <20200922162055.0E3A0FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2702-1 Rating: moderate References: #1175573 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools fixes the following issues: - Fix for building 'open-vm-tools' on 'Linux From Scratch'. (bsc#1175573) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2702=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): libvmtools0-11.1.5-4.27.2 libvmtools0-debuginfo-11.1.5-4.27.2 open-vm-tools-11.1.5-4.27.2 open-vm-tools-debuginfo-11.1.5-4.27.2 open-vm-tools-debugsource-11.1.5-4.27.2 open-vm-tools-desktop-11.1.5-4.27.2 open-vm-tools-desktop-debuginfo-11.1.5-4.27.2 open-vm-tools-sdmp-11.1.5-4.27.2 open-vm-tools-sdmp-debuginfo-11.1.5-4.27.2 References: https://bugzilla.suse.com/1175573 From sle-updates at lists.suse.com Tue Sep 22 10:23:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 18:23:07 +0200 (CEST) Subject: SUSE-RU-2020:2701-1: moderate: Recommended update for open-vm-tools Message-ID: <20200922162307.7B787FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2701-1 Rating: moderate References: #1175573 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-vm-tools fixes the following issues: - Fix for building 'open-vm-tools' on 'Linux From Scratch'. (bsc#1175573) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2701=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2701=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (x86_64): open-vm-tools-debuginfo-11.1.5-3.20.2 open-vm-tools-debugsource-11.1.5-3.20.2 open-vm-tools-desktop-11.1.5-3.20.2 open-vm-tools-desktop-debuginfo-11.1.5-3.20.2 open-vm-tools-sdmp-11.1.5-3.20.2 open-vm-tools-sdmp-debuginfo-11.1.5-3.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libvmtools-devel-11.1.5-3.20.2 libvmtools0-11.1.5-3.20.2 libvmtools0-debuginfo-11.1.5-3.20.2 open-vm-tools-11.1.5-3.20.2 open-vm-tools-debuginfo-11.1.5-3.20.2 open-vm-tools-debugsource-11.1.5-3.20.2 open-vm-tools-sdmp-11.1.5-3.20.2 open-vm-tools-sdmp-debuginfo-11.1.5-3.20.2 References: https://bugzilla.suse.com/1175573 From sle-updates at lists.suse.com Tue Sep 22 10:24:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 18:24:03 +0200 (CEST) Subject: SUSE-RU-2020:2706-1: moderate: Recommended update for xorg-x11-server Message-ID: <20200922162403.C5820FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2706-1 Rating: moderate References: #1176015 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-x11-server fixes the following issues: - fix crash in XWayland when undocking laptop. (bsc#1176015) - fix for XWayland abort in Present code. (bsc#1176015) - Import various fixes from 1.20 branch solving XWayland crashes. (bsc#1176015) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2706=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2706=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2706=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.8.1 xorg-x11-server-debugsource-1.20.3-22.5.8.1 xorg-x11-server-wayland-1.20.3-22.5.8.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.8.1 xorg-x11-server-debugsource-1.20.3-22.5.8.1 xorg-x11-server-sdk-1.20.3-22.5.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.8.1 xorg-x11-server-debuginfo-1.20.3-22.5.8.1 xorg-x11-server-debugsource-1.20.3-22.5.8.1 xorg-x11-server-extra-1.20.3-22.5.8.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.8.1 References: https://bugzilla.suse.com/1176015 From sle-updates at lists.suse.com Tue Sep 22 13:19:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 21:19:01 +0200 (CEST) Subject: SUSE-SU-2020:2711-1: moderate: Security update for libmspack Message-ID: <20200922191901.377ACFCE2@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2711-1 Rating: moderate References: #1113038 #1113039 #1130489 #1141680 Cross-References: CVE-2018-18584 CVE-2018-18585 CVE-2019-1010305 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for libmspack fixes the following issues: Security issues fixed: - CVE-2019-1010305: Fixed a buffer overflow triggered by a crafted chm file which could have led to information disclosure (bsc#1141680). - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the "/\0" name). (bsc#1113039) - Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2711=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2711=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.4-15.7.1 libmspack-devel-0.4-15.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.4-15.7.1 libmspack0-0.4-15.7.1 libmspack0-debuginfo-0.4-15.7.1 References: https://www.suse.com/security/cve/CVE-2018-18584.html https://www.suse.com/security/cve/CVE-2018-18585.html https://www.suse.com/security/cve/CVE-2019-1010305.html https://bugzilla.suse.com/1113038 https://bugzilla.suse.com/1113039 https://bugzilla.suse.com/1130489 https://bugzilla.suse.com/1141680 From sle-updates at lists.suse.com Tue Sep 22 13:20:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 21:20:11 +0200 (CEST) Subject: SUSE-SU-2020:2715-1: moderate: Security update for grafana Message-ID: <20200922192011.362D0FCE2@maintenance.suse.de> SUSE Security Update: Security update for grafana ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2715-1 Rating: moderate References: #1174583 Cross-References: CVE-2020-11110 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for grafana fixes the following issues: - CVE-2020-11110: Fixed a stored XSS in dashboard snapshot original dashboard link (bsc#1174583). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2715=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): grafana-4.6.5-3.13.1 grafana-debuginfo-4.6.5-3.13.1 grafana-debugsource-4.6.5-3.13.1 References: https://www.suse.com/security/cve/CVE-2020-11110.html https://bugzilla.suse.com/1174583 From sle-updates at lists.suse.com Tue Sep 22 13:21:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 21:21:05 +0200 (CEST) Subject: SUSE-SU-2020:2714-1: moderate: Security update for ovmf Message-ID: <20200922192105.998F2FCE2@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2714-1 Rating: moderate References: #1175476 #1175674 Cross-References: CVE-2019-14562 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - Use openSUSE CA for the opensuse flavor (bsc#1175674) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2714=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2714=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2714=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2714=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2714=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ovmf-2017+git1510945757.b2662641d5-3.29.1 ovmf-tools-2017+git1510945757.b2662641d5-3.29.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.29.1 - SUSE OpenStack Cloud 9 (x86_64): ovmf-2017+git1510945757.b2662641d5-3.29.1 ovmf-tools-2017+git1510945757.b2662641d5-3.29.1 - SUSE OpenStack Cloud 9 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): ovmf-2017+git1510945757.b2662641d5-3.29.1 ovmf-tools-2017+git1510945757.b2662641d5-3.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.29.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-3.29.1 ovmf-tools-2017+git1510945757.b2662641d5-3.29.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.29.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-3.29.1 ovmf-tools-2017+git1510945757.b2662641d5-3.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.29.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.29.1 References: https://www.suse.com/security/cve/CVE-2019-14562.html https://bugzilla.suse.com/1175476 https://bugzilla.suse.com/1175674 From sle-updates at lists.suse.com Tue Sep 22 13:22:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 21:22:06 +0200 (CEST) Subject: SUSE-SU-2020:2710-1: important: Security update for rubygem-actionpack-5_1 Message-ID: <20200922192206.21A4BFCE2@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-5_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2710-1 Rating: important References: #1172177 Cross-References: CVE-2020-8164 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. (bsc#1172177) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2710=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2710=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2710=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-3.6.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-3.6.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-8164.html https://bugzilla.suse.com/1172177 From sle-updates at lists.suse.com Tue Sep 22 13:24:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 21:24:08 +0200 (CEST) Subject: SUSE-SU-2020:2712-1: moderate: Security update for openldap2 Message-ID: <20200922192408.746A7FCE2@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2712-1 Rating: moderate References: #1175568 Cross-References: CVE-2020-8027 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2712=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2712=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2712=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2712=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2712=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2712=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): openldap2-back-meta-2.4.46-9.37.1 openldap2-back-meta-debuginfo-2.4.46-9.37.1 openldap2-back-perl-2.4.46-9.37.1 openldap2-back-perl-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-ppolicy-check-password-1.2-9.37.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.37.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.37.1 openldap2-back-meta-2.4.46-9.37.1 openldap2-back-meta-debuginfo-2.4.46-9.37.1 openldap2-back-perl-2.4.46-9.37.1 openldap2-back-perl-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-ppolicy-check-password-1.2-9.37.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-32bit-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-32bit-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.37.1 libldap-2_4-2-debuginfo-2.4.46-9.37.1 openldap2-client-2.4.46-9.37.1 openldap2-client-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-2.4.46-9.37.1 openldap2-devel-static-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libldap-2_4-2-32bit-2.4.46-9.37.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libldap-data-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.37.1 libldap-2_4-2-debuginfo-2.4.46-9.37.1 openldap2-client-2.4.46-9.37.1 openldap2-client-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-2.4.46-9.37.1 openldap2-devel-static-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libldap-data-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libldap-2_4-2-32bit-2.4.46-9.37.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.37.1 References: https://www.suse.com/security/cve/CVE-2020-8027.html https://bugzilla.suse.com/1175568 From sle-updates at lists.suse.com Tue Sep 22 13:25:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 21:25:56 +0200 (CEST) Subject: SUSE-RU-2020:2709-1: Recommended update for pdate to version 1.0.5 (bsc#1174791, bsc#1174937) Message-ID: <20200922192556.229A1FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for pdate to version 1.0.5 (bsc#1174791, bsc#1174937) ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2709-1 Rating: low References: #1174791 #1174937 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: - Update to version 1.0.5 (bsc#1174791, bsc#1174937) + New configuration to switch to https only outgoing traffic + Use latest API to query the metadata server and send additional data Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2709=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2709=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): regionServiceClientConfigAzure-1.0.5-3.13.4 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): regionServiceClientConfigAzure-1.0.5-3.13.4 References: https://bugzilla.suse.com/1174791 https://bugzilla.suse.com/1174937 From sle-updates at lists.suse.com Tue Sep 22 13:31:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 22 Sep 2020 21:31:14 +0200 (CEST) Subject: SUSE-SU-2020:2713-1: moderate: Security update for ovmf Message-ID: <20200922193114.CC2F6FCE2@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2713-1 Rating: moderate References: #1175476 #1175674 Cross-References: CVE-2019-14562 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - Use openSUSE CA for the opensuse flavor (bsc#1175674) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2713=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2713=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2713=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2713=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2713=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.35.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): ovmf-2017+git1510945757.b2662641d5-5.35.1 ovmf-tools-2017+git1510945757.b2662641d5-5.35.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): ovmf-2017+git1510945757.b2662641d5-5.35.1 ovmf-tools-2017+git1510945757.b2662641d5-5.35.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.35.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-5.35.1 ovmf-tools-2017+git1510945757.b2662641d5-5.35.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.35.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-5.35.1 ovmf-tools-2017+git1510945757.b2662641d5-5.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.35.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): ovmf-2017+git1510945757.b2662641d5-5.35.1 ovmf-tools-2017+git1510945757.b2662641d5-5.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.35.1 qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.35.1 References: https://www.suse.com/security/cve/CVE-2019-14562.html https://bugzilla.suse.com/1175476 https://bugzilla.suse.com/1175674 From sle-updates at lists.suse.com Wed Sep 23 01:23:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 09:23:28 +0200 (CEST) Subject: SUSE-CU-2020:500-1: Security update of suse/sle15 Message-ID: <20200923072328.1AE63FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:500-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.311 Container Release : 6.2.311 Severity : moderate Type : security References : 1174079 1175568 CVE-2020-8027 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). From sle-updates at lists.suse.com Wed Sep 23 04:15:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 12:15:52 +0200 (CEST) Subject: SUSE-RU-2020:2716-1: moderate: Recommended update for freeradius-server Message-ID: <20200923101552.951CDFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2716-1 Rating: moderate References: #1170505 #1174905 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for freeradius-server fixes the following issues: - Fix permissions in logrotate config global section and let systemd start it properly. (bsc#1170505, bsc#1174905) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2716=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.21-3.3.1 freeradius-server-debuginfo-3.0.21-3.3.1 freeradius-server-debugsource-3.0.21-3.3.1 freeradius-server-devel-3.0.21-3.3.1 freeradius-server-krb5-3.0.21-3.3.1 freeradius-server-krb5-debuginfo-3.0.21-3.3.1 freeradius-server-ldap-3.0.21-3.3.1 freeradius-server-ldap-debuginfo-3.0.21-3.3.1 freeradius-server-libs-3.0.21-3.3.1 freeradius-server-libs-debuginfo-3.0.21-3.3.1 freeradius-server-mysql-3.0.21-3.3.1 freeradius-server-mysql-debuginfo-3.0.21-3.3.1 freeradius-server-perl-3.0.21-3.3.1 freeradius-server-perl-debuginfo-3.0.21-3.3.1 freeradius-server-postgresql-3.0.21-3.3.1 freeradius-server-postgresql-debuginfo-3.0.21-3.3.1 freeradius-server-python3-3.0.21-3.3.1 freeradius-server-python3-debuginfo-3.0.21-3.3.1 freeradius-server-sqlite-3.0.21-3.3.1 freeradius-server-sqlite-debuginfo-3.0.21-3.3.1 freeradius-server-utils-3.0.21-3.3.1 freeradius-server-utils-debuginfo-3.0.21-3.3.1 References: https://bugzilla.suse.com/1170505 https://bugzilla.suse.com/1174905 From sle-updates at lists.suse.com Wed Sep 23 04:17:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 12:17:06 +0200 (CEST) Subject: SUSE-RU-2020:2717-1: moderate: Recommended update for gdm Message-ID: <20200923101706.2BF83FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2717-1 Rating: moderate References: #1168515 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issue: - Update udev rules to enable Wayland on Cirrus chipset. (bsc#1168515) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2717=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gdm-3.34.1-8.6.1 gdm-debuginfo-3.34.1-8.6.1 gdm-debugsource-3.34.1-8.6.1 gdm-devel-3.34.1-8.6.1 libgdm1-3.34.1-8.6.1 libgdm1-debuginfo-3.34.1-8.6.1 typelib-1_0-Gdm-1_0-3.34.1-8.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gdm-lang-3.34.1-8.6.1 gdm-systemd-3.34.1-8.6.1 gdmflexiserver-3.34.1-8.6.1 References: https://bugzilla.suse.com/1168515 From sle-updates at lists.suse.com Wed Sep 23 06:23:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 14:23:02 +0200 (CEST) Subject: SUSE-IU-2020:84-1: Security update of suse-sles-15-sp1-chost-byos-v20200922-gen2 Message-ID: <20200923122302.CBEDFFCE2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp1-chost-byos-v20200922-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:84-1 Image Tags : suse-sles-15-sp1-chost-byos-v20200922-gen2:20200922 Image Release : Severity : important Type : security References : 1010996 1051510 1058115 1065600 1065729 1065729 1071152 1071390 1071995 1071995 1083548 1085030 1085030 1093910 1100758 1106843 1111666 1111666 1112178 1112178 1113225 1113719 1113956 1113956 1114279 1120163 1121268 1130864 1133021 1136666 1142733 1144333 1144333 1146991 1148868 1149911 1150660 1151708 1151927 1152107 1152148 1152624 1153520 1153953 1154063 1154871 1155305 1155911 1158336 1158983 1159058 1160007 1161016 1162002 1162063 1163309 1163524 1165580 1165629 1166965 1166985 1167104 1168081 1168104 1168235 1168389 1168959 1168994 1169194 1169514 1169771 1169790 1169795 1170011 1170232 1170442 1170475 1170476 1170592 1170617 1170618 1170745 1170964 1171124 1171284 1171424 1171529 1171530 1171558 1171558 1171656 1171688 1171732 1171739 1171743 1171753 1171759 1171835 1171841 1171868 1171878 1171904 1171988 1172073 1172085 1172108 1172195 1172247 1172247 1172257 1172344 1172418 1172428 1172458 1172484 1172537 1172538 1172597 1172687 1172719 1172745 1172759 1172775 1172781 1172782 1172783 1172807 1172810 1172824 1172871 1172871 1172872 1172872 1172873 1172963 1172999 1173060 1173060 1173074 1173146 1173227 1173229 1173238 1173240 1173265 1173280 1173284 1173338 1173357 1173411 1173422 1173428 1173485 1173514 1173539 1173567 1173573 1173659 1173746 1173798 1173818 1173820 1173825 1173826 1173833 1173838 1173839 1173845 1173857 1173866 1173954 1174003 1174026 1174070 1174091 1174113 1174115 1174120 1174122 1174123 1174154 1174186 1174187 1174205 1174260 1174296 1174320 1174343 1174356 1174387 1174409 1174421 1174438 1174443 1174444 1174462 1174484 1174543 1174547 1174549 1174550 1174551 1174618 1174625 1174658 1174673 1174685 1174689 1174699 1174734 1174736 1174757 1174771 1174782 1174840 1174841 1174843 1174844 1174845 1174847 1174852 1174873 1174887 1174904 1174926 1174968 1175036 1175060 1175062 1175063 1175064 1175065 1175066 1175067 1175109 1175112 1175127 1175128 1175149 1175198 1175199 1175213 1175228 1175232 1175250 1175251 1175284 1175393 1175394 1175396 1175397 1175398 1175399 1175400 1175401 1175402 1175403 1175404 1175405 1175406 1175407 1175408 1175409 1175410 1175411 1175412 1175413 1175414 1175415 1175416 1175417 1175418 1175419 1175420 1175421 1175422 1175423 1175440 1175493 1175515 1175518 1175526 1175550 1175626 1175654 1175656 1175666 1175667 1175668 1175669 1175670 1175691 1175767 1175768 1175769 1175770 1175771 1175772 1175786 1175811 1175830 1175831 1175873 1176069 1176179 927831 941629 973042 CVE-2018-18751 CVE-2019-16746 CVE-2019-20810 CVE-2019-20907 CVE-2019-20908 CVE-2020-0305 CVE-2020-10135 CVE-2020-10713 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-14416 CVE-2020-15393 CVE-2020-15705 CVE-2020-15719 CVE-2020-15780 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 CVE-2020-24977 CVE-2020-8231 ----------------------------------------------------------------- The container suse-sles-15-sp1-chost-byos-v20200922-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1370-1 Released: Thu May 21 19:06:00 2020 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1171656 This update for systemd-presets-branding-SLE fixes the following issues: Cleanup of outdated autostart services (bsc#1171656): - Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE. - Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this. - Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2107-1 Released: Mon Aug 3 16:45:00 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1051510,1065729,1071995,1085030,1111666,1112178,1113956,1114279,1144333,1148868,1150660,1151927,1152107,1152624,1158983,1159058,1161016,1162002,1162063,1163309,1166985,1167104,1168081,1168959,1169194,1169514,1169771,1169795,1170011,1170442,1170592,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171732,1171739,1171743,1171753,1171759,1171835,1171841,1171868,1171904,1172247,1172257,1172344,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173659,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174186,1174187,1174296,1174343,1174356,1174409,1174438,1174462,1174543,CVE-2019-16746,CVE-2019-20810,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-202 0-14416,CVE-2020-15393,CVE-2020-15780 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. (bsc#1173573) - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bnc#1173074). - CVE-2019-20908: Fixed incorrect access permissions for the efivar_ssdt ACPI variable, which could be used by attackers to bypass lockdown or secure boot restrictions (bnc#1173567). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c, related to invalid length checks for variable elements in a beacon head (bnc#1152107). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - Fix boot crash with MD (bsc#1174343) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add option for setting control flags (bsc#1111666). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: fix compilation of user API (bsc#1051510). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - Move upstreamed lpfc patches into sorted section - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)). - Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (bsc#1111666). - Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)). - Revert 'thermal: mediatek: fix register index error' (bsc#1111666). - Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove' - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add GosunCn GM500 series (bsc#1111666). - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - watchdog: sp805: fix restart handler (bsc#1111666). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - work around mvfs bug (bsc#1162063). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2124-1 Released: Wed Aug 5 09:24:47 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1172597 This update for lvm2 fixes the following issues: - Fixed an issue where the system hangs for 90 seconds before it actually shuts down (bsc#1172597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2127-1 Released: Wed Aug 5 10:28:23 2020 Summary: Recommended update for python-azure-agent Type: recommended Severity: important References: 1173866 This update for python-azure-agent fixes the following issues: - Properly set the DHCP configuration to push the hostname to the DHCP server. (bsc#1173866) - Do not bring the interface down to push the hostname, just use 'ifup'. (bsc#1173866) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2165-1 Released: Fri Aug 7 11:04:59 2020 Summary: Recommended update for Linux Kernel Type: recommended Severity: important References: 1174887 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive the following fixes: Fix a regression where virt-manager generated KVM setups and possible others could fail to boot the kernel (bsc#1174887) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2182-1 Released: Mon Aug 10 11:39:48 2020 Summary: Recommended update for open-lldp Type: recommended Severity: moderate References: 1153520,1170745,1171284 This update for open-lldp fixes the following issues: - Fix for a segementation fault, when agents change their MAC address (bsc#1171284) - lldapd will now transmit the permanent MAC address (the MAC address of the underlying physical device) as port id, thus allowing the switch or any management application to differentiate between those ports. (bsc#1153520) - Fix for a segmentation fault, when lldapd registers an interface and it gets shortly removed afterwards. (bsc#1170745) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2208-1 Released: Tue Aug 11 17:25:45 2020 Summary: Recommended update for rsyslog Type: recommended Severity: important References: 1173338 This update for rsyslog fixes the following issues: - Fix for logrotate to avoid unexpected exit with coredump after logrotate. (bsc#1173338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2219-1 Released: Wed Aug 12 15:47:42 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Type: recommended Severity: moderate References: 1170475,1170476,1173238,1173240,1173357,1174618,1174847 This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2222-1 Released: Thu Aug 13 09:08:46 2020 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1130864,1155911,1160007 This update for SUSEConnect fixes the following issues: Update from version 0.3.22 to version 0.3.25 - Don't fail de-activation when '-release' package already got removed. - Fix cloud_provider detection on AWS large instances. (bsc#1160007) - Forbid de-registration for on-demand Public Cloud instances. (bsc#1155911) - Setup customer_center on read-only boot system. (bsc#1130864) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2224-1 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1171878,1172085 This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2245-1 Released: Fri Aug 14 15:27:45 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174782,1175036,1175060 This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2256-1 Released: Mon Aug 17 15:08:46 2020 Summary: Recommended update for sysfsutils Type: recommended Severity: moderate References: 1155305 This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2277-1 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Type: security Severity: moderate References: 1174091,CVE-2019-20907 This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2278-1 Released: Wed Aug 19 21:26:08 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1149911,1151708,1168235,1168389 This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2284-1 Released: Thu Aug 20 16:04:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1010996,1071152,1071390,1154871,1174673,973042 This update for ca-certificates-mozilla fixes the following issues: update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 - reverted p11-kit nss trust integration as it breaks in fresh installations (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2296-1 Released: Mon Aug 24 10:34:37 2020 Summary: Security update for gettext-runtime Type: security Severity: moderate References: 1106843,1113719,941629,CVE-2018-18751 This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2307-1 Released: Tue Aug 25 14:48:39 2020 Summary: Security update for grub2 Type: security Severity: important References: 1172745,1174421,CVE-2020-15705 This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2337-1 Released: Wed Aug 26 13:00:47 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1172807 This update for dracut fixes the following issue: - Fix typo in did setup conditional. (bsc#1172807) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2350-1 Released: Wed Aug 26 17:17:02 2020 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: 1093910,1100758,1174443,1174444 This update for hyper-v fixes the following issues: - Remove dependency to network-online.target now that gethostname is used in kvp_daemon. (bsc#1174443, bsc#1174444) - Reopen the devices if read() or write() returns errors - Use either python2 or python3 for lsvmbus. (bsc#1093910) - Remove sysv init scripts - Enable build on aarch64 - Use gethostname for async name resolution. (bsc#1100758) - Asynchronous name resolution in kvp_daemon. (bsc#1100758) - kvp: eliminate 'may be used uninitialized' warning - Fixed Python pep8/flake8 warnings for lsvmbus - Replace GPLv2 boilerplate/reference with SPDX - Fix a warning of buffer overflow with gcc 8.0.1 - fcopy: set 'error' in case an unknown operation was requested - vss: fix loop device detection. - Fix IP reporting by KVP daemon with SRIOV - Fix a bug in the key delete code - Fix compiler warnings about major/target_fname ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2352-1 Released: Thu Aug 27 07:29:16 2020 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1172810,1174120 This update for samba fixes the following issues: - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) - Fix for command 'net' as it is unable to negotiate with 'SMB2'. (bsc#1174120) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2378-1 Released: Fri Aug 28 14:52:31 2020 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1175198 This update for python-azure-agent contains the following fix: - Drop paa_sudo_sle15_nopwd.patch (bsc#1175198) + sudoers file is managed by cloud-init we no longer need this hack ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2380-1 Released: Fri Aug 28 14:54:08 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1175250,1175251 This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2425-1 Released: Tue Sep 1 13:54:05 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1174260 This update for nfs-utils fixes the following issues: - Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2441-1 Released: Tue Sep 1 22:16:10 2020 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1154063 This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2446-1 Released: Wed Sep 2 09:33:22 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2458-1 Released: Wed Sep 2 15:44:30 2020 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 927831 This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2575-1 Released: Wed Sep 9 07:15:49 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1058115,1065600,1065729,1071995,1083548,1085030,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1171988,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1 175770,1175771,1175772,1175786,1175873,1176069,CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce 'poweroff' callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64/sve: should not depend on <uapi/linux/prctl.h> (bsc#1175401). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - constrants: fix malformed XML Closing tag of an element is '', not ''. Fixes: 8b37de2eb835 ('rpm/constraints.in: Increase memory for kernel-docs') - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes - drm/debugfs: fix plain echo to connector 'force' attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins. (bsc#1112178) * move files drivers/video/fbdev/core -> drivers/video/console * refresh for context changes - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kabi: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - KVM: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove 'net' prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - ntb: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - ntb: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix 'try' semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (bsc#1111666). - Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (bsc#1113956) * refresh for context changes - Revert 'ocfs2: avoid inode removal while nfsd is accessing it' This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003). - Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003). - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.) - rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging/speakup: fix get_word non-space look-ahead (git-fixes). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2629-1 Released: Mon Sep 14 18:12:01 2020 Summary: Security update for shim Type: security Severity: moderate References: 1113225,1121268,1153953,1168104,1168994,1173411,1174320,1175626,1175656,CVE-2020-10713 This update for shim fixes the following issues: This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Changes: Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994) + Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin + Add vendor-dbx.bin as the vendor dbx to block unwanted keys - Update the path to grub-tpm.efi in shim-install (bsc#1174320) - Only check EFI variable copying when Secure Boot is enabled (bsc#1173411) - Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd (bsc#1168104) - shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. (bsc#1153953) - shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2638-1 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1165580 This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) From sle-updates at lists.suse.com Wed Sep 23 06:23:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 14:23:53 +0200 (CEST) Subject: SUSE-IU-2020:85-1: Security update of suse-sles-15-sp1-chost-byos-v20200922-hvm-ssd-x86_64 Message-ID: <20200923122353.22F19FCE2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp1-chost-byos-v20200922-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:85-1 Image Tags : suse-sles-15-sp1-chost-byos-v20200922-hvm-ssd-x86_64:20200922 Image Release : Severity : important Type : security References : 1010996 1051510 1058115 1065600 1065729 1065729 1071152 1071390 1071995 1071995 1083548 1085030 1085030 1106843 1111666 1111666 1112178 1112178 1113719 1113956 1113956 1114279 1120163 1130864 1133021 1136666 1142733 1144333 1144333 1146991 1148868 1149911 1150660 1151708 1151927 1152107 1152148 1152624 1153520 1154063 1154871 1155305 1155911 1158336 1158983 1159058 1160007 1161016 1162002 1162063 1163309 1163524 1165580 1165629 1166965 1166985 1167104 1168081 1168235 1168389 1168959 1169194 1169514 1169771 1169790 1169795 1170011 1170232 1170442 1170475 1170476 1170592 1170617 1170618 1170745 1170964 1171124 1171284 1171424 1171529 1171530 1171558 1171558 1171656 1171688 1171732 1171739 1171743 1171753 1171759 1171835 1171841 1171868 1171878 1171904 1171988 1172073 1172085 1172108 1172195 1172247 1172247 1172257 1172344 1172356 1172418 1172428 1172458 1172484 1172537 1172538 1172597 1172687 1172719 1172745 1172759 1172775 1172781 1172782 1172783 1172807 1172810 1172824 1172871 1172871 1172872 1172872 1172873 1172963 1172999 1173060 1173060 1173074 1173146 1173227 1173229 1173238 1173240 1173265 1173280 1173284 1173338 1173357 1173422 1173428 1173485 1173514 1173539 1173567 1173573 1173659 1173746 1173798 1173818 1173820 1173825 1173826 1173833 1173838 1173839 1173845 1173857 1173954 1174003 1174026 1174070 1174091 1174113 1174115 1174120 1174122 1174123 1174154 1174186 1174187 1174205 1174260 1174296 1174343 1174356 1174387 1174409 1174421 1174438 1174462 1174484 1174543 1174543 1174547 1174549 1174550 1174551 1174618 1174625 1174658 1174673 1174685 1174689 1174699 1174734 1174736 1174757 1174771 1174782 1174840 1174841 1174843 1174844 1174845 1174847 1174852 1174873 1174887 1174904 1174926 1174968 1175036 1175060 1175062 1175063 1175064 1175065 1175066 1175067 1175109 1175112 1175127 1175128 1175149 1175199 1175213 1175228 1175232 1175250 1175251 1175284 1175393 1175394 1175396 1175397 1175398 1175399 1175400 1175401 1175402 1175403 1175404 1175405 1175406 1175407 1175408 1175409 1175410 1175411 1175412 1175413 1175414 1175415 1175416 1175417 1175418 1175419 1175420 1175421 1175422 1175423 1175440 1175493 1175515 1175518 1175526 1175550 1175654 1175666 1175667 1175668 1175669 1175670 1175691 1175767 1175768 1175769 1175770 1175771 1175772 1175786 1175811 1175830 1175831 1175873 1176069 1176179 927831 941629 973042 CVE-2018-18751 CVE-2019-16746 CVE-2019-20810 CVE-2019-20907 CVE-2019-20908 CVE-2020-0305 CVE-2020-10135 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-14416 CVE-2020-15393 CVE-2020-15705 CVE-2020-15719 CVE-2020-15780 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 CVE-2020-24977 CVE-2020-8231 ----------------------------------------------------------------- The container suse-sles-15-sp1-chost-byos-v20200922-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1370-1 Released: Thu May 21 19:06:00 2020 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1171656 This update for systemd-presets-branding-SLE fixes the following issues: Cleanup of outdated autostart services (bsc#1171656): - Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE. - Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this. - Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2107-1 Released: Mon Aug 3 16:45:00 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1051510,1065729,1071995,1085030,1111666,1112178,1113956,1114279,1144333,1148868,1150660,1151927,1152107,1152624,1158983,1159058,1161016,1162002,1162063,1163309,1166985,1167104,1168081,1168959,1169194,1169514,1169771,1169795,1170011,1170442,1170592,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171732,1171739,1171743,1171753,1171759,1171835,1171841,1171868,1171904,1172247,1172257,1172344,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173659,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174186,1174187,1174296,1174343,1174356,1174409,1174438,1174462,1174543,CVE-2019-16746,CVE-2019-20810,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-202 0-14416,CVE-2020-15393,CVE-2020-15780 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. (bsc#1173573) - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bnc#1173074). - CVE-2019-20908: Fixed incorrect access permissions for the efivar_ssdt ACPI variable, which could be used by attackers to bypass lockdown or secure boot restrictions (bnc#1173567). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c, related to invalid length checks for variable elements in a beacon head (bnc#1152107). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - Fix boot crash with MD (bsc#1174343) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add option for setting control flags (bsc#1111666). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: fix compilation of user API (bsc#1051510). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - Move upstreamed lpfc patches into sorted section - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)). - Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (bsc#1111666). - Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)). - Revert 'thermal: mediatek: fix register index error' (bsc#1111666). - Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove' - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add GosunCn GM500 series (bsc#1111666). - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - watchdog: sp805: fix restart handler (bsc#1111666). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - work around mvfs bug (bsc#1162063). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2124-1 Released: Wed Aug 5 09:24:47 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1172597 This update for lvm2 fixes the following issues: - Fixed an issue where the system hangs for 90 seconds before it actually shuts down (bsc#1172597) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2158-1 Released: Thu Aug 6 20:05:16 2020 Summary: Security update for xen Type: security Severity: important References: 1172356,1174543 This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2165-1 Released: Fri Aug 7 11:04:59 2020 Summary: Recommended update for Linux Kernel Type: recommended Severity: important References: 1174887 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive the following fixes: Fix a regression where virt-manager generated KVM setups and possible others could fail to boot the kernel (bsc#1174887) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2182-1 Released: Mon Aug 10 11:39:48 2020 Summary: Recommended update for open-lldp Type: recommended Severity: moderate References: 1153520,1170745,1171284 This update for open-lldp fixes the following issues: - Fix for a segementation fault, when agents change their MAC address (bsc#1171284) - lldapd will now transmit the permanent MAC address (the MAC address of the underlying physical device) as port id, thus allowing the switch or any management application to differentiate between those ports. (bsc#1153520) - Fix for a segmentation fault, when lldapd registers an interface and it gets shortly removed afterwards. (bsc#1170745) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2208-1 Released: Tue Aug 11 17:25:45 2020 Summary: Recommended update for rsyslog Type: recommended Severity: important References: 1173338 This update for rsyslog fixes the following issues: - Fix for logrotate to avoid unexpected exit with coredump after logrotate. (bsc#1173338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2219-1 Released: Wed Aug 12 15:47:42 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Type: recommended Severity: moderate References: 1170475,1170476,1173238,1173240,1173357,1174618,1174847 This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2222-1 Released: Thu Aug 13 09:08:46 2020 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1130864,1155911,1160007 This update for SUSEConnect fixes the following issues: Update from version 0.3.22 to version 0.3.25 - Don't fail de-activation when '-release' package already got removed. - Fix cloud_provider detection on AWS large instances. (bsc#1160007) - Forbid de-registration for on-demand Public Cloud instances. (bsc#1155911) - Setup customer_center on read-only boot system. (bsc#1130864) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2224-1 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1171878,1172085 This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2245-1 Released: Fri Aug 14 15:27:45 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174782,1175036,1175060 This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2256-1 Released: Mon Aug 17 15:08:46 2020 Summary: Recommended update for sysfsutils Type: recommended Severity: moderate References: 1155305 This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2277-1 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Type: security Severity: moderate References: 1174091,CVE-2019-20907 This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2278-1 Released: Wed Aug 19 21:26:08 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1149911,1151708,1168235,1168389 This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2284-1 Released: Thu Aug 20 16:04:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1010996,1071152,1071390,1154871,1174673,973042 This update for ca-certificates-mozilla fixes the following issues: update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 - reverted p11-kit nss trust integration as it breaks in fresh installations (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2296-1 Released: Mon Aug 24 10:34:37 2020 Summary: Security update for gettext-runtime Type: security Severity: moderate References: 1106843,1113719,941629,CVE-2018-18751 This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2307-1 Released: Tue Aug 25 14:48:39 2020 Summary: Security update for grub2 Type: security Severity: important References: 1172745,1174421,CVE-2020-15705 This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2337-1 Released: Wed Aug 26 13:00:47 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1172807 This update for dracut fixes the following issue: - Fix typo in did setup conditional. (bsc#1172807) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2352-1 Released: Thu Aug 27 07:29:16 2020 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1172810,1174120 This update for samba fixes the following issues: - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) - Fix for command 'net' as it is unable to negotiate with 'SMB2'. (bsc#1174120) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2380-1 Released: Fri Aug 28 14:54:08 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1175250,1175251 This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2425-1 Released: Tue Sep 1 13:54:05 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1174260 This update for nfs-utils fixes the following issues: - Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2441-1 Released: Tue Sep 1 22:16:10 2020 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1154063 This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2446-1 Released: Wed Sep 2 09:33:22 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2458-1 Released: Wed Sep 2 15:44:30 2020 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 927831 This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2575-1 Released: Wed Sep 9 07:15:49 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1058115,1065600,1065729,1071995,1083548,1085030,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1171988,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1 175770,1175771,1175772,1175786,1175873,1176069,CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce 'poweroff' callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64/sve: should not depend on <uapi/linux/prctl.h> (bsc#1175401). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - constrants: fix malformed XML Closing tag of an element is '', not ''. Fixes: 8b37de2eb835 ('rpm/constraints.in: Increase memory for kernel-docs') - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes - drm/debugfs: fix plain echo to connector 'force' attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins. (bsc#1112178) * move files drivers/video/fbdev/core -> drivers/video/console * refresh for context changes - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kabi: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - KVM: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove 'net' prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - ntb: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - ntb: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix 'try' semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (bsc#1111666). - Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (bsc#1113956) * refresh for context changes - Revert 'ocfs2: avoid inode removal while nfsd is accessing it' This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003). - Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003). - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.) - rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging/speakup: fix get_word non-space look-ahead (git-fixes). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2638-1 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1165580 This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) From sle-updates at lists.suse.com Wed Sep 23 06:24:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 14:24:43 +0200 (CEST) Subject: SUSE-IU-2020:86-1: Security update of sles-15-sp1-chost-byos-v20200922 Message-ID: <20200923122443.8374CFCE2@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp1-chost-byos-v20200922 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:86-1 Image Tags : sles-15-sp1-chost-byos-v20200922:20200922 Image Release : Severity : important Type : security References : 1010996 1051510 1058115 1065600 1065729 1065729 1071152 1071390 1071995 1071995 1082318 1083548 1085030 1085030 1100077 1101023 1106843 1111666 1111666 1112178 1112178 1113225 1113719 1113956 1113956 1114279 1120163 1120862 1121268 1127544 1130864 1130873 1133021 1133297 1136666 1142733 1144333 1144333 1146991 1148868 1149911 1150660 1151708 1151927 1152107 1152148 1152624 1153520 1153953 1154063 1154803 1154871 1155305 1155911 1156913 1158336 1158983 1159058 1160007 1161016 1162002 1162063 1163309 1163524 1164260 1164543 1165476 1165573 1165580 1165629 1166513 1166610 1166965 1166985 1167104 1167122 1168081 1168104 1168235 1168389 1168959 1168990 1168994 1168994 1169194 1169514 1169771 1169790 1169795 1169947 1170011 1170232 1170442 1170475 1170476 1170592 1170617 1170618 1170745 1170801 1170801 1170964 1171124 1171224 1171224 1171284 1171424 1171437 1171529 1171530 1171558 1171558 1171652 1171656 1171688 1171732 1171739 1171743 1171753 1171759 1171835 1171841 1171868 1171878 1171904 1171988 1172073 1172085 1172108 1172135 1172135 1172195 1172247 1172247 1172257 1172307 1172344 1172418 1172428 1172458 1172484 1172537 1172538 1172597 1172687 1172719 1172745 1172759 1172775 1172781 1172782 1172783 1172807 1172807 1172810 1172824 1172871 1172871 1172872 1172872 1172873 1172925 1172963 1172999 1173060 1173060 1173074 1173106 1173146 1173159 1173159 1173160 1173161 1173227 1173229 1173238 1173240 1173265 1173280 1173284 1173338 1173357 1173359 1173411 1173422 1173428 1173485 1173514 1173539 1173567 1173573 1173659 1173746 1173798 1173812 1173818 1173820 1173825 1173826 1173833 1173838 1173839 1173845 1173857 1173954 1174003 1174011 1174026 1174070 1174091 1174113 1174115 1174120 1174122 1174123 1174154 1174186 1174187 1174205 1174260 1174296 1174304 1174306 1174320 1174343 1174356 1174387 1174409 1174421 1174438 1174462 1174463 1174484 1174543 1174547 1174549 1174550 1174551 1174570 1174618 1174625 1174658 1174673 1174685 1174689 1174699 1174734 1174736 1174745 1174757 1174771 1174782 1174840 1174841 1174843 1174844 1174845 1174847 1174852 1174873 1174887 1174904 1174926 1174968 1175036 1175060 1175062 1175063 1175064 1175065 1175066 1175067 1175109 1175112 1175127 1175128 1175149 1175173 1175199 1175213 1175228 1175232 1175250 1175251 1175284 1175393 1175394 1175396 1175397 1175398 1175399 1175400 1175401 1175402 1175403 1175404 1175405 1175406 1175407 1175408 1175409 1175410 1175411 1175412 1175413 1175414 1175415 1175416 1175417 1175418 1175419 1175420 1175421 1175422 1175423 1175440 1175493 1175515 1175518 1175526 1175550 1175626 1175654 1175656 1175666 1175667 1175668 1175669 1175670 1175691 1175740 1175741 1175767 1175768 1175769 1175770 1175771 1175772 1175786 1175811 1175830 1175831 1175873 1176069 1176179 927831 941629 973042 CVE-2018-18751 CVE-2019-16746 CVE-2019-20810 CVE-2019-20907 CVE-2019-20908 CVE-2020-0305 CVE-2020-10135 CVE-2020-10713 CVE-2020-10713 CVE-2020-10730 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14303 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-14416 CVE-2020-15393 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 CVE-2020-15719 CVE-2020-15780 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 CVE-2020-24977 CVE-2020-8231 ----------------------------------------------------------------- The container sles-15-sp1-chost-byos-v20200922 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1370-1 Released: Thu May 21 19:06:00 2020 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1171656 This update for systemd-presets-branding-SLE fixes the following issues: Cleanup of outdated autostart services (bsc#1171656): - Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE. - Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this. - Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1869-1 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1913-1 Released: Tue Jul 14 17:40:42 2020 Summary: Security update for samba Type: security Severity: important References: 1171437,1172307,1173159,1173160,1173161,1173359,CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). - CVE-2020-14303: Fixed an endless loop when receiving at AD DC empty UDP packets (bsc#1173359). - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). - CVE-2020-10760: Fixed a use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV (bsc#1173161). - Added libnetapi-devel to baselibs conf, for wine usage (bsc#1172307). - Fixed an installing issue where samba - samba-ad-dc.service did not exist and unit was not found (bsc#1171437). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1924-1 Released: Wed Jul 15 12:31:23 2020 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1166513 This update for grub2 fixes the following issue: - Skip not needed zfcpdump kernel from the grub boot menu. (bsc#1166513) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1952-1 Released: Fri Jul 17 17:35:24 2020 Summary: Recommended update for zypper-migration-plugin Type: recommended Severity: moderate References: 1171652 This update for zypper-migration-plugin fixes the following issue: - Update from version 0.12.1580220831.7102be8 to version 0.12.1590748670.86b0749 * Make sure that all the release packages are installed. (bsc#1171652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1953-1 Released: Sat Jul 18 03:06:11 2020 Summary: Recommended update for parted Type: recommended Severity: important References: 1164260 This update for parted fixes the following issue: - fix support of NVDIMM (pmemXs) devices (bsc#1164260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1999-1 Released: Wed Jul 22 09:04:32 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1172807 This update for dracut fixes the following issues: - PXE boot process times out (bsc#1172807) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2000-1 Released: Wed Jul 22 09:04:41 2020 Summary: Recommended update for efivar Type: recommended Severity: important References: 1100077,1101023,1120862,1127544 This update for efivar fixes the following issues: - fix logic that checks for UCS-2 string termination (bsc#1127544) - fix casting of IPv4 addresses - Don't require an EUI for NVMe (bsc#1100077) - Add support for ACPI Generic Container and Embedded Controller root nodes (bsc#1101023) - fix for compilation failures bsc#1120862 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2040-1 Released: Fri Jul 24 13:58:53 2020 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1170801,1171224,1172135,1173106,1174011 This update for libsolv, libzypp fixes the following issues: libsolv was updated to version 0.7.14: - Enable zstd compression support for sle15 - Support blacklisted packages in solver_findproblemrule() (bsc#1172135) - Support rules with multiple negative literals in choice rule generation libzypp was updated to version 17.24.0: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Fix core dump with corrupted history file (bsc#1170801) - Better handling of the purge-kernels algorithm. (bsc#1173106) - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2067-1 Released: Wed Jul 29 11:11:40 2020 Summary: Security update for ldb Type: security Severity: moderate References: 1173159,CVE-2020-10730 This update for ldb fixes the following issues: - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2077-1 Released: Wed Jul 29 19:28:39 2020 Summary: Security update for grub2 Type: security Severity: important References: 1168994,1173812,1174463,1174570,CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 This update for grub2 fixes the following issues: - CVE-2020-10713 (bsc#1168994) - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - CVE-2020-15706 (bsc#1174463) - CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2082-1 Released: Thu Jul 30 09:49:35 2020 Summary: Recommended update for google-guest-agent, google-guest-configs, and google-guest-oslogin Type: recommended Severity: moderate References: 1174304,1174306 The python based packages google-compute-engine-init and google-compute-engine-oslogin were deprecated and are now replaced by the new Go based packages google-guest-agent, google-guest-configs, and google-guest-oslogin (jsc#ECO-2099) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2107-1 Released: Mon Aug 3 16:45:00 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1051510,1065729,1071995,1085030,1111666,1112178,1113956,1114279,1144333,1148868,1150660,1151927,1152107,1152624,1158983,1159058,1161016,1162002,1162063,1163309,1166985,1167104,1168081,1168959,1169194,1169514,1169771,1169795,1170011,1170442,1170592,1170617,1170618,1171124,1171424,1171529,1171530,1171558,1171732,1171739,1171743,1171753,1171759,1171835,1171841,1171868,1171904,1172247,1172257,1172344,1172458,1172484,1172537,1172538,1172687,1172719,1172759,1172775,1172781,1172782,1172783,1172871,1172872,1172999,1173060,1173074,1173146,1173265,1173280,1173284,1173428,1173514,1173567,1173573,1173659,1173746,1173818,1173820,1173825,1173826,1173833,1173838,1173839,1173845,1173857,1174113,1174115,1174122,1174123,1174186,1174187,1174296,1174343,1174356,1174409,1174438,1174462,1174543,CVE-2019-16746,CVE-2019-20810,CVE-2019-20908,CVE-2020-0305,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10769,CVE-2020-10773,CVE-2020-10781,CVE-2020-12771,CVE-2020-12888,CVE-2020-13974,CVE-202 0-14416,CVE-2020-15393,CVE-2020-15780 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. (bsc#1173573) - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-0305: Fixed a possible use-after-free due to a race condition incdev_get of char_dev.c. This could lead to local escalation of privilege. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bnc#1173074). - CVE-2019-20908: Fixed incorrect access permissions for the efivar_ssdt ACPI variable, which could be used by attackers to bypass lockdown or secure boot restrictions (bnc#1173567). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c, related to invalid length checks for variable elements in a beacon head (bnc#1152107). The following non-security bugs were fixed: - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - carl9170: remove P2P_GO support (bsc#1111666). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - Fix boot crash with MD (bsc#1174343) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add option for setting control flags (bsc#1111666). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: si2157: Better check for running tuner in init (bsc#1111666). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: fix compilation of user API (bsc#1051510). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - Move upstreamed lpfc patches into sorted section - mvpp2: remove misleading comment (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (networking-stable-20_05_27). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: reorder work kABI fixup (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)). - Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (bsc#1111666). - Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)). - Revert 'thermal: mediatek: fix register index error' (bsc#1111666). - Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove' - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: remove broken lazytime support (bsc#1173826). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add GosunCn GM500 series (bsc#1111666). - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - watchdog: sp805: fix restart handler (bsc#1111666). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - work around mvfs bug (bsc#1162063). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2124-1 Released: Wed Aug 5 09:24:47 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1172597 This update for lvm2 fixes the following issues: - Fixed an issue where the system hangs for 90 seconds before it actually shuts down (bsc#1172597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2165-1 Released: Fri Aug 7 11:04:59 2020 Summary: Recommended update for Linux Kernel Type: recommended Severity: important References: 1174887 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive the following fixes: Fix a regression where virt-manager generated KVM setups and possible others could fail to boot the kernel (bsc#1174887) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2182-1 Released: Mon Aug 10 11:39:48 2020 Summary: Recommended update for open-lldp Type: recommended Severity: moderate References: 1153520,1170745,1171284 This update for open-lldp fixes the following issues: - Fix for a segementation fault, when agents change their MAC address (bsc#1171284) - lldapd will now transmit the permanent MAC address (the MAC address of the underlying physical device) as port id, thus allowing the switch or any management application to differentiate between those ports. (bsc#1153520) - Fix for a segmentation fault, when lldapd registers an interface and it gets shortly removed afterwards. (bsc#1170745) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2208-1 Released: Tue Aug 11 17:25:45 2020 Summary: Recommended update for rsyslog Type: recommended Severity: important References: 1173338 This update for rsyslog fixes the following issues: - Fix for logrotate to avoid unexpected exit with coredump after logrotate. (bsc#1173338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2219-1 Released: Wed Aug 12 15:47:42 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Type: recommended Severity: moderate References: 1170475,1170476,1173238,1173240,1173357,1174618,1174847 This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2222-1 Released: Thu Aug 13 09:08:46 2020 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1130864,1155911,1160007 This update for SUSEConnect fixes the following issues: Update from version 0.3.22 to version 0.3.25 - Don't fail de-activation when '-release' package already got removed. - Fix cloud_provider detection on AWS large instances. (bsc#1160007) - Forbid de-registration for on-demand Public Cloud instances. (bsc#1155911) - Setup customer_center on read-only boot system. (bsc#1130864) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2224-1 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1171878,1172085 This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2245-1 Released: Fri Aug 14 15:27:45 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174782,1175036,1175060 This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2256-1 Released: Mon Aug 17 15:08:46 2020 Summary: Recommended update for sysfsutils Type: recommended Severity: moderate References: 1155305 This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2277-1 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Type: security Severity: moderate References: 1174091,CVE-2019-20907 This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2278-1 Released: Wed Aug 19 21:26:08 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1149911,1151708,1168235,1168389 This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2284-1 Released: Thu Aug 20 16:04:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1010996,1071152,1071390,1154871,1174673,973042 This update for ca-certificates-mozilla fixes the following issues: update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 - reverted p11-kit nss trust integration as it breaks in fresh installations (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2296-1 Released: Mon Aug 24 10:34:37 2020 Summary: Security update for gettext-runtime Type: security Severity: moderate References: 1106843,1113719,941629,CVE-2018-18751 This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2307-1 Released: Tue Aug 25 14:48:39 2020 Summary: Security update for grub2 Type: security Severity: important References: 1172745,1174421,CVE-2020-15705 This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2337-1 Released: Wed Aug 26 13:00:47 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1172807 This update for dracut fixes the following issue: - Fix typo in did setup conditional. (bsc#1172807) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2352-1 Released: Thu Aug 27 07:29:16 2020 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1172810,1174120 This update for samba fixes the following issues: - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) - Fix for command 'net' as it is unable to negotiate with 'SMB2'. (bsc#1174120) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2380-1 Released: Fri Aug 28 14:54:08 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1175250,1175251 This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2425-1 Released: Tue Sep 1 13:54:05 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1174260 This update for nfs-utils fixes the following issues: - Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2441-1 Released: Tue Sep 1 22:16:10 2020 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1154063 This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2446-1 Released: Wed Sep 2 09:33:22 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2458-1 Released: Wed Sep 2 15:44:30 2020 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 927831 This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2575-1 Released: Wed Sep 9 07:15:49 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1058115,1065600,1065729,1071995,1083548,1085030,1111666,1112178,1113956,1120163,1133021,1136666,1144333,1152148,1163524,1165629,1166965,1169790,1170232,1171558,1171688,1171988,1172073,1172108,1172247,1172418,1172428,1172871,1172872,1172873,1172963,1173060,1173485,1173798,1173954,1174003,1174026,1174070,1174205,1174387,1174484,1174547,1174549,1174550,1174625,1174658,1174685,1174689,1174699,1174734,1174757,1174771,1174840,1174841,1174843,1174844,1174845,1174852,1174873,1174904,1174926,1174968,1175062,1175063,1175064,1175065,1175066,1175067,1175112,1175127,1175128,1175149,1175199,1175213,1175228,1175232,1175284,1175393,1175394,1175396,1175397,1175398,1175399,1175400,1175401,1175402,1175403,1175404,1175405,1175406,1175407,1175408,1175409,1175410,1175411,1175412,1175413,1175414,1175415,1175416,1175417,1175418,1175419,1175420,1175421,1175422,1175423,1175440,1175493,1175515,1175518,1175526,1175550,1175654,1175666,1175667,1175668,1175669,1175670,1175691,1175767,1175768,1175769,1 175770,1175771,1175772,1175786,1175873,1176069,CVE-2020-10135,CVE-2020-14314,CVE-2020-14331,CVE-2020-14356,CVE-2020-14386,CVE-2020-16166,CVE-2020-1749,CVE-2020-24394 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce 'poweroff' callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64/sve: should not depend on <uapi/linux/prctl.h> (bsc#1175401). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - constrants: fix malformed XML Closing tag of an element is '', not ''. Fixes: 8b37de2eb835 ('rpm/constraints.in: Increase memory for kernel-docs') - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes - drm/debugfs: fix plain echo to connector 'force' attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins. (bsc#1112178) * move files drivers/video/fbdev/core -> drivers/video/console * refresh for context changes - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kabi: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - KVM: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove 'net' prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - ntb: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - ntb: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix 'try' semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (bsc#1111666). - Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (bsc#1113956) * refresh for context changes - Revert 'ocfs2: avoid inode removal while nfsd is accessing it' This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003). - Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003). - Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.) - rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - sched/deadline: Initialize ->dl_boosted (bsc#1112178). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666). - scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666). - scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666). - scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666). - scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060). - scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666). - scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666). - scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666). - scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666). - scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666). - scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging/speakup: fix get_word non-space look-ahead (git-fixes). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: Ensure FDB dump is performed under RCU (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1112178). - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2629-1 Released: Mon Sep 14 18:12:01 2020 Summary: Security update for shim Type: security Severity: moderate References: 1113225,1121268,1153953,1168104,1168994,1173411,1174320,1175626,1175656,CVE-2020-10713 This update for shim fixes the following issues: This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Changes: Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994) + Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin + Add vendor-dbx.bin as the vendor dbx to block unwanted keys - Update the path to grub-tpm.efi in shim-install (bsc#1174320) - Only check EFI variable copying when Secure Boot is enabled (bsc#1173411) - Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd (bsc#1168104) - shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. (bsc#1153953) - shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2638-1 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1165580 This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2655-1 Released: Wed Sep 16 14:44:27 2020 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin Type: recommended Severity: moderate References: 1174745,1175173,1175740,1175741 This update for google-guest-agent, google-guest-configs, google-guest-oslogin contains the following fixes: - Update to version 20200819.00. (bsc#1175740, bsc#1175741) * handle oslogin enable/disable cases (#70). (bsc#1175173) * add README (#69) * Fix metric for addIPForwardEntry (#68) * Correctly determine default route index (#67) * oslogin: dont add entry to pam.d/su (#66) * end group.conf with newline (#64) * Add source field in googet spec (#59) * Set route to metadata on interface with default route (#47) * fix typo in boto.cfg (#62) - Properly handle enabling of systemd services when upgrading from the old google-compute-engine-init package (bsc#1174745) - Update to version 20200626.00. (bsc#1175740, bsc#1175741) * Updates the udev rules for local SSD disks. (#9) * Fix tx affinity logic when number of CPUs is above 32 (#6) - Switch udev requires to pkgconfig to allow the build service to use the -mini package for build optimization - Update to version 20200819.00. (bsc#1175740, bsc#1175741) * deny non-2fa users (#37) * use asterisks instead (#39) * set passwords to ! (#38) * correct index 0 bug (#36) * Support security key generated OTP challenges. (#35) - No post action for ssh From sle-updates at lists.suse.com Wed Sep 23 06:25:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 14:25:21 +0200 (CEST) Subject: SUSE-IU-2020:87-1: Security update of suse-sles-15-sp2-chost-byos-v20200922-gen2 Message-ID: <20200923122521.EC1CCFCE2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20200922-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:87-1 Image Tags : suse-sles-15-sp2-chost-byos-v20200922-gen2:20200922 Image Release : Severity : important Type : security References : 1027519 1058115 1065600 1065729 1065729 1071995 1071995 1085030 1085030 1093910 1096405 1096406 1096407 1096408 1100077 1101023 1106843 1113225 1113719 1115750 1118118 1120163 1120862 1121268 1127544 1130528 1132087 1133021 1136031 1136132 1141320 1142733 1146358 1146359 1146991 1148868 1149032 1149164 1149911 1151708 1152472 1152472 1152489 1152489 1153274 1153274 1153520 1153953 1154063 1154353 1154353 1154488 1154492 1154492 1155305 1155518 1155518 1155798 1156395 1156395 1156913 1157169 1158050 1158242 1158265 1158336 1158748 1158765 1158983 1159058 1159086 1159781 1159867 1160634 1160947 1161495 1161573 1162002 1162063 1162400 1162680 1162702 1164260 1164648 1164777 1164780 1165211 1165580 1165828 1165933 1165975 1166985 1167104 1167494 1167651 1167773 1167773 1168104 1168230 1168235 1168389 1168422 1168669 1168779 1168838 1168959 1168994 1168994 1169021 1169094 1169095 1169194 1169444 1169514 1169521 1169681 1169771 1169790 1169850 1169851 1169947 1169997 1170011 1170154 1170284 1170442 1170475 1170476 1170617 1170745 1170774 1170801 1170879 1170891 1170895 1170964 1171150 1171189 1171191 1171219 1171220 1171246 1171284 1171417 1171437 1171513 1171529 1171530 1171546 1171634 1171652 1171656 1171662 1171688 1171688 1171699 1171732 1171739 1171743 1171759 1171828 1171857 1171868 1171878 1171904 1171915 1171982 1171983 1171988 1171995 1172017 1172040 1172046 1172061 1172062 1172063 1172064 1172065 1172066 1172067 1172068 1172069 1172073 1172085 1172086 1172095 1172108 1172169 1172170 1172195 1172197 1172201 1172205 1172208 1172223 1172247 1172307 1172342 1172343 1172344 1172356 1172365 1172366 1172374 1172383 1172384 1172386 1172391 1172393 1172394 1172396 1172418 1172453 1172458 1172467 1172477 1172484 1172495 1172537 1172543 1172566 1172687 1172698 1172704 1172710 1172719 1172739 1172745 1172751 1172759 1172775 1172781 1172782 1172783 1172807 1172807 1172810 1172814 1172816 1172823 1172824 1172841 1172861 1172871 1172871 1172925 1172929 1172938 1172939 1172940 1172956 1172963 1172983 1172984 1172985 1172986 1172987 1172988 1172989 1172990 1172999 1173032 1173060 1173068 1173074 1173085 1173106 1173139 1173159 1173160 1173161 1173206 1173227 1173229 1173238 1173240 1173271 1173274 1173280 1173284 1173336 1173357 1173359 1173376 1173377 1173378 1173380 1173411 1173422 1173428 1173438 1173461 1173468 1173485 1173514 1173539 1173552 1173560 1173573 1173582 1173625 1173746 1173776 1173798 1173812 1173813 1173817 1173818 1173820 1173822 1173823 1173824 1173825 1173826 1173827 1173828 1173830 1173831 1173832 1173833 1173834 1173836 1173837 1173838 1173839 1173841 1173843 1173844 1173845 1173847 1173849 1173860 1173866 1173894 1173941 1173954 1174002 1174003 1174011 1174018 1174026 1174072 1174091 1174116 1174120 1174126 1174127 1174128 1174129 1174154 1174185 1174205 1174244 1174247 1174260 1174263 1174264 1174320 1174320 1174331 1174332 1174333 1174345 1174356 1174362 1174387 1174396 1174398 1174407 1174409 1174411 1174421 1174438 1174443 1174444 1174462 1174463 1174484 1174513 1174527 1174543 1174543 1174551 1174567 1174570 1174618 1174625 1174627 1174645 1174673 1174689 1174699 1174736 1174737 1174757 1174762 1174770 1174771 1174777 1174782 1174805 1174824 1174825 1174847 1174852 1174865 1174880 1174897 1174906 1174969 1175009 1175010 1175011 1175012 1175013 1175014 1175015 1175016 1175017 1175018 1175019 1175020 1175021 1175036 1175052 1175060 1175109 1175112 1175116 1175128 1175149 1175175 1175176 1175180 1175181 1175182 1175183 1175184 1175185 1175186 1175187 1175188 1175189 1175190 1175191 1175192 1175195 1175198 1175199 1175213 1175232 1175250 1175251 1175263 1175284 1175296 1175344 1175345 1175346 1175347 1175367 1175377 1175440 1175493 1175546 1175550 1175626 1175654 1175656 1175691 1175766 1175768 1175769 1175770 1175771 1175772 1175774 1175775 1175811 1175830 1175831 1175834 1175873 1176069 1176134 1176179 1176591 927831 941629 962849 996146 CVE-2018-18751 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 CVE-2018-4700 CVE-2019-19462 CVE-2019-20810 CVE-2019-20812 CVE-2019-20907 CVE-2019-8675 CVE-2019-8696 CVE-2020-0305 CVE-2020-0543 CVE-2020-10135 CVE-2020-10700 CVE-2020-10704 CVE-2020-10711 CVE-2020-10713 CVE-2020-10713 CVE-2020-10730 CVE-2020-10732 CVE-2020-10745 CVE-2020-10751 CVE-2020-10760 CVE-2020-10761 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-10781 CVE-2020-12402 CVE-2020-12656 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13800 CVE-2020-13974 CVE-2020-14303 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-14416 CVE-2020-14422 CVE-2020-15393 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 CVE-2020-15719 CVE-2020-15780 CVE-2020-16166 CVE-2020-24977 CVE-2020-3898 CVE-2020-8023 CVE-2020-8231 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20200922-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1476-1 Released: Thu Aug 2 14:20:03 2018 Summary: Security update for cups Type: security Severity: moderate References: 1096405,1096406,1096407,1096408,CVE-2018-4180,CVE-2018-4181,CVE-2018-4182,CVE-2018-4183 This update for cups fixes the following issues: The following security vulnerabilities were fixed: - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2882-1 Released: Mon Dec 10 08:07:44 2018 Summary: Security update for cups Type: security Severity: important References: 1115750,CVE-2018-4700 This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:608-1 Released: Wed Mar 13 15:21:02 2019 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1118118 This update for cups fixes the following issues: - Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2357-1 Released: Wed Sep 11 13:26:14 2019 Summary: Recommended update for lmdb Type: recommended Severity: moderate References: 1136132 This update for lmdb fixes the following issues: - Fix occasional crash when freed pages landed on the dirty list twice (bsc#1136132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3030-1 Released: Thu Nov 21 19:11:25 2019 Summary: Security update for cups Type: security Severity: important References: 1146358,1146359,CVE-2019-8675,CVE-2019-8696 This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:365-1 Released: Fri Feb 7 13:48:54 2020 Summary: Recommended update for lmdb Type: recommended Severity: moderate References: 1159086 This update for lmdb fixes the following issues: - Fix assert in LMBD during 'mdb_page_search_root'. (bsc#1159086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:517-1 Released: Thu Feb 27 14:39:01 2020 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1130528,1132087,1136031,1149164 This update for cifs-utils fixes the following issues: Update cifs-utils 6.9; (bsc#1132087); (bsc#1136031). * follow SMB default version changes in the kernel. * adds fixes for Azure * new smbinfo utility - Fix double-free in mount.cifs; (bsc#1149164). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1083-1 Released: Thu Apr 23 11:31:23 2020 Summary: Security update for cups Type: security Severity: important References: 1168422,CVE-2020-3898 This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1370-1 Released: Thu May 21 19:06:00 2020 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1171656 This update for systemd-presets-branding-SLE fixes the following issues: Cleanup of outdated autostart services (bsc#1171656): - Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE. - Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this. - Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1795-1 Released: Mon Jun 29 11:22:45 2020 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1172566 This update for lvm2 fixes the following issues: - Fix potential data loss problem with LVM cache (bsc#1172566) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1821-1 Released: Thu Jul 2 08:39:34 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1172807,1172816 This update for dracut fixes the following issues: - 35network-legacy: Fix dual stack setups. (bsc#1172807) - 95iscsi: fix missing space when compiling cmdline args. (bsc#1172816) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1822-1 Released: Thu Jul 2 11:30:42 2020 Summary: Security update for python3 Type: security Severity: important References: 1173274,CVE-2020-14422 This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1850-1 Released: Mon Jul 6 14:44:39 2020 Summary: Security update for mozilla-nss Type: security Severity: moderate References: 1168669,1173032,CVE-2020-12402 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1852-1 Released: Mon Jul 6 16:50:21 2020 Summary: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Type: recommended Severity: moderate References: 1169444 This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1885-1 Released: Fri Jul 10 14:54:22 2020 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1170154,1171546,1171995 This update for cloud-init contains the following fixes: - rsyslog warning, '~' is deprecated: (bsc#1170154) + replace deprecated syntax '& ~' by '& stop' for more information please see https://www.rsyslog.com/rsyslog-error-2307/. + Explicitly test for netconfig version 1 as well as 2. + Handle netconfig v2 device configurations (bsc#1171546, bsc#1171995) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1902-1 Released: Tue Jul 14 15:19:43 2020 Summary: Security update for xen Type: security Severity: important References: 1027519,1172205,1173376,1173377,1173378,1173380,CVE-2020-0543,CVE-2020-15563,CVE-2020-15565,CVE-2020-15566,CVE-2020-15567 This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205). Additional upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1938-1 Released: Thu Jul 16 14:43:32 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1169947,1170801,1172925,1173106 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to: - Enable zstd compression support for sle15 zypper was updated to version 1.14.37: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) libzypp was updated to 17.24.0 - Fix core dump with corrupted history file (bsc#1170801) - Enable zchunk metadata download if libsolv supports it. - Better handling of the purge-kernels algorithm. (bsc#1173106) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1948-1 Released: Fri Jul 17 14:48:02 2020 Summary: Security update for ldb, samba Type: security Severity: important References: 1141320,1162680,1169095,1169521,1169850,1169851,1171437,1172307,1173159,1173160,1173161,1173359,1174120,CVE-2020-10700,CVE-2020-10704,CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); - Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521); Changes in ldb: - Update to version 2.0.12 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + lib/ldb: add unit test for ldb_ldap internal code. - Update to version 2.0.11 + lib ldb: lmdb init var before calling mdb_reader_check. + lib ldb: lmdb clear stale readers on write txn start; (bso#14330). + ldb tests: Confirm lmdb free list handling ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1950-1 Released: Fri Jul 17 17:16:21 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1161573,1165828,1169997,1172807,1173560 This update for dracut fixes the following issues: - Update to version 049.1+suse.152.g8506e86f: * 01fips: modprobe failures during manual module loading is not fatal. (bsc#bsc#1169997) * 91zipl: parse-zipl.sh: honor SYSTEMD_READY. (bsc#1165828) * 95iscsi: fix ipv6 target discovery. (bsc#1172807) * 35network-legacy: correct conditional for creating did-setup file. (bsc#1172807) - Update to version 049.1+suse.148.gc4a6c2dd: * 95fcoe: load 'libfcoe' module as a fallback. (bsc#1173560) * 99base: enable the initqueue in both 'dracut --add-device' and 'dracut --mount' cases. (bsc#1161573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1952-1 Released: Fri Jul 17 17:35:24 2020 Summary: Recommended update for zypper-migration-plugin Type: recommended Severity: moderate References: 1171652 This update for zypper-migration-plugin fixes the following issue: - Update from version 0.12.1580220831.7102be8 to version 0.12.1590748670.86b0749 * Make sure that all the release packages are installed. (bsc#1171652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1953-1 Released: Sat Jul 18 03:06:11 2020 Summary: Recommended update for parted Type: recommended Severity: important References: 1164260 This update for parted fixes the following issue: - fix support of NVDIMM (pmemXs) devices (bsc#1164260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1954-1 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1172396 This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1986-1 Released: Tue Jul 21 16:06:12 2020 Summary: Recommended update for openvswitch Type: recommended Severity: moderate References: 1172861,1172929 This update for openvswitch fixes the following issues: - Preserve the old default OVS_USER_ID for users that removed the override at /etc/sysconfig/openvswitch. (bsc#1172861) - Fix possible changes of openvswitch configuration during upgrades. (bsc#1172929) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1987-1 Released: Tue Jul 21 17:02:15 2020 Summary: Recommended update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings Type: recommended Severity: important References: 1172477,1173336,1174011 This update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings fixes the following issues: libsolv: - No source changes, just shipping it as an installer update (required by yast2-pkg-bindings). libzypp: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) yast2-packager: - Handle variable expansion in repository name. (bsc#1172477) - Improve medium type detection, do not report Online medium when the /media.1/products file is missing in the repository, SMT does not mirror this file. (bsc#1173336) yast2-pkg-bindings: - Extensions to handle raw repository name. (bsc#1172477) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2000-1 Released: Wed Jul 22 09:04:41 2020 Summary: Recommended update for efivar Type: recommended Severity: important References: 1100077,1101023,1120862,1127544 This update for efivar fixes the following issues: - fix logic that checks for UCS-2 string termination (bsc#1127544) - fix casting of IPv4 addresses - Don't require an EUI for NVMe (bsc#1100077) - Add support for ACPI Generic Container and Embedded Controller root nodes (bsc#1101023) - fix for compilation failures bsc#1120862 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2015-1 Released: Thu Jul 23 09:21:24 2020 Summary: Security update for qemu Type: security Severity: important References: 1172383,1172384,1172386,1172495,1172710,CVE-2020-10761,CVE-2020-13361,CVE-2020-13362,CVE-2020-13659,CVE-2020-13800 This update for qemu to version 4.2.1 fixes the following issues: - CVE-2020-10761: Fixed a denial of service in Network Block Device (nbd) support infrastructure (bsc#1172710). - CVE-2020-13800: Fixed a denial of service possibility in ati-vga emulation (bsc#1172495). - CVE-2020-13659: Fixed a null pointer dereference possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172386). - CVE-2020-13362: Fixed an OOB access possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172383). - CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation (bsc#1172384). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2018-1 Released: Thu Jul 23 09:35:42 2020 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1172040 This update for apparmor fixes the following issues: - Add 'UI_Showfile' so Yast shows the profile correctly. (bsc#1172040) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2074-1 Released: Wed Jul 29 18:59:46 2020 Summary: Security update for grub2 Type: security Severity: important References: 1168994,1173812,1174463,1174570,CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer - Use grub_calloc for overflow check and return NULL when it would occur ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2105-1 Released: Mon Aug 3 16:42:25 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1058115,1065729,1071995,1085030,1148868,1152472,1152489,1153274,1154353,1154492,1155518,1155798,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158983,1159781,1159867,1160947,1161495,1162002,1162063,1162400,1162702,1164648,1164777,1164780,1165211,1165933,1165975,1166985,1167104,1167651,1167773,1168230,1168779,1168838,1168959,1169021,1169094,1169194,1169514,1169681,1169771,1170011,1170284,1170442,1170617,1170774,1170879,1170891,1170895,1171150,1171189,1171191,1171219,1171220,1171246,1171417,1171513,1171529,1171530,1171662,1171688,1171699,1171732,1171739,1171743,1171759,1171828,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172169,1172170,1172201,1172208,1172223,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172739,1172751,1172759,1172775,1172781,1172782,1 172783,1172814,1172823,1172841,1172871,1172938,1172939,1172940,1172956,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173060,1173068,1173074,1173085,1173139,1173206,1173271,1173280,1173284,1173428,1173438,1173461,1173514,1173552,1173573,1173625,1173746,1173776,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1174018,1174072,1174116,1174126,1174127,1174128,1174129,1174185,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174513,1174527,1174543,1174627,962849,CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0305,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020- 13143,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (bnc#1158265). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c could result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3 (bnc#1172453). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth?? BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem in versions This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-10781: A zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). - CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bnc#1171983). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-13143: gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c relies on kstrdup without considering the possibility of an internal '\0' value, which allowed attackers to trigger an out-of-bounds read (bnc#1171982). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). The following non-security bugs were fixed: - ACPICA: Dispatcher: add status checks (git-fixes). - ACPICA: Fixes for acpiExec namespace init file (git-fixes). - ACPI: configfs: Disallow loading ACPI tables when locked down (git-fixes). - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (git-fixes). - ACPI: GED: add support for _Exx / _Lxx handler methods (git-fixes). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (git-fixes). - ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes). - ACPI: PM: Avoid using power resources if there are none for D0 (git-fixes). - ACPI: sysfs: Fix pm_profile_attr type (git-fixes). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (git-fixes). - ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes). - af_unix: add compat_ioctl support (git-fixes). - agp/intel: Reinforce the barrier after GTT updates (git-fixes). - aio: fix async fsync creds (bsc#1173828). - ALSA: emu10k1: delete an unnecessary condition (git-fixes). - ALSA: es1688: Add the missed snd_card_free() (git-fixes). - ALSA: fireface: fix configuration error for nominal sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix invalid assignment to union data for directional parameter (git-fixes). - ALSA: hda: Add ElkhartLake HDMI codec vid (git-fixes). - ALSA: hda: add member to store ratio for stripe control (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (git-fixes). - ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes). - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261). - ALSA: hda - let hs_mic be picked ahead of hp_mic (git-fixes). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (git-fixes). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (git-fixes). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (git-fixes). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (git-fixes). - ALSA: hda/realtek - fixup for yet another Intel reference board (git-fixes). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (git-fixes). - ALSA: hda/tegra: correct number of SDO lines for Tegra194 (git-fixes). - ALSA: hda/tegra: workaround playback failure on Tegra194 (git-fixes). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: line6: Sync the pending work cancel at disconnection (git-fixes). - ALSA: opl3: fix infoleak in opl3 (git-fixes). - ALSA: pcm: disallow linking stream to itself (git-fixes). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: fix snd_pcm_link() lockdep splat (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (git-fixes). - ALSA: usb-audio: Clean up quirk entries with macros (git-fixes). - ALSA: usb-audio: Fix a limit check in proc_dump_substream_formats() (git-fixes). - ALSA: usb-audio: Fix inconsistent card PM state after resume (git-fixes). - ALSA: usb-audio: fixing upper volume limit for RME Babyface Pro routing crosspoints (git-fixes). - ALSA: usb-audio: Fixing usage of plain int instead of NULL (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix packet size calculation (bsc#1173847). - ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: Fix racy list management in output queue (git-fixes). - ALSA: usb-audio: Improve frames size computation (git-fixes). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (git-fixes). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Print more information in stream proc files (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Remove async workaround for Scarlett 2nd gen (git-fixes). - ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes). - ALSA: usb-audio: RME Babyface Pro mixer patch (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (git-fixes). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (networking-stable-20_04_17). - apparmor: ensure that dfa state tables have entries (git-fixes). - apparmor: fix introspection of of task mode for unconfined tasks (git-fixes). - apparmor: Fix memory leak of profile proxy (git-fixes). - apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes). - apparmor: remove useless aafs_create_symlink (git-fixes). - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id (bsc#1174398). - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode (bsc#1174398). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12424). - ARM: oxnas: make ox820_boot_secondary static (git-fixes). - asm-gemeric/tlb: remove stray function declarations (bsc#1156395). - ASoC: codecs: max98373: Removed superfluous volume control from chip default (git-fixes). - ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend (git-fixes). - ASoC: core: only convert non DPCM link to DPCM link (git-fixes). - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type (git-fixes). - ASoC: fix incomplete error-handling in img_i2s_in_probe (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes). - ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet (git-fixes). - ASoC: intel: cht_bsw_max98090_ti: Add all Chromebooks that need pmc_plt_clk_0 quirk (bsc#1171246). - ASoC: intel - fix the card names (git-fixes). - ASoC: max98373: reorder max98373_reset() in resume (git-fixes). - ASoC: max9867: fix volume controls (git-fixes). - ASoC: meson: add missing free_irq() in error path (git-fixes). - ASoc: q6afe: add support to get port direction (git-fixes). - ASoC: q6asm: handle EOS correctly (git-fixes). - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes). - ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes). - ASoC: rockchip: Fix a reference count leak (git-fixes). - ASoC: rt286: fix unexpected interrupt happens (git-fixes). - ASoC: rt5645: Add platform-data for Asus T101HA (git-fixes). - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5682: Report the button event in the headset type only (git-fixes). - ASoC: SOF: core: fix error return code in sof_probe_continue() (git-fixes). - ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes). - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags (git-fixes). - ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes). - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()' (git-fixes). - ASoC: topology: fix kernel oops on route addition error (git-fixes). - ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes). - ASoC: ux500: mop500: Fix some refcounted resources issues (git-fixes). - ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes). - ASoC: wm8974: remove unsupported clock mode (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: fix kernel null pointer dereference (git-fixes). - ath10k: Fix the race condition in firmware dump work queue (git-fixes). - ath10k: Remove ath10k_qmi_register_service_notifier() declaration (git-fixes). - ath10k: remove the max_sched_scan_reqs value (git-fixes). - ath10k: Skip handling del_server during driver exit (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (git-fixes). - ath9k: Fix use-after-free Read in htc_connect_service (git-fixes). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (git-fixes). - ax25: fix setsockopt(SO_BINDTODEVICE) (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Fix connection problem with WPA3 (git-fixes). - b43legacy: Fix case where channel status is corrupted (git-fixes). - b43_legacy: Fix connection problem with WPA3 (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - batman-adv: Revert 'disable ethtool link speed detection when auto negotiation off' (git-fixes). - bdev: fix bdev inode reference count disbalance regression (bsc#1174244) - bfq: Avoid false bfq queue merging (bsc#1171513). - bfq: Fix check detecting whether waker queue should be selected (bsc#1168838). - bfq: Use only idle IO periods for think time calculations (bsc#1171513). - bfq: Use 'ttime' local variable (bsc#1171513). - blacklist.conf: Add 9486727f5981 iommu/vt-d: Make Intel SVM code 64-bit only - blacklist.conf: Add superfluous stable commit IDs - blacklist.conf: cleanup removing unused exported symbols, unavoidable kABI breakage - blacklist.conf: for future infrastructure, and will need kABI workarounds in each user, only if we really need it - blk-iocost: Fix error on iocost_ioc_vrate_adj (bsc#1173206). - blk-iocost: fix incorrect vtime comparison in iocg_is_idle() (bsc#1173206). - blk-mq: consider non-idle request as 'inflight' in blk_mq_rq_inflight() (bsc#1165933). - block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (bsc#1173817). - block: Fix use-after-free in blkdev_get() (bsc#1173834). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes). - Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes). - Bluetooth: btmtkuart: Improve exception handling in btmtuart_probe() (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150). - bnxt_en: fix firmware message length endianness (bsc#1173894). - bnxt_en: Fix return code to 'flash_device' (bsc#1173894). - bnxt_en: Improve TQM ring context memory sizing formulas (jsc#SLE-8371 bsc#1153274). - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274). - bnxt_en: Return from timer if interface is not in open state (jsc#SLE-8371 bsc#1153274). - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274). - bpf: Document optval > PAGE_SIZE behavior for sockopt hooks (bsc#1155518). - bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518). - bpf: Do not return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE (bsc#1155518). - bpf: Fix an error code in check_btf_func() (bsc#1154353). - bpf: Fix map permissions check (bsc#1155518). - bpf: Prevent mmap()'ing read-only maps as writable (bsc#1155518). - bpf: Restrict bpf_probe_read{, str}() only to archs where they work (bsc#1172344). - bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier (bsc#1172344). - bpf, sockhash: Synchronize_rcu before free'ing map (git-fixes). - bpf, sockmap: Check update requirements after locking (git-fixes). - bpf: Undo internal BPF_PROBE_MEM in BPF insns dump (bsc#1155518). - bpf, xdp, samples: Fix null pointer dereference in *_user code (bsc#1155518). - brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094). - brcmfmac: fix wrong location to get firmware feature (git-fixes). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - bridge: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes). - bus: ti-sysc: Ignore clockactivity unless specified as a quirk (git-fixes). - carl9170: remove P2P_GO support (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: add comments for handle_cap_flush_ack logic (bsc#1172940). - ceph: allow rename operation under different quota realms (bsc#1172988). - ceph: ceph_kick_flushing_caps needs the s_mutex (bsc#1172986). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1172984 bsc#1167104). - ceph: document what protects i_dirty_item and i_flushing_item (bsc#1172940). - ceph: do not release i_ceph_lock in handle_cap_trunc (bsc#1172940). - ceph: do not return -ESTALE if there's still an open file (bsc#1171915). - ceph: do not take i_ceph_lock in handle_cap_import (bsc#1172940). - ceph: fix potential race in ceph_check_caps (bsc#1172940). - ceph: flush release queue when handling caps for unknown inode (bsc#1172939). - ceph: make sure mdsc->mutex is nested in s->s_mutex to fix dead lock (bsc#1172989). - ceph: normalize 'delta' parameter usage in check_quota_exceeded (bsc#1172987). - ceph: reorganize __send_cap for less spinlock abuse (bsc#1172940). - ceph: request expedited service on session's last cap flush (bsc#1172985 bsc#1167104). - ceph: reset i_requested_max_size if file write is not wanted (bsc#1172983). - ceph: skip checking caps when session reconnecting and releasing reqs (bsc#1172990). - ceph: split up __finish_cap_flush (bsc#1172940). - ceph: throw a warning if we destroy session with mutex still locked (bsc#1172940). - char/random: Add a newline at the end of the file (jsc#SLE-12424). - clk: bcm2835: Fix return type of bcm2835_register_gate (git-fixes). - clk: bcm2835: Remove casting to bcm2835_clk_register (git-fixes). - clk: clk-flexgen: fix clock-critical handling (git-fixes). - clk: mediatek: assign the initial value to clk_init_data of mtk_mux (git-fixes). - clk: meson: meson8b: Do not rely on u-boot to init all GP_PLL registers (git-fixes). - clk: meson: meson8b: Fix the polarity of the RESET_N lines (git-fixes). - clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits (git-fixes). - clk: qcom: Add missing msm8998 ufs_unipro_core_clk_src (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical (git-fixes). - clk: sifive: allocate sufficient memory for struct __prci_data (git-fixes). - clk: sprd: return correct type of value for _sprd_pll_recalc_rate (git-fixes). - clk: sunxi: Fix incorrect usage of round_down() (git-fixes). - clk: ti: am33xx: fix RTC clock parent (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (git-fixes). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (git-fixes). - component: Silence bind error on -EPROBE_DEFER (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1172739 - coredump: fix crash when umh is disabled (git-fixes). - coredump: fix null pointer dereference on coredump (git-fixes). - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes). - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once (git-fixes). - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn (git-fixes). - cpuidle: Fix three reference count leaks (git-fixes). - crypto: algapi - Avoid spurious modprobe on LOADED (git-fixes). - crypto: algboss - do not wait during notifier callback (git-fixes). - crypto: algif_skcipher - Cap recv SG list at ctx->used (git-fixes). - crypto - Avoid free() namespace collision (git-fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp -- do not 'select' CONFIG_DMADEVICES (git-fixes). - crypto/chcr: fix for ccm(aes) failed test (git-fixes). - crypto: chelsio/chtls: properly set tp->lsndtime (git-fixes). - crypto: drbg - fix error return code in drbg_alloc_state() (git-fixes). - crypto: omap-sham - add proper load balancing support for multicore (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: stm32/crc32 - fix multi-instance (git-fixes). - crypto: stm32/crc32 - fix run-time self test issue (git-fixes). - cxgb4: fix adapter crash due to wrong MC size (networking-stable-20_04_27). - cxgb4: fix large delays in PTP synchronization (networking-stable-20_04_27). - dccp: Fix possible memleak in dccp_init and dccp_fini (networking-stable-20_06_16). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - devlink: fix return value after hitting end in region read (networking-stable-20_05_12). - devmap: Use bpf_map_area_alloc() for allocating hash buckets (bsc#1154353). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dma-coherent: fix integer overflow in the reserved-memory dma allocation (git-fixes). - dma-debug: fix displaying of dma allocation type (git-fixes). - dma-direct: fix data truncation in dma_direct_get_required_mask() (git-fixes). - dmaengine: dmatest: Fix process hang when reading 'wait' parameter (git-fixes). - dmaengine: dmatest: Restore default for channel (git-fixes). - dmaengine: dmatest: stop completed threads when running without set channel (git-fixes). - dmaengine: dw: Initialize channel before each transfer (git-fixes). - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes). - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler (git-fixes). - dmaengine: mmp_tdma: Do not ignore slave config validation errors (git-fixes). - dmaengine: mmp_tdma: Reset channel error on release (git-fixes). - dmaengine: owl: Use correct lock in owl_dma_get_pchan() (git-fixes). - dmaengine: pch_dma.c: Avoid data race between probe and irq handler (git-fixes). - dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (git-fixes). - dm: do not use waitqueue for request-based DM (bsc#1165933). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: reject asynchronous pmem devices (bsc#1156395). - dpaa2-eth: prevent array underflow in update_cls_rule() (networking-stable-20_05_16). - dpaa2-eth: properly handle buffer size restrictions (networking-stable-20_05_16). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174396). - dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: phy: sr-usb: do not use internal fsm for USB2 phy init (git-fixes). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (git-fixes). - drm/amd/display: add basic atomic check for cursor plane (git-fixes). - drm/amd/display: drop cursor position check in atomic test (git-fixes). - drm: amd/display: fix Kconfig help text (bsc#1152489) * context changes - drm/amd/display: Only revalidate bandwidth on medium and fast updates (git-fixes). - drm/amd/display: Prevent dpcd reads with passive dongles (git-fixes). - drm/amd/display: Revalidate bandwidth before commiting DC updates (git-fixes). - drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (git-fixes). - drm/amd: fix potential memleak in err branch (git-fixes). - drm/amdgpu: add fw release for sdma v5_0 (git-fixes). - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes). - drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes). - drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes). - drm/amdgpu: fix gfx hang during suspend with video playback (v2) (git-fixes). - drm/amdgpu: fix the hw hang during perform system reboot and reset (git-fixes). - drm/amdgpu: force fbdev into vram (bsc#1152472) * context changes - drm/amdgpu: Init data to avoid oops while reading pp_num_states (git-fixes). - drm/amdgpu: invalidate L2 before SDMA IBs (v2) (git-fixes). - drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1152472) - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes). - drm/amdgpu: simplify padding calculations (v2) (git-fixes). - drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes). - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (git-fixes). - drm/amd/powerplay: avoid using pm_en before it is initialized revised (git-fixes). - drm/amd/powerplay: perform PG ungate prior to CG ungate (git-fixes). - drm: bridge: adv7511: Extend list of audio sample rates (git-fixes). - drm/connector: notify userspace on hotplug after register complete (bsc#1152489) * context changes - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (git-fixes). - drm/edid: Add Oculus Rift S to non-desktop list (git-fixes). - drm: encoder_slave: fix refcouting error for modules (git-fixes). - drm/etnaviv: fix perfmon domain interation (git-fixes). - drm/etnaviv: rework perfmon query infrastructure (git-fixes). - drm/exynos: fix ref count leak in mic_pre_enable (git-fixes). - drm/exynos: Properly propagate return value in drm_iommu_attach_device() (git-fixes). - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is (bsc#1152489) - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is disabled (git-fixes). - drm/i915: extend audio CDCLK>=2*BCLK constraint to more platforms (git-fixes). - drm/i915: Extend WaDisableDARBFClkGating to icl,ehl,tgl (bsc#1152489) - drm/i915: fix port checks for MST support on gen >= 11 (git-fixes). - drm/i915/gem: Avoid iterating an empty list (git-fixes). - drm/i915/gt: Do not schedule normal requests immediately along (bsc#1152489) - drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes). - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (bsc#1152489) - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (git-fixes). - drm/i915/gvt: Fix two CFL MMIO handling caused by regression. (bsc#1152489) - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes). - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1152489) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (git-fixes). - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1152489) * context changes - drm/i915: HDCP: fix Ri prime check done during link check (git-fixes). - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1152489) - drm/i915: Limit audio CDCLK>=2*BCLK constraint back to GLK only (git-fixes). - drm/i915: Propagate error from completed fences (git-fixes). - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (git-fixes). - drm/i915: work around false-positive maybe-uninitialized warning (git-fixes). - drm/mcde: dsi: Fix return value check in mcde_dsi_bind() (git-fixes). - drm: mcde: Fix display initialization problem (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489) - drm/msm/dpu: allow initialization of encoder locks during encoder init (git-fixes). - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes). - drm/msm: fix potential memleak in error branch (git-fixes). - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation (git-fixes). - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection (git-fixes). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (git-fixes). - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() (git-fixes). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (git-fixes). - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - drm: rcar-du: Fix build error (bsc#1152472) - drm/sun4i: hdmi ddc clk: Fix size of m divider (git-fixes). - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489) - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes). - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes). - drm/tegra: hub: Do not enable orphaned window group (git-fixes). - drm/vkms: Hold gem object while still in-use (git-fixes). - Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. (cherry picked from commit 70ad1b2fa5955d91e1a09a8027daf210e28fee30) - Drop a couple of block layer git-fixes Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. - dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() (git-fixes). - e1000: Distribute switch variables for initialization (git-fixes). - e1000e: Disable TSO for buffer overrun workaround (git-fixes). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (git-fixes). - e1000e: Relax condition to trigger reset for ME workaround (git-fixes). - EDAC/amd64: Add PCI device IDs for family 17h, model 70h (bsc#1165975). - EDAC/ghes: Setup DIMM label from DMI and use it in error reports (bsc#1168779). - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable (bsc#1152489). - EDAC/synopsys: Do not dump uninitialized pinf->col (bsc#1152489). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12424). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12424). - efi/tpm: Verify event log header before parsing (bsc#1173461). - eventpoll: fix missing wakeup for ovflist in ep_poll_callback (bsc#1159867). - evm: Check also if *tfm is an error pointer in init_desc() (git-fixes). - evm: Fix a small race in init_desc() (git-fixes). - evm: Fix possible memory leak in evm_calc_hmac_or_hash() (git-fixes). - evm: Fix RCU list related warnings (git-fixes). - exfat: add missing brelse() calls on error paths (git-fixes). - exfat: fix incorrect update of stream entry in __exfat_truncate() (git-fixes). - exfat: fix memory leak in exfat_parse_param() (git-fixes). - exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes). - ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843). - ext4: fix error pointer dereference (bsc#1173837). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (git-fixes). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fat: do not allow to mount if the FAT length == 0 (bsc#1173831). - fdt: add support for rng-seed (jsc#SLE-12424). - fdt: Update CRC check for rng-seed (jsc#SLE-12424). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (git-fixes). - firmware: imx-scu: Support one TX and one RX (git-fixes). - firmware: imx: warn on unexpected RX (git-fixes). - firmware: qcom_scm: fix bogous abuse of dma-direct internals (git-fixes). - firmware: xilinx: Fix an error handling path in 'zynqmp_firmware_probe()' (git-fixes). - Fix a regression of AF_ALG crypto interface hang with aes_s390 (bsc#1167651) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fork: prevent accidental access to clone3 features (bsc#1174018). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs: Do not check if there is a fsnotify watcher on pseudo inodes (bsc#1158765). - fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config file - fsnotify: Rearrange fast path to minimise overhead when there is no watcher (bsc#1158765). - fuse: copy_file_range should truncate cache (git-fixes). - fuse: fix copy_file_range cache issues (git-fixes). - genetlink: clean up family attributes allocations (git-fixes). - genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() (bsc#1154353). - geneve: allow changing DF behavior after creation (git-fixes). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - gfs2: fix glock reference problem in gfs2_trans_remove_revoke (bsc#1173823). - gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822). - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() (git-fixes). - gpio: dwapb: Append MODULE_ALIAS for platform driver (git-fixes). - gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration (git-fixes). - gpio: exar: Fix bad handling for ida_simple_get error path (git-fixes). - gpiolib: Document that GPIO line names are not globally unique (git-fixes). - gpio: pca953x: disable regmap locking for automatic address incrementing (git-fixes). - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes). - gpio: pca953x: fix handling of automatic address incrementing (git-fixes). - gpio: pca953x: Fix pca953x_gpio_set_config (git-fixes). - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 (git-fixes). - gpio: pxa: Fix return value of pxa_gpio_probe() (git-fixes). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (git-fixes). - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type (git-fixes). - gpu: host1x: Detach driver on unregister (git-fixes). - habanalabs: Align protection bits configuration of all TPCs (git-fixes). - HID: Add quirks for Trust Panora Graphic Tablet (git-fixes). - HID: alps: Add AUI1657 device ID (git-fixes). - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead (git-fixes). - HID: i2c-hid: add Schneider SCL142ALM to descriptor override (git-fixes). - HID: i2c-hid: reset Synaptics SYNA2393 on resume (git-fixes). - HID: intel-ish-hid: avoid bogus uninitialized-variable warning (git-fixes). - HID: logitech-hidpp: avoid repeated 'multiplier = ' log messages (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (git-fixes). - HID: multitouch: enable multi-input as a quirk for some devices (git-fixes). - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock (git-fixes). - HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes). - HID: quirks: Ignore Simply Automated UPB PIM (git-fixes). - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (git-fixes). - hinic: fix a bug of ndo_stop (networking-stable-20_05_16). - hinic: fix wrong para of wait_for_completion_timeout (networking-stable-20_05_16). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (git-fixes). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (git-fixes). - hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes). - hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes). - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes). - hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes). - i2c: altera: Fix race between xfer_msg and isr thread (git-fixes). - i2c: core: check returned size of emulated smbus block read (git-fixes). - i2c: designware-pci: Add support for Elkhart Lake PSE I2C (jsc#SLE-12734). - i2c: designware-pci: Fix BUG_ON during device removal (jsc#SLE-12734). - i2c: designware-pci: Switch over to MSI interrupts (jsc#SLE-12734). - i2c: dev: Fix the race between the release of i2c_dev and cdev (git-fixes). - i2c: eg20t: Load module automatically if ID matches (git-fixes). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c: fsi: Fix the port number field in status register (git-fixes). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411). - IB/hfi1: Fix module use count flaw due to leftover module put calls (bsc#1174407). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - IB/rdmavt: Free kernel completion queue when done (bsc#1173625). - ice: Fix error return code in ice_add_prof() (jsc#SLE-7926). - ice: Fix inability to set channels when down (jsc#SLE-7926). - ieee80211: Fix incorrect mask for default PE duration (git-fixes). - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' (git-fixes). - iio: adc: stm32-adc: fix device used to request dma (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: stm32-dfsdm: fix device used to request dma (git-fixes). - iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: ti-ads8344: Fix channel selection (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Do not allow buffers without any channels enabled to be activated (git-fixes). - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak (git-fixes). - iio:chemical:sps30: Fix timestamp alignment (git-fixes). - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (git-fixes). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (git-fixes). - iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes). - iio:humidity:hts221 Fix alignment and data leak issues (git-fixes). - iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes). - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (git-fixes). - iio: pressure: bmp280: Tolerate IRQ before registering (git-fixes). - iio:pressure:ms5611 Fix buffer element alignment (git-fixes). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes). - iio: sca3000: Remove an erroneous 'get_device()' (git-fixes). - iio: vcnl4000: Fix i2c swapped word reading (git-fixes). - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() (bsc#1172223). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1172223) - ima: Directly free *entry in ima_alloc_init_template() if digests is NULL (bsc#1172223). - ima: Remove __init annotation from ima_pcrread() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: dlink-dir685-touchkeys - fix a typo in driver name (git-fixes). - Input: edt-ft5x06 - fix get_default register write access (git-fixes). - Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (git-fixes). - Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes). - Input: i8042 - add ThinkPad S230u to i8042 reset list (git-fixes). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: mms114 - add extra compatible for mms345l (git-fixes). - Input: mms114 - fix handling of mms345l (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (git-fixes). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (git-fixes). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (git-fixes). - Input: xpad - add custom init packet for Xbox One S controllers (git-fixes). - intel_th: Fix a NULL dereference when hub driver is not loaded (git-fixes). - intel_th: pci: Add Emmitsburg PCH support (git-fixes). - intel_th: pci: Add Jasper Lake CPU support (git-fixes). - intel_th: pci: Add Tiger Lake PCH-H support (git-fixes). - iocost: check active_list of all the ancestors in iocg_activate() (bsc#1173206). - iocost: over-budget forced IOs should schedule async delay (bsc#1173206). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172061). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172062). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172063). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172393). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172064). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172065). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172066). - iommu/arm-smmu-v3: Do not reserve implementation defined register space (bsc#1174126). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172394). - iommu/qcom: Fix local_base status check (bsc#1172067). - iommu/virtio: Reverse arguments to list_add (bsc#1172068). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127). - iommu/vt-d: Update scalable mode paging structure coherency (bsc#1174128). - ionic: add pcie_print_link_status (bsc#1167773). - ionic: centralize queue reset code (bsc#1167773). - ionic: export features for vlans to use (bsc#1167773). - ionic: no link check while resetting queues (bsc#1167773). - ionic: remove support for mgmt device (bsc#1167773). - ionic: tame the watchdog timer on reconfig (bsc#1167773). - ionic: update the queue count on open (bsc#1167773). - ionic: wait on queue start until after IFF_UP (bsc#1167773). - io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832). - ipmi: use vzalloc instead of kmalloc for user creation (git-fixes). - ipv4: Update fib_select_default to handle nexthop objects (networking-stable-20_04_27). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipvs: Improve robustness to the ipvs sysctl (git-fixes). - irqchip/al-fic: Add support for irq retrigger (jsc#SLE-10505). - irqchip/ti-sci-inta: Fix processing of masked irqs (git-fixes). - irqchip/versatile-fpga: Apply clear-mask earlier (git-fixes). - irqchip/versatile-fpga: Handle chained IRQs properly (git-fixes). - iwlwifi: avoid debug max amsdu config overwriting itself (git-fixes). - iwlwifi: mvm: fix aux station leak (git-fixes). - iwlwifi: mvm: limit maximum queue appropriately (git-fixes). - iwlwifi: pcie: handle QuZ configs with killer NICs as well (bsc#1172374). - ixgbe: do not check firmware errors (bsc#1170284). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: fix data races at struct journal_head (bsc#1173438). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi fix for SUNRPC-dont-update-timeout-value-on-connection-reset.patch (bsc1174263). - kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12424). - kABI: protect struct fib_dump_filter (kabi). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kABI workaround for struct hdac_bus changes (git-fixes). - keys: asymmetric: fix error return code in software_key_query() (git-fixes). - ktest: Add timeout for ssh sync testing (git-fixes). - KVM: Check validity of resolved slot when searching memslots (bsc#1172069). - KVM: nVMX: always update CR3 in VMCS (git-fixes). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libbpf: Fix perf_buffer__free() API for sparse allocs (bsc#1155518). - libceph: do not omit recovery_deletes in target_copy() (git-fixes). - libceph: ignore pool overlay and cache logic on redirects (bsc#1172938). - lib: devres: add a helper function for ioremap_uc (git-fixes). - libertas_tf: avoid a null dereference in pointer priv (git-fixes). - lib/lzo: fix ambiguous encoding bug in lzo-rle (git-fixes). - libnvdimm/btt: fix variable 'rc' set but not used (bsc#1162400). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm: cover up nd_region changes (bsc#1162400). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/namespace: Enforce memremap_compat_align() (bsc#1162400). - libnvdimm/namsepace: Do not set claim_class on error (bsc#1162400). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm: Out of bounds read in __nd_ioctl() (bsc#1065729). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Fix build error (bsc#1162400). - libnvdimm/region: Introduce an 'align' attribute (bsc#1162400). - libnvdimm/region: Introduce NDD_LABELING (bsc#1162400). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (bsc#1174331). - lib: Uplevel the pmem 'region' ida to a global allocator (bc#1162400). - list: Add hlist_unhashed_lockless() (bsc#1173438). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locktorture: Allow CPU-hotplug to be disabled via --bootargs (bsc#1173068). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1171530). - lpfc: fix axchg pointer reference after free and double frees (bsc#1171530). - lpfc: Fix pointer checks and comments in LS receive refactoring (bsc#1171530). - lpfc: Fix return value in __lpfc_nvme_ls_abort (bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: mesh: fix discovery timer re-arming issue / crash (git-fixes). - mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() (git-fixes). - Make the 'Reducing compressed framebufer size' message be DRM_INFO_ONCE() (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: cedrus: Program output format during each run (git-fixes). - media: dvbdev: Fix tuner->demod media controller link (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (git-fixes). - media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776). - media: dvbsky: add support for Mygica T230C v2 (bsc#1173776). - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling (git-fixes). - media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - media: ov5640: fix use of destroyed mutex (git-fixes). - media: platform: fcp: Set appropriate DMA parameters (git-fixes). - media: Revert 'staging: imgu: Address a compiler warning on alignment' (git-fixes). - media: si2157: Better check for running tuner in init (git-fixes). - media: si2168: add support for Mygica T230C v2 (bsc#1173776). - media: staging: imgu: do not hold spinlock during freeing mmu page table (git-fixes). - media: staging/intel-ipu3: Implement lock for stream on/off operations (git-fixes). - media: staging: ipu3: Fix stale list entries on parameter queue failure (git-fixes). - media: staging: ipu3-imgu: Move alignment attribute to field (git-fixes). - media: vicodec: Fix error codes in probe function (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: release me_cl object reference (git-fixes). - mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602). - mfd: intel-lpss: Add Intel Tiger Lake PCI IDs (jsc#SLE-12737). - mfd: intel-lpss: Use devm_ioremap_uc for MMIO (git-fixes). - mfd: stmfx: Fix stmfx_irq_init error path (git-fixes). - mfd: stmfx: Reset chip on resume as supply was disabled (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - misc: fastrpc: fix potential fastrpc_invoke_ctx leak (git-fixes). - misc: rtsx: Add short delay after exit from ASPM (git-fixes). - mlxsw: core: Use different get_trend() callbacks for different thermal zones (networking-stable-20_06_10). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mm: adjust vm_committed_as_batch according to vm overcommit policy (bnc#1173271). - mmc: block: Fix use-after-free issue for rpmb (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE (git-fixes). - mmc: fix compilation of user API (git-fixes). - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed (git-fixes). - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error (git-fixes). - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (git-fixes). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (git-fixes). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (git-fixes). - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() (git-fixes). - mmc: tmio: Further fixup runtime PM management at remove (git-fixes). - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() (git-fixes). - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core (git-fixes). - mm: do not prepare anon_vma if vma has VM_WIPEONFORK (bsc#1169681). - mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844). - mm: memcontrol: fix memory.low proportional distribution (bsc#1168230). - mm/memory_hotplug: refrain from adding memory into an impossible node (bsc#1173552). - mm/memremap: drop unused SECTION_SIZE and SECTION_MASK (bsc#1162400 bsc#1170895 ltc#184375 ltc#185686). - mm/memremap_pages: Introduce memremap_compat_align() (bsc#1162400). - mm/memremap_pages: Kill unused __devm_memremap_pages() (bsc#1162400). - mm/mmap.c: close race between munmap() and expand_upwards()/downwards() (bsc#1174527). - mm/util.c: make vm_memory_committed() more accurate (bnc#1173271). - move unsortable patch out of sorted section patches.suse/revert-zram-convert-remaining-class_attr-to-class_attr_ro - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter (git-fixes). - mtd: Fix mtd not registered due to nvmem name collision (git-fixes). - mtd: rawnand: brcmnand: correctly verify erased pages (git-fixes). - mtd: rawnand: brcmnand: fix CS0 layout (git-fixes). - mtd: rawnand: brcmnand: fix hamming oob layout (git-fixes). - mtd: rawnand: diskonchip: Fix the probe error path (git-fixes). - mtd: rawnand: Fix nand_gpio_waitrdy() (git-fixes). - mtd: rawnand: ingenic: Fix the probe error path (git-fixes). - mtd: rawnand: marvell: Fix probe error path (git-fixes). - mtd: rawnand: marvell: Fix the condition on a return code (git-fixes). - mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered (git-fixes). - mtd: rawnand: mtk: Fix the probe error path (git-fixes). - mtd: rawnand: onfi: Fix redundancy detection check (git-fixes). - mtd: rawnand: orion: Fix the probe error path (git-fixes). - mtd: rawnand: oxnas: Keep track of registered devices (git-fixes). - mtd: rawnand: oxnas: Release all devices in the _remove() path (git-fixes). - mtd: rawnand: pasemi: Fix the probe error path (git-fixes). - mtd: rawnand: plat_nand: Fix the probe error path (git-fixes). - mtd: rawnand: sharpsl: Fix the probe error path (git-fixes). - mtd: rawnand: socrates: Fix the probe error path (git-fixes). - mtd: rawnand: sunxi: Fix the probe error path (git-fixes). - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings (git-fixes). - mtd: rawnand: tmio: Fix the probe error path (git-fixes). - mtd: rawnand: xway: Fix the probe error path (git-fixes). - mtd: spinand: Propagate ECC information to the MTD structure (git-fixes). - mtd: spi-nor: intel-spi: Add support for Intel Tiger Lake SPI serial flash (jsc#SLE-12737). - mvpp2: remove module bugfix (bsc#1154353). - mwifiex: avoid -Wstringop-overflow warning (git-fixes). - mwifiex: Fix memory corruption in dump_station (git-fixes). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824). - nbd: Fix memory leak in nbd_add_socket (git-fixes). - neigh: send protocol value in neighbor create notification (networking-stable-20_05_12). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702). - net: do not return invalid table id error when we fall back to PF_UNSPEC (networking-stable-20_05_27). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: declare lockless TX feature for slave ports (bsc#1154353). - net: dsa: Do not leave DSA master with NULL netdev_ops (networking-stable-20_05_12). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode (networking-stable-20_04_17). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1154492). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1154492). - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend (networking-stable-20_05_27). - net_failover: fixed rollback in net_failover_open() (networking-stable-20_06_10). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c (bsc#1171857). - netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c (bsc#1171857). - netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions (git-fixes). - netfilter: nft_tproxy: Fix port selector on Big Endian (git-fixes). - netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy (git-fixes). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: fsl/fman: treat all RGMII modes in memac_adjust_link() (bsc#1174398). - net: hns3: check reset pending after FLR prepare (bsc#1154353). - __netif_receive_skb_core: pass skb by reference (networking-stable-20_05_27). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() (bsc#1154353). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: macb: call pm_runtime_put_sync on failure path (git-fixes). - net: macb: fix an issue about leak related system resources (networking-stable-20_05_12). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Disable reload while removing the device (jsc#SLE-8464). - net/mlx5: drain health workqueue in case of driver load error (networking-stable-20_06_16). - net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464). - net/mlx5e: Add missing release firmware call (networking-stable-20_04_17). - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash (jsc#SLE-8464). - net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27). - net/mlx5e: Fix pfnum in devlink port attribute (networking-stable-20_04_17). - net/mlx5e: Fix repeated XSK usage on one channel (networking-stable-20_06_16). - net/mlx5e: Fix stats update for matchall classifier (jsc#SLE-8464). - net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#SLE-8464). - net/mlx5e: kTLS, Destroy key object after destroying the TIS (networking-stable-20_05_27). - net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta() (jsc#SLE-8464). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix cleaning unmanaged flow tables (jsc#SLE-8464). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (bsc#1172365). - net/mlx5: Fix error flow in case of function_setup failure (networking-stable-20_05_27). - net/mlx5: Fix fatal error handling during device load (networking-stable-20_06_16). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net/mlx5: Fix frequent ioread PCI access during recovery (networking-stable-20_04_17). - net/mlx5: Fix memory leak in mlx5_events_init (networking-stable-20_05_27). - net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del() (networking-stable-20_05_12). - net: mvpp2: fix RX hashing for non-10G ports (networking-stable-20_05_27). - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx() (networking-stable-20_05_12). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27). - net: openvswitch: ovs_ct_exit to be done under ovs_lock (networking-stable-20_04_27). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: propagate an error back to the callers of phy_sfp_probe (bsc#1154353). - net: phy: realtek: add support for configuring the RX delay on RTL8211F (bsc#1174398). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: qrtr: send msgs from local of same id as broadcast (networking-stable-20_04_17). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (bnc#1158748 (network regression)). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (networking-stable-20_05_12). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069). - net: stmmac: do not attach interface until resume finishes (bsc#1174072). - net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072). - net: stmmac: dwc-qos: use generic device api (bsc#1174072). - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a (networking-stable-20_06_07). - net: stmmac: fix num_por initialization (networking-stable-20_05_16). - net: stmmac: platform: fix probe for ACPI devices (bsc#1174072). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net: tc35815: Fix phydev supported/advertising mask (networking-stable-20_05_12). - net: tcp: fix rx timestamp behavior for tcp_recvmsg (networking-stable-20_05_16). - net/tls: fix encryption error checking (git-fixes). - net/tls: fix race condition causing kernel panic (networking-stable-20_05_27). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net/tls: free record only on encryption error (git-fixes). - net: tun: record RX queue in skb before do_xdp_generic() (networking-stable-20_04_17). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nexthop: Fix attribute checking for groups (networking-stable-20_05_27). - NFC: st21nfca: add missed kfree_skb() in an error path (git-fixes). - nfp: abm: fix a memory leak bug (networking-stable-20_05_12). - nfp: abm: fix error return code in nfp_abm_vnic_alloc() (networking-stable-20_05_16). - nfp: flower: fix used time of merge flow statistics (networking-stable-20_06_07). - nfs: add minor version to nfs_server_key for fscache (bsc#1172467). - nfsd4: fix nfsdfs reference count loop (git-fixes). - nfsd4: make drc_slab global, not per-net (git-fixes). - nfsd: always check return value of find_any_file (bsc#1172208). - nfsd: apply umask on fs without ACL support (git-fixes). - nfsd: fix nfsdfs inode reference count leak (git-fixes). - NFS: Fix fscache super_cookie index_key from changing after umount (git-fixes). - NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bsc#1174264). - nfs: fix NULL deference in nfs4_get_valid_delegation. - nfs: fscache: use timespec64 in inode auxdata (git-fixes). - nfs: set invalid blocks after NFSv4 writes (git-fixes). - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION (git-fixes). - NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes). - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included (git-fixes). - ntb: intel: add hw workaround for NTB BAR alignment (jsc#SLE-12710). - ntb: intel: Add Icelake (gen4) support for Intel NTB (jsc#SLE-12710). - ntb: intel: fix static declaration (jsc#SLE-12710). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme-fc: avoid gcc-10 zero-length-bounds warning (bsc#1173206). - nvme-fc: do not call nvme_cleanup_cmd() for AENs (bsc#1171688). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Allow no-op CFI ops in alternatives (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix !CFI insn_state propagation (bsc#1169514). - objtool: Fix ORC vs alternatives (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Remove check preventing branches within alternative (bsc#1169514). - objtool: Rename struct cfi_state (bsc#1169514). - objtool: Uniquely identify alternative instruction groups (bsc#1169514). - ovl: inode reference leak in ovl_is_inuse true case (git-fixes). - p54usb: add AirVasT USB stick device-id (git-fixes). - padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes). - padata: kABI fixup for struct padata_instance splitting nodes (git-fixes). - panic: do not print uninitialized taint_flags (bsc#1172814). - PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). - PCI: Add Loongson vendor ID (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (git-fixes). - PCI: amlogic: meson: Do not use FAST_LINK_MODE to set up link (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes). - PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513). - pcie: mobiveil: remove patchset v9 Prepare to backport upstream version. - PCI: Fix pci_register_host_bridge() device_register() error handling (git-fixes). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172871). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871). - PCI: hv: Introduce hv_msi_entry (bsc#1172871). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (bsc#1161495). - PCI: mobiveil: Add callback function for interrupt initialization (bsc#1161495). - PCI: mobiveil: Add callback function for link up check (bsc#1161495). - PCI: mobiveil: Add Header Type field check (bsc#1161495). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (bsc#1161495). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (bsc#1161495). - PCI: mobiveil: Collect the interrupt related operations into a function (bsc#1161495). - PCI: mobiveil: Fix sparse different address space warnings (bsc#1161495). - PCI: mobiveil: Fix unmet dependency warning for PCIE_MOBIVEIL_PLAT (bsc#1161495). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (bsc#1161495). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (bsc#1161495). - PCI: mobiveil: Move the host initialization into a function (bsc#1161495). - PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes). - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (git-fixes). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths (git-fixes). - PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes). - PCI: vmd: Filter resource type bits from shadow register (git-fixes). - pcm_native: result of put_user() needs to be checked (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1174332). - perf/core: Fix endless multiplex timer (git-fixes). - perf/core: fix parent pid/tid in task exit events (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (git-fixes). - pinctrl: intel: Add Intel Tiger Lake pin controller support (jsc#SLE-12737). - pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2 (git-fixes). - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes). - pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries (git-fixes). - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 (git-fixes). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (git-fixes). - pinctrl: sprd: Fix the incorrect pull-up definition (git-fixes). - pinctrl: stmfx: stmfx_pinconf_set does not require to get direction anymore (git-fixes). - pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes). - pinctrl: tigerlake: Tiger Lake uses _HID enumeration (jsc#SLE-12737). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (git-fixes). - platform/x86: asus_wmi: Reserve more space for struct bias_args (git-fixes). - platform/x86: dell-laptop: do not register micmute LED if there is no token (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (git-fixes). - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) (git-fixes). - platform/x86: intel-vbtn: Also handle tablet-mode switch on 'Detachable' and 'Portable' chassis-types (git-fixes). - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there (git-fixes). - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / 'Laptop' chasis-type (git-fixes). - platform/x86: intel-vbtn: Split keymap into buttons and switches parts (git-fixes). - platform/x86: intel-vbtn: Use acpi_evaluate_integer() (git-fixes). - platform/x86: ISST: Increase timeout (bsc#1174185). - PM: runtime: clk: Fix clk_pm_runtime_get() error path (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git-fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s/exception: Fix machine check no-loss idle wakeup (bsc#1156395). - powerpc/64s/kuap: Restore AMR in system reset exception (bsc#1156395). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again (bsc#1172344). - powerpc/fadump: Account for memory_limit while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: consider reserved ranges while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/fadump: use static allocation for reserved memory ranges (jsc#SLE-9099 git-fixes). - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes). - powerpc/kuap: PPC_KUAP_DEBUG should depend on PPC_KUAP (bsc#1156395). - powerpc/powernv: Fix a warning message (bsc#1156395). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: reset: qcom-pon: reg write mask depends on pon generation (git-fixes). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (git-fixes). - power: supply: core: fix HWMON temperature labels (git-fixes). - power: supply: core: fix memory leak in HWMON error path (git-fixes). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (git-fixes). - power: supply: smb347-charger: IRQSTAT_D is volatile (git-fixes). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready (bsc#1172095). - proc/meminfo: avoid open coded reading of vm_committed_as (bnc#1173271). - proc: Use new_inode not new_inode_pseudo (bsc#1173830). - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case (git-fixes). - pwm: sun4i: Move pwm_calculate() out of spin_lock() (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (git-fixes). - r8169: Revive default chip version for r8168 (bsc#1173085). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - random: fix data races at timer_rand_state (bsc#1173438). - rcu: Avoid data-race in rcu_gp_fqs_check_wake() (bsc#1171828). - rcu: Fix data-race due to atomic_t copy-by-value (bsc#1171828). - rcu: Make rcu_read_unlock_special() checks match raise_softirq_irqoff() (bsc#1172046). - rcu: Simplify rcu_read_unlock_special() deferred wakeups (bsc#1172046). - rcutorture: Add 100-CPU configuration (bsc#1173068). - rcutorture: Add worst-case call_rcu() forward-progress results (bsc#1173068). - rcutorture: Dispense with Dracut for initrd creation (bsc#1173068). - rcutorture: Make kvm-find-errors.sh abort on bad directory (bsc#1173068). - rcutorture: Remove CONFIG_HOTPLUG_CPU=n from scenarios (bsc#1173068). - rcutorture: Summarize summary of build and run results (bsc#1173068). - rcutorture: Test TREE03 with the threadirqs kernel boot parameter (bsc#1173068). - rcu: Use *_ONCE() to protect lockless ->expmask accesses (bsc#1171828). - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls (bsc#1173438). - RDMA/bnxt_re: Remove dead code from rcfw (bsc#1170774). - RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449). - RDMA/core: Move and rename trace_cm_id_create() (jsc#SLE-8449). - RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (jsc#SLE-8446). - RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET (bsc#1172841). - RDMA/srpt: Fix disabling device management (jsc#SLE-8449). - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (jsc#SLE-8449). - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes). - regmap: fix alignment issue (git-fixes). - regmap: Fix memory leak from regmap_register_patch (git-fixes). - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes). - remoteproc: Add missing '\n' in log messages (git-fixes). - remoteproc: Fall back to using parent memory pool if no dedicated available (git-fixes). - remoteproc: Fix and restore the parenting hierarchy for vdev (git-fixes). - remoteproc: Fix IDR initialisation in rproc_alloc() (git-fixes). - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use (git-fixes). - Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (git-fixes). - Revert 'drm/amd/display: disable dcn20 abm feature for bring up' (git-fixes). - Revert 'i2c: tegra: Fix suspending in active runtime PM state' (git-fixes). - Revert 'pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'' (git-fixes). - Revert 'thermal: mediatek: fix register index error' (git-fixes). - ring-buffer: Zero out time extend if it is nested and not absolute (git-fixes). - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/modules.fips: add aes-ce-ccm, des3_ede-x86_64, aes_ti and aes_neon_bs - rtc: mc13xxx: fix a double-unlock issue (git-fixes). - rtc: rv3028: Add missed check for devm_regmap_init_i2c() (git-fixes). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (git-fixes). - rtw88: fix an issue about leak system resources (git-fixes). - rxrpc: Fix call RCU cleanup using non-bh-safe locks (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194, LTC#185911). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes). - s390/pci: Fix s390_mmio_read/write with MIO (git-fixes). - s390/pci: Log new handle in clp_disable_fh() (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sched/cfs: change initial value of runnable_avg (bsc#1158765). - sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1172823). - sched/core: Fix PI boosting between RT and DEADLINE tasks (git fixes (sched)). - sched/core: Fix ttwu() race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: s/WF_ON_RQ/WQ_ON_CPU/ (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cpuacct: Fix charge cpuacct.usage_sys (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/deadline: Initialize ->dl_boosted (bsc#1172823). - sched/deadline: Initialize ->dl_boosted (git fixes (sched)). - sched: etf: do not assume all sockets are full blown (networking-stable-20_04_27). - sched/fair: find_idlest_group(): Remove unused sd_flag parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Fix enqueue_task_fair() warning some more (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix nohz next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize dequeue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize enqueue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Simplify the code of should_we_balance() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix race against ptrace_freeze_trace() (bsc#1174345). - sched: Make newidle_balance() static again (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Offload wakee task activation if it the wakee is descheduling (bnc#1158748, bnc#1159781). - sched: Optimize ttwu() spinning on p->on_cpu (bnc#1158748, bnc#1159781). - sched/pelt: Sync util/runnable_sum with PELT window when propagating (bnc#1155798 (CPU scheduler functional and performance backports)). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: libfc: free response frame from GPN_ID (bsc#1173849). - scsi: libfc: Handling of extra kref (bsc#1173849). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1173849). - scsi: libfc: Skip additional kref updating work event (bsc#1173849). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1171530). - scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1171530). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1171530). - scsi: lpfc: remove duplicate unloading checks (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530). - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (bsc#1173206). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: sd_zbc: Fix sd_zbc_complete() (bsc#1173206). - scsi: smartpqi: Update attribute name to `driver_version` (bsc#1173206). - scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes). - scsi: zfcp: add diagnostics buffer for exchange config data (bsc#1158050). - scsi: zfcp: auto variables for dereferenced structs in open port handler (bsc#1158050). - scsi: zfcp: diagnostics buffer caching and use for exchange port data (bsc#1158050). - scsi: zfcp: enhance handling of FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: expose fabric name as common fc_host sysfs attribute (bsc#1158050). - scsi: zfcp: Fence adapter status propagation for common statuses (bsc#1158050). - scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (bsc#1158050). - scsi: zfcp: Fence fc_host updates during link-down handling (bsc#1158050). - scsi: zfcp: fix fc_host attributes that should be unknown on local link down (bsc#1158050). - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (git-fixes). - scsi: zfcp: fix wrong data and display format of SFP+ temperature (bsc#1158050). - scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: introduce sysfs interface for diagnostics of local SFP transceiver (bsc#1158050). - scsi: zfcp: introduce sysfs interface to read the local B2B-Credit (bsc#1158050). - scsi: zfcp: log FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: log FC Endpoint Security of connections (bsc#1158050). - scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (bsc#1158050). - scsi: zfcp: Move fc_host updates during xport data handling into fenced function (bsc#1158050). - scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter variable (bsc#1158050). - scsi: zfcp: Move p-t-p port allocation to after xport data (bsc#1158050). - scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (bsc#1158050). - scsi: zfcp: Move shost updates during xconfig data handling into fenced function (bsc#1158050). - scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act (bsc#1158050). - scsi: zfcp: report FC Endpoint Security in sysfs (bsc#1158050). - scsi: zfcp: signal incomplete or error for sync exchange config/port data (bsc#1158050). - scsi: zfcp: support retrieval of SFP Data via Exchange Port Data (bsc#1158050). - scsi: zfcp: trace FC Endpoint Security of FCP devices and connections (bsc#1158050). - scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (bsc#1158050). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o (bsc#1155518). - selftests/bpf: CONFIG_LIRC required for test_lirc_mode2.sh (bsc#1155518). - selftests/bpf: Fix invalid memory reads in core_relo selftest (bsc#1155518). - selftests/bpf: Fix memory leak in extract_build_id() (bsc#1155518). - selftests/bpf, flow_dissector: Close TAP device FD after the test (bsc#1155518). - selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518). - selftests/net: in rxtimestamp getopt_long needs terminating null entry (networking-stable-20_06_16). - selftests/timens: handle a case when alarm clocks are not supported (bsc#1164648,jsc#SLE-11493). - selinux: fall back to ref-walk if audit is required (bsc#1174333). - selinux: revert 'stop passing MAY_NOT_BLOCK to the AVC upon follow_link' (bsc#1174333). - serial: 8250: Fix max baud limit in generic 8250 port (git-fixes). - serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941). - signal: Avoid corrupting si_pid and si_uid in do_notify_parent (bsc#1171529). - slimbus: core: Fix mismatch in of_node_get/put (git-fixes). - slimbus: ngd: get drvdata from correct device (git-fixes). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - socionext: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - soc: mediatek: cmdq: return send msg error code (git-fixes). - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner (git-fixes). - soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data (git-fixes). - soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request (git-fixes). - soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS (git-fixes). - soc: qcom: rpmh: Update dirty flag only when data changes (git-fixes). - soc/tegra: pmc: Select GENERIC_PINCONF (git-fixes). - soundwire: intel: fix memory leak with devm_kasprintf (git-fixes). - spi: bcm2835aux: Fix controller unregister order (git-fixes). - spi: bcm2835: Fix controller unregister order (git-fixes). - spi: bcm-qspi: Handle clock probe deferral (git-fixes). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (git-fixes). - SPI: designware: pci: Switch over to MSI interrupts (jsc#SLE-12735). - spi: dt-bindings: spi-controller: Fix #address-cells for slave mode (git-fixes). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix controller unregister order (git-fixes). - spi: dw: Fix native CS being unset (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw-pci: Add MODULE_DEVICE_TABLE (jsc#SLE-12735). - spi: dw-pci: Add runtime power management support (jsc#SLE-12735). - spi: dw-pci: Add support for Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw-pci: Fix Chip Select amount on Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: dw: use 'smp_mb()' to avoid sending spi data error (git-fixes). - spi: dw: Zero DMA Tx and Rx configurations on stack (git-fixes). - spi: Fix controller unregister order (git-fixes). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes). - spi: pxa2xx: Fix controller unregister order (git-fixes). - spi: pxa2xx: Fix runtime PM ref imbalance on probe error (git-fixes). - spi: Respect DataBitLength field of SpiSerialBusV2() ACPI resource (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: spidev: fix a race between spidev_release and spidev_remove (git-fixes). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (git-fixes). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (git-fixes). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (git-fixes). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (git-fixes). - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH (git-fixes). - staging: comedi: verify array index is correct before using it (git-fixes). - staging: iio: ad2s1210: Fix SPI reading (git-fixes). - staging: kpc2000: fix error return code in kp2000_pcie_probe() (git-fixes). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging: sm750fb: add missing case while setting FB_VISUAL (git-fixes). - sun6i: dsi: fix gcc-4.8 (bsc#1152489) - SUNRPC dont update timeout value on connection reset (bsc#1174263). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - SUNRPC: Signalled ASYNC tasks need to exit (git-fixes). - supported.conf: Add pinctrl-tigerlake as supported - supported.conf: Mark two hwtracing helper modules as externally supported (bsc#1170879) - svcrdma: Fix leak of svc_rdma_recv_ctxt objects (git-fixes). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: fix error recovery in tcp_zerocopy_receive() (networking-stable-20_05_16). - tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16). - tcp: md5: allow changing MD5 keys in all socket states (git-fixes). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - thermal/drivers: imx: Fix missing of_node_put() at probe time (git-fixes). - thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes). - thermal/drivers/rcar_gen3: Fix undefined temperature if negative (git-fixes). - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes). - thermal: int3403_thermal: Downgrade error message (git-fixes). - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (jsc#SLE-12668). - tick/sched: Annotate lockless access to last_jiffies_update (bsc#1173438). - timer: Use hlist_unhashed_lockless() in timer_pending() (bsc#1173438). - tipc: block BH before using dst_cache (networking-stable-20_05_27). - tipc: fix partial topology connection closure (networking-stable-20_05_12). - torture: Allow 'CFLIST' to specify default list of scenarios (bsc#1173068). - torture: Expand last_ts variable in kvm-test-1-run.sh (bsc#1173068). - torture: Handle jitter for CPUs that cannot be offlined (bsc#1173068). - torture: Handle systems lacking the mpstat command (bsc#1173068). - torture: Hoist calls to lscpu to higher-level kvm.sh script (bsc#1173068). - torture: Make results-directory date format completion-friendly (bsc#1173068). - torture: Use gawk instead of awk for systime() function (bsc#1173068). - tpm: Fix TIS locality timeout problems (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (git-fixes). - tpm_tis: Remove the HID IFX0102 (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (git-fixes). - tty: n_gsm: Fix SOF skipping (git-fixes). - tty: n_gsm: Fix waking up upper tty layer when room available (git-fixes). - tty: serial: add missing spin_lock_init for SiFive serial console (git-fixes). - tun: correct header offsets in napi frags mode (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827). - ubifs: remove broken lazytime support (bsc#1173826). - udp: Copy has_conns in reuseport_grow() (git-fixes). - udp: Improve load balancing for SO_REUSEPORT (git-fixes). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes). - usb: chipidea: core: add wakeup support for extcon (git-fixes). - USB: core: Fix misleading driver bug report (git-fixes). - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B (git-fixes). - usb: dwc2: Fix shutdown callback in platform (git-fixes). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: dwc3: pci: Enable extcon driver for Intel Merrifield (git-fixes). - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work (git-fixes). - usb/ehci-platform: Set PM runtime as active on resume (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: fix illegal array access in binding with UDC (git-fixes). - usb: gadget: Fix issue with config_ep_by_speed function (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (git-fixes). - usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes). - usb: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - usb: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - usb: gadget: legacy: fix redundant initialization warnings (git-fixes). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (git-fixes). - usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (git-fixes). - usb: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (git-fixes). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (git-fixes). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (git-fixes). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (git-fixes). - usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes). - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - usb: host: xhci-plat: keep runtime active when removing host (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usb: musb: Fix runtime PM imbalance on error (git-fixes). - usb: musb: start session in resume for host port (git-fixes). - usbnet: smsc95xx: Fix use-after-free after removal (git-fixes). - usb/ohci-platform: Fix a warning when hibernating (git-fixes). - USB: ohci-sm501: Add missed iounmap() in remove (git-fixes). - USB: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe() (git-fixes). - usb: renesas_usbhs: getting residue from callback_result (git-fixes). - USB: serial: ch341: add basis for quirk detection (git-fixes). - USB: serial: ch341: add new Product ID for CH340 (git-fixes). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes). - USB: serial: iuu_phoenix: fix memory corruption (git-fixes). - USB: serial: option: add GosunCn GM500 series (git-fixes). - USB: serial: option: add Quectel EG95 LTE modem (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs (git-fixes). - usb: usbfs: correct kernel->user page attribute mismatch (git-fixes). - USB: usbfs: fix mmap dma mismatch (git-fixes). - usb/xhci-plat: Set PM runtime as active on resume (git-fixes). - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages (git-fixes). - vfio: Ignore -ENODEV when getting MSI cookie (git-fixes). - vfio/mdev: Fix reference count leak in add_mdev_supported_type (git-fixes). - vfio/pci: fix memory leaks in alloc_perm_bits() (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129). - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (git-fixes). - video: fbdev: w100fb: Fix a potential double free (git-fixes). - video: vt8500lcdfb: fix fallthrough warning (bsc#1152489) - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - virt: vbox: Fix guest capabilities mask check (git-fixes). - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vrf: Fix IPv6 with qdisc and xfrm (networking-stable-20_04_27). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vsprintf: do not obfuscate NULL and error pointers (bsc#1172086). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - vxlan: use the correct nlattr array in NL_SET_ERR_MSG_ATTR (networking-stable-20_04_27). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: imx_sc_wdt: Fix reboot on crash (git-fixes). - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (git-fixes). - wil6210: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - wil6210: add wil_netif_rx() helper function (bsc#1154353). - wil6210: use after free in wil_netif_rx_any() (bsc#1154353). - wireguard: device: avoid circular netns references (git-fixes). - wireguard: noise: do not assign initiation time in if condition (git-fixes). - wireguard: noise: read preshared key while taking lock (bsc#1169021 jsc#SLE-12250). - wireguard: noise: separate receive counter from send counter (bsc#1169021 jsc#SLE-12250). - wireguard: queueing: preserve flow hash across packet scrubbing (bsc#1169021 jsc#SLE-12250). - wireguard: receive: account for napi_gro_receive never returning GRO_DROP (git-fixes). - wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning (git-fixes). - wireguard: selftests: use newer iproute2 for gcc-10 (bsc#1169021 jsc#SLE-12250). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (git-fixes). - workqueue: Remove the warning in wq_worker_sleeping() (git-fixes). - x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1152489). - x86: Fix early boot crash on gcc-10, third try (bsc#1152489). - x86/mm/cpa: Flush direct map alias during cpa (bsc#1152489). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (git-fixes). - x86/resctrl: Fix invalid attempt at removing the default resource group (bsc#1152489). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1152489). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes (block drivers)). - xfs: clean up the error handling in xfs_swap_extents (git-fixes). - xfs: do not commit sunit/swidth updates to disk if that would cause repair failures (bsc#1172169). - xfs: do not fail unwritten extent conversion on writeback due to edquot (bsc#1158242). - xfs: fix duplicate verification from xfs_qm_dqflush() (git-fixes). - xfs: force writes to delalloc regions to unwritten (bsc#1158242). - xfs: measure all contiguous previous extents for prealloc size (bsc#1158242). - xfs: preserve default grace interval during quotacheck (bsc#1172170). - xfs: refactor agfl length computation function (bsc#1172169). - xfs: split the sunit parameter update into two parts (bsc#1172169). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xhci: Poll for U0 after disabling USB2 LPM (git-fixes). - xhci: Return if xHCI does not support LPM (git-fixes). - xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes). - workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2127-1 Released: Wed Aug 5 10:28:23 2020 Summary: Recommended update for python-azure-agent Type: recommended Severity: important References: 1173866 This update for python-azure-agent fixes the following issues: - Properly set the DHCP configuration to push the hostname to the DHCP server. (bsc#1173866) - Do not bring the interface down to push the hostname, just use 'ifup'. (bsc#1173866) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2160-1 Released: Thu Aug 6 20:05:42 2020 Summary: Security update for xen Type: security Severity: important References: 1172356,1174543 This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2182-1 Released: Mon Aug 10 11:39:48 2020 Summary: Recommended update for open-lldp Type: recommended Severity: moderate References: 1153520,1170745,1171284 This update for open-lldp fixes the following issues: - Fix for a segementation fault, when agents change their MAC address (bsc#1171284) - lldapd will now transmit the permanent MAC address (the MAC address of the underlying physical device) as port id, thus allowing the switch or any management application to differentiate between those ports. (bsc#1153520) - Fix for a segmentation fault, when lldapd registers an interface and it gets shortly removed afterwards. (bsc#1170745) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2219-1 Released: Wed Aug 12 15:47:42 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Type: recommended Severity: moderate References: 1170475,1170476,1173238,1173240,1173357,1174618,1174847 This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2224-1 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1171878,1172085 This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2244-1 Released: Fri Aug 14 15:27:35 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174782,1175036,1175060 This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2256-1 Released: Mon Aug 17 15:08:46 2020 Summary: Recommended update for sysfsutils Type: recommended Severity: moderate References: 1155305 This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2277-1 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Type: security Severity: moderate References: 1174091,CVE-2019-20907 This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2278-1 Released: Wed Aug 19 21:26:08 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1149911,1151708,1168235,1168389 This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2296-1 Released: Mon Aug 24 10:34:37 2020 Summary: Security update for gettext-runtime Type: security Severity: moderate References: 1106843,1113719,941629,CVE-2018-18751 This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2306-1 Released: Tue Aug 25 14:48:17 2020 Summary: Security update for grub2 Type: security Severity: important References: 1172745,1174421,CVE-2020-15705 This update for grub2 fixes the following issue: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2335-1 Released: Wed Aug 26 11:47:28 2020 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1174320 This update for perl-Bootloader fixes the following issues: Update from version 0.928 to version 0.931 - The *grub2* module directory has been moved to */usr/share/grub2*, the *tpm.mod* is now checked there. (bsc#1174320) - Reduce the number of warning about fstab. - Do not warn about missing *SECURE_BOOT* sysconfig on systems with a minimalistic */etc/sysconfig/bootloader*. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2349-1 Released: Wed Aug 26 17:15:21 2020 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: 1093910,1174443,1174444 This update for hyper-v fixes the following issues: - Remove dependency to network-online.target now that gethostname is used in kvp_daemon. (bsc#1174443, bsc#1174444) - Reopen the devices if read() or write() returns errors. - Use either python2 or python3 for lsvmbus. (bsc#1093910) - Remove sysv init scripts. - Enable build on aarch64. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2378-1 Released: Fri Aug 28 14:52:31 2020 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1175198 This update for python-azure-agent contains the following fix: - Drop paa_sudo_sle15_nopwd.patch (bsc#1175198) + sudoers file is managed by cloud-init we no longer need this hack ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2380-1 Released: Fri Aug 28 14:54:08 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1175250,1175251 This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2386-1 Released: Sat Aug 29 01:21:01 2020 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1172810 This update for samba fixes the following issues: - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2396-1 Released: Mon Aug 31 17:27:13 2020 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: This update for open-iscsi fixes the following issues: Upgrade to upstream version 2.1.2 as 2.1.2-suse (jsc#SES-1081) - Use openssl for random data generation - Misspelled socket name might cause confusion to inexperienced user. - Let initiator name be created by iscsi-init.service. - iscsi: fix fd leak - Fix a compiler issue about string copy in iscsiuio - Fix a compiler issue about writing one byte - Fix issue with zero-length arrays at end of struct - Add *iscsi-init.service* Note that the '*iscsi-init.service*' adds a new systemd service called '*iscsi-init*', that creates the iSCSI initiator name file */etc/iscsi/initiatorname.iscsi*, if and only if it does not exist. - Proper disconnect of TCP connection - Fix SIGPIPE loop in signal handler - Update iscsi-iname.c - log:modify iSCSI shared memory permissions for logs - Sequence systemd services correctly when upgrading - Ignore iface.example in iface match checks - Fix type mismatch under musl. - Add Wants=remote-fs-pre.target for sequencing. - Fix issue where 'iscsi-iname -p' core dumps. - iscsi-iname: fix iscsi-iname -p access NULL pointer without given IQN prefix - Fix iscsi.service so it handles restarts better ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2425-1 Released: Tue Sep 1 13:54:05 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1174260 This update for nfs-utils fixes the following issues: - Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2441-1 Released: Tue Sep 1 22:16:10 2020 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1154063 This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2451-1 Released: Wed Sep 2 12:30:38 2020 Summary: Recommended update for dracut Type: recommended Severity: important References: 1167494,996146 This update for dracut fixes the following issues: Update from version 049.1+suse.152.g8506e86f to version 049.1+suse.156.g7d852636: - net-lib.sh: support infiniband network mac addresses (bsc#996146) - 95nfs: use ip_params_for_remote_addr() (bsc#1167494) - 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) - dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2457-1 Released: Wed Sep 2 15:29:51 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174567,1175766 This update for grub2 fixes the following issues: - The GRUB_VERIFY_FLAGS_DEFER_AUTH is enabled regardless secure boot status (bsc#1175766) A secure boot status check has been added before requesting other verifiers to verify external module, therefore external module loading can work after shim_lock module is loaded and secure boot turned off. - Make consistent check to enable relative path on btrfs (bsc#1174567) This fix unified the test in grub-install and grub-mkconfig. The path to default or selected btrfs subvolume/snapshot is used if the root file system is btrfs and the config has enabled btrfs snapshot booting. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2458-1 Released: Wed Sep 2 15:44:30 2020 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 927831 This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2486-1 Released: Thu Sep 3 20:15:36 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065600,1065729,1071995,1085030,1120163,1133021,1149032,1152472,1152489,1153274,1154353,1154488,1154492,1155518,1156395,1159058,1160634,1167773,1169790,1171634,1171688,1172108,1172197,1172247,1172418,1172871,1172963,1173468,1173485,1173798,1173813,1173954,1174002,1174003,1174026,1174205,1174247,1174362,1174387,1174484,1174625,1174645,1174689,1174699,1174737,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175493,1175546,1175550,1175654,1175691,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175834,1175873,CVE-2020-14314,CVE-2020-1 4331,CVE-2020-14356,CVE-2020-16166 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in ext4 (bsc#1173798). - CVE-2020-14331: Fixed a missing check in scrollback handling (bsc#1174205 bsc#1174247). - CVE-2020-14356: Fixed a NULL pointer dereference in the cgroupv2 subsystem (bsc#1175213). - CVE-2020-16166: Fixed an information leak in the network RNG (bsc#1174757). The following non-security bugs were fixed: - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: atmel: Remove invalid 'fall through' comments (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (git-fixes). - ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes). - ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes). - ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes). - ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes). - ALSA: echoaudio: Race conditions around 'opencount' (git-fixes). - ALSA: echoaudio: re-enable IRQs on failure path (git-fixes). - ALSA: echoaudio: Remove redundant check (git-fixes). - ALSA: firewire: fix kernel-doc (git-fixes). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes). - ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes). - ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes). - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes). - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes). - ALSA: hda/realtek - Fix unused variable warning (git-fixes). - ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes). - ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes). - ALSA: hda/tegra: Disable sync-write operation (git-fixes). - ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes). - ALSA: hda: avoid reset of sdo_limit (git-fixes). - ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: isa/gus: remove 'set but not used' warning (git-fixes). - ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes). - ALSA: isa: fix spelling mistakes in the comments (git-fixes). - ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes). - ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes). - ALSA: pci/asihpi: fix kernel-doc (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes). - ALSA: pci/au88x0: remove 'defined but not used' warnings (git-fixes). - ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes). - ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes). - ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes). - ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes). - ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes). - ALSA: pci/es1938: remove 'set but not used' warning (git-fixes). - ALSA: pci/fm801: fix kernel-doc (git-fixes). - ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes). - ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes). - ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes). - ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes). - ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes). - ALSA: seq: oss: Serialize ioctls (git-fixes). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes). - ALSA: usb-audio: add startech usb audio dock name (git-fixes). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: Fix some typos (git-fixes). - ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (git-fixes). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb/line6: remove 'defined but not used' warning (git-fixes). - ALSA: vx_core: remove warning for empty loop body (git-fixes). - ALSA: xen: remove 'set but not used' warning (git-fixes). - ALSA: xen: Remove superfluous fall through comments (git-fixes). - appletalk: Fix atalk_proc_init() return path (git-fixes). - arm/arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906). - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906). - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180). - arm64: cacheflush: Fix KGDB trap detection (bsc#1175188). - arm64: csum: Fix handling of bad packets (bsc#1175192). - arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016). - arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347). - arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346). - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345). - arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013). - arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012). - arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes). - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021). - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020). - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015). - arm64: dts: rockchip: Replace RK805 PMIC node name with 'pmic' on rk3328 boards (none bsc#1175014). - arm64: dts: uDPU: fix broken ethernet (bsc#1175344). - arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011). - arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185). - arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184). - arm64: hugetlb: avoid potential NULL dereference (bsc#1175183). - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186). - arm64: kexec_file: print appropriate variable (bsc#1175187). - arm64: kgdb: Fix single-step exception handling oops (bsc#1175191). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010). - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017). - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018). - arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009). - arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182). - arm64: vdso: do not free unallocated pages (bsc#1175181). - arm: percpu.h: fix build error (git-fixes). - arm: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906). - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes). - ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes). - ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes). - ASoC: meson: axg-tdmin: fix g12a skew (git-fixes). - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes). - ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes). - ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes). - ASoC: q6routing: add dummy register read/write function (git-fixes). - ASoC: SOF: nocodec: add missing .owner field (git-fixes). - ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix regression with Atheros 9271 (git-fixes). - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bdc: Fix bug causing crash after multiple disconnects (git-fixes). - bfq: fix blkio cgroup leakage v4 (bsc#1175775). - block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes). - Bluetooth: btusb: fix up firmware download sequence (git-fixes). - Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes). - Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518). - bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518). - bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518). - bpfilter: fix up a sparse annotation (bsc#1155518). - bpfilter: Initialize pos variable (bsc#1155518). - bpfilter: reject kernel addresses (bsc#1155518). - bpfilter: switch to kernel_write (bsc#1155518). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes). - brcmfmac: Set timeout value when configuring power save (bsc#1173468). - brcmfmac: To fix Bss Info flag definition Bug (git-fixes). - btmrvl: Fix firmware filename for sd8977 chipset (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (git-fixes). - btrfs: add helper to get the end offset of a file extent item (bsc#1175546). - btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: delete the ordered isize update code (bsc#1175377). - btrfs: do not set path->leave_spinning for truncate (bsc#1175377). - btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix lost i_size update after cloning inline extent (bsc#1175377). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix race between shrinking truncate and fiemap (bsc#1175377). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: introduce per-inode file extent tree (bsc#1175377). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: make full fsyncs always operate on the entire file again (bsc#1175546). - btrfs: make ranged full fsyncs more efficient (bsc#1175546). - btrfs: move extent_io_tree defs to their own header (bsc#1175377). - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149). - btrfs: Remove leftover of in-band dedupe (bsc#1175149). - btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377). - btrfs: remove useless check for copy_items() return value (bsc#1175546). - btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377). - btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377). - btrfs: separate out the extent io init function (bsc#1175377). - btrfs: separate out the extent leak code (bsc#1175377). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263). - btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377). - btrfs: use the file extent tree infrastructure (bsc#1175377). - cfg80211: check vendor command doit pointer before use (git-fixes). - clk: actions: Fix h_clk for Actions S500 SoC (git-fixes). - clk: at91: clk-generated: check best_rate against ranges (git-fixes). - clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes). - clk: at91: sam9x60-pll: check fcore against ranges (git-fixes). - clk: at91: sam9x60-pll: use logical or for range check (git-fixes). - clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes). - clk: at91: sckc: register slow_rc with accuracy option (git-fixes). - clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865). - clk: bcm63xx-gate: fix last clock availability (git-fixes). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes). - clk: iproc: round clock rate to the closest (git-fixes). - clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes). - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes). - clk: rockchip: Revert 'fix wrong mmc sample phase shift for rk3328' (git-fixes). - clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes). - crc-t10dif: Fix potential crypto notify dead-lock (git-fixes). - crypto: aesni - add compatibility with IAS (git-fixes). - crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes). - crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: ccree - fix resource leak on error path (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (git-fixes). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes). - dmaengine: ioat setting ioat timeout as module parameter (git-fixes). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes). - docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.) - drbd: Remove uninitialized_var() usage (git-fixes). - driver core: Avoid binding drivers to dead devices (git-fixes). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes). - drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes). - drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472) - drm/amd/powerplay: fix a crash when overclocking Vega M (git-fixes). - drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes). - drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0 - drm/amdgpu/gfx10: fix race condition for kiq (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes). - drm/amdgpu: fix preemption unit test (git-fixes). - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes). - drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c - drm/debugfs: fix plain echo to connector 'force' attribute (git-fixes). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes). - drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes). - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) * context changes - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes). - drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737). - drm/i915/gt: Move new timelines to the end of active_list (git-fixes). - drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) * context changes - drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes). - drm/i915: Actually emit the await_start (bsc#1174737). - drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737). - drm/i915: Do not poison i915_request.link on removal (bsc#1174737). - drm/i915: Drop no-semaphore boosting (bsc#1174737). - drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737). - drm/i915: Flush execution tasklets before checking request status (bsc#1174737). - drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737). - drm/i915: Ignore submit-fences on the same timeline (bsc#1174737). - drm/i915: Improve the start alignment of bonded pairs (bsc#1174737). - drm/i915: Keep track of request among the scheduling lists (bsc#1174737). - drm/i915: Lock signaler timeline while navigating (bsc#1174737). - drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737). - drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737). - drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737). - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) * context changes - drm/i915: Peel dma-fence-chains for await (bsc#1174737). - drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737). - drm/i915: Protect i915_request_await_start from early waits (bsc#1174737). - drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737). - drm/i915: Rely on direct submission to the queue (bsc#1174737). - drm/i915: Remove wait priority boosting (bsc#1174737). - drm/i915: Reorder await_execution before await_request (bsc#1174737). - drm/i915: Return early for await_start on same timeline (bsc#1174737). - drm/i915: Use EAGAIN for trylock failures (bsc#1174737). - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (git-fixes). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes). - drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (git-fixes). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm/radeon: disable AGP by default (git-fixes). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes). - drm/stm: repair runtime power management (git-fixes). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes - drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes). - drm: hold gem reference until object is no longer accessed (git-fixes). - drm: msm: a6xx: fix gpu failure after system resume (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes). - dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes). - enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28). - ext2: fix missing percpu_counter_inc (bsc#1175774). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: do not BUG on inconsistent journal feature (bsc#1171634). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins (git-fixes). - firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes). - firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes). - firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: Fix a reference count leak (git-fixes). - firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906). - firmware: smccc: Add function to fetch SMCCC version (bsc#1174906). - firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906). - firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906). - firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906). - firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906). - firmware: smccc: Update link to latest SMCCC specification (bsc#1174906). - firmware_loader: fix memory leak for paged buffer (bsc#1175367). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176). - fuse: fix weird page warning (bsc#1175175). - genetlink: remove genl_bind (networking-stable-20_07_17). - geneve: fix an uninitialized value in geneve_changelink() (git-fixes). - genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090). - genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090). - genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090). - gfs2: Another gfs2_find_jhead fix (bsc#1174824). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825). - go7007: add sanity checking for endpoints (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: arizona: put pm_runtime in case of failure (git-fixes). - gpio: max77620: Fix missing release of interrupt (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes). - habanalabs: increase timeout during reset (git-fixes). - HID: alps: support devices with report id 2 (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes). - HID: input: Fix devices that return multiple bytes in battery report (git-fixes). - HID: steam: fixes race in handling device list (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes). - i2c: also convert placeholder function to return errno (git-fixes). - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes). - i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411). - i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411). - i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - i2c: iproc: fix race between client unreg and isr (git-fixes). - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes). - i2c: rcar: avoid race when unregistering slave (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes). - i2c: slave: add sanity check when unregistering (git-fixes). - i2c: slave: improve sanity check when registering (git-fixes). - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes). - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes). - i40iw: Report correct firmware version (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (git-fixes). - IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes). - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes). - IB/hfi1: Ensure pq is not left on waitlist (git-fixes). - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes). - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes). - IB/mad: Fix use after free when destroying MAD agent (git-fixes). - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes). - IB/mlx5: Fix 50G per lane indication (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes). - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes). - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes). - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes). - IB/rdmavt: Delete unused routine (git-fixes). - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770). - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ice: Clear and free XLT entries on reset (jsc#SLE-7926). - ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926). - ide: Remove uninitialized_var() usage (git-fixes). - ieee802154: fix one possible memleak in adf7242_probe (git-fixes). - igc: Fix PTP initialization (bsc#1160634). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - Input: elan_i2c - only increment wakeup count on touch (git-fixes). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ionic: fix up filter locks and debug msgs (bsc#1167773). - ionic: keep rss hash after fw update (bsc#1167773). - ionic: unlock queue mutex in error path (bsc#1167773). - ionic: update filter id after replay (bsc#1167773). - ionic: use mutex to protect queue operations (bsc#1167773). - ionic: use offset for ethtool regs data (bsc#1167773). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17). - ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1175195). - iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI workaround for enum cpuhp_state (git-fixes). - kABI workaround for struct kvm_device (git-fixes). Just change an variable to 'const' type in kvm_device. - kABI workaround for struct kvm_vcpu_arch (git-fixes). Add a struct variable to the end of kvm_vcpu_arch and kvm_vcpu_arch is embedded into kvm_vcpu at the end. It is usually used by pointer and allocated dynamically, so this change should be fine even for external kvm module. - kABI/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - kABI/severities: ignore qla2xxx as all symbols are internal - kABI: genetlink: remove genl_bind (kabi). - kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645). - kernel.h: remove duplicate include of asm/div64.h (git-fixes). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190). - KVM: arm64: Correct PSTATE on exception entry (bsc#1133021). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021). - KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021). - KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593). - KVM: Play nice with read-only memslots when querying host page size (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: Reinstall old memslots if arch preparation fails (bsc#1133021). - KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021). - KVM: x86: Fix APIC page invalidation race (bsc#1133021). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: gpio: Fix semantic error (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: lm36274: fix use-after-free on unbind (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - locktorture: Print ratio of acquisitions, not failures (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix misplaced while instead of if (git-fixes). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - Mark the SLE15-SP2 kernel properly released. There perhaps was a typo, when SUSE_KERNEL_RELEASED missed the trailing 'D' - this leads to our kernels being marked as 'Unreleased kernel'. SUSE_KERNEL_RELEASED is defined in rpm/kernel-binary.spec.in. To fix that, it should be enough to switch from SUSE_KERNEL_RELEASE to SUSE_KERNEL_RELEASED. - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: camss: fix memory leaks on error handling paths in probe (git-fixes). - media: cxusb-analog: fix V4L2 dependency (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes). - media: media-request: Fix crash if memory allocation fails (git-fixes). - media: nuvoton-cir: remove setting tx carrier functions (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes). - media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes). - media: sur40: Remove uninitialized_var() usage (git-fixes). - media: vpss: clean up resources in init (git-fixes). - media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488). - mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm: Fix protection usage propagation (bsc#1174002). - mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes). - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes). - mtd: rawnand: qcom: avoid write to unavailable register (git-fixes). - mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28). - mwifiex: Fix firmware filename for sd8977 chipset (git-fixes). - mwifiex: Fix firmware filename for sd8997 chipset (git-fixes). - mwifiex: Prevent memory corruption handling keys (git-fixes). - ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518). - net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518). - net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518). - net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17). - net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid memory access violation by validating req_id properly (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: fix continuous keep-alive resets (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: Make missed_tx stat incremental (git-fixes). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: Prevent reset after device destruction (git-fixes). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: hns3: fix error handling for desc filling (git-fixes). - net: hns3: fix for not calculating TX BD send size correctly (git-fixes). - net: hns3: fix return value error when query MAC link status fail (git-fixes). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: lan78xx: replace bogus endpoint lookup (git-fixes). - net: mvneta: fix use of state->speed (networking-stable-20_07_17). - net: phy: Check harder for errors in get_phy_id() (git-fixes). - net: phy: fix memory leak in device-create error path (git-fixes). - net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17). - netdevsim: fix unbalaced locking in nsim_create() (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - ntb: Fix static check warning in perf_clear_test (git-fixes). - ntb: Fix the default port and peer numbers for legacy drivers (git-fixes). - ntb: hw: remove the code that sets the DMA mask (git-fixes). - ntb: ntb_pingpong: Choose doorbells based on port number (git-fixes). - ntb: ntb_test: Fix bug when counting remote files (git-fixes). - ntb: ntb_tool: reading the link file should not end in a NULL byte (git-fixes). - ntb: perf: Do not require one more memory window than number of peers (git-fixes). - ntb: perf: Fix race condition when run with ntb_test (git-fixes). - ntb: perf: Fix support for hardware that does not have port numbers (git-fixes). - ntb: Revert the change to use the NTB device dev for DMA allocations (git-fixes). - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes). - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108). - nvme-multipath: set bdi capabilities once (bsc#1159058). - nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058). - nvme-rdma: Add warning on state change failure at (bsc#1159058). - nvme-tcp: Add warning on state change failure at (bsc#1159058). - nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058). - nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes). - nvme: always search for namespace head (bsc#1159058). - nvme: avoid an Identify Controller command for each namespace (bsc#1159058). - nvme: check namespace head shared property (bsc#1159058). - nvme: clean up nvme_scan_work (bsc#1159058). - nvme: cleanup namespace identifier reporting in (bsc#1159058). - nvme: consolidate chunk_sectors settings (bsc#1159058). - nvme: consolodate io settings (bsc#1159058). - nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058). - nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058). - nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058). - nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058). - nvme: Fix controller creation races with teardown flow (bsc#1159058). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058). - nvme: fix identify error status silent ignore (git-fixes, bsc#1159058). - nvme: fix possible hang when ns scanning fails during error (bsc#1159058). - nvme: kABI fixes for nvme_ctrl (bsc#1159058). - nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058). - nvme: provide num dword helper (bsc#1159058). - nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058). - nvme: refine the Qemu Identify CNS quirk (bsc#1159058). - nvme: release ida resources (bsc#1159058). - nvme: release namespace head reference on error (bsc#1159058). - nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058). - nvme: remove unused parameter (bsc#1159058). - nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058). - nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058). - nvme: revalidate after verifying identifiers (bsc#1159058). - nvme: revalidate namespace stream parameters (bsc#1159058). - nvme: unlink head after removing last namespace (bsc#1159058). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (git-fixes). - openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix runtime PM imbalance on error (git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes). - phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes). - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes). - phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes). - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: ISST: Add new PCI device ids (git-fixes). - PM: wakeup: Show statistics for deleted wakeup sources again (git-fixes). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395). - powerpc/iommu: Allow bypass-only for DMA (bsc#1156395). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (git-fixes). - qed: suppress false-positives interrupt error messages on HW init (git-fixes). - r8169: fix jumbo configuration for RTL8168evl (bsc#1175296). - r8169: fix jumbo packet handling on resume from suspend (bsc#1175296). - r8169: fix resume on cable plug-in (bsc#1175296). - r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296). - r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296). - r8169: read common register for PCI commit (bsc#1175296). - random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes). - random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes). - random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes). - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes). - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes). - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes). - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes). - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes). - RDMA/cm: Remove a race freeing timewait_info (git-fixes). - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes). - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes). - RDMA/core: Fix double destruction of uobject (git-fixes). - RDMA/core: Fix double put of resource (git-fixes). - RDMA/core: Fix missing error check on dev_set_name() (git-fixes). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes). - RDMA/core: Fix race between destroy and release FD object (git-fixes). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes). - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes). - RDMA/counter: Query a counter before release (git-fixes). - RDMA/efa: Set maximum pkeys device attribute (git-fixes). - RDMA/hns: Bugfix for querying qkey (git-fixes). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes). - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes). - RDMA/iwcm: Fix iwcm work deallocation (git-fixes). - RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes). - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes). - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes). - RDMA/mlx5: Add init2init as a modify command (git-fixes). - RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446). - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes). - RDMA/mlx5: Fix typo in enum name (git-fixes). - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes). - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes). - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes). - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes). - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes). - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes). - RDMA/rxe: Set default vendor ID (git-fixes). - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes). - RDMA/siw: Fix failure handling during device creation (git-fixes). - RDMA/siw: Fix passive connection establishment (git-fixes). - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes). - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes). - RDMA/siw: Fix reporting vendor_part_id (git-fixes). - RDMA/siw: Fix setting active_mtu attribute (git-fixes). - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes). - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes). - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - remoteproc: qcom: q6v5: Update running state before requesting stop (git-fixes). - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes). - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes). - Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (git-fixes). - Revert 'drm/amd/display: Expose connector VRR range via debugfs' (bsc#1152489) * refreshed for context changes - Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (git-fixes). - Revert 'i2c: cadence: Fix the hold bit setting' (git-fixes). - Revert 'RDMA/cma: Simplify rdma_resolve_addr() error flow' (git-fixes). - Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003). - Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003). - rhashtable: Document the right function parameters (bsc#1174880). - rhashtable: drop duplicated word in (bsc#1174880). - rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880). - rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880). - rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/modules.fips: * add ecdh_generic (boo#1173813) - rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - rtw88: fix LDPC field for RA info (git-fixes). - rtw88: fix short GI capability based on current bandwidth (git-fixes). - sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28). - sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: remove unneeded semicolon (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes). - serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes). - serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes). - serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - serial: tegra: fix CREAD handling for PIO (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834). - soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116). - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes). - spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - spi: rockchip: Fix error in SPI slave pio read (git-fixes). - spi: spi-geni-qcom: Actually use our FIFO (git-fixes). - spi: spidev: Align buffers for DMA (git-fixes). - spi: stm32: fixes suspend/resume management (git-fixes). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging: rtl8712: handle firmware load failure (git-fixes). - staging: vchiq_arm: Add a matching unregister call (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes). - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes). - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - ubsan: check panic_on_warn (bsc#1174805). - uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762). - update upstream reference - usb: bdc: Halt controller on suspend (git-fixes). - usb: core: fix quirks_param_set() writing to a const pointer (git-fixes). - usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes). - usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes). - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: iowarrior: fix up report size handling for some devices (git-fixes). - usb: mtu3: clear dual mode of u3port when disable device (git-fixes). - usb: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - usb: serial: cp210x: re-enable auto-RTS on open (git-fixes). - usb: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - usb: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: tegra: Fix allocation for the FPCI context (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes). - watchdog: initialize device before misc_register (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - wl1251: fix always return 0 error (git-fixes). - x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes). - xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600). - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645). - xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645). - xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2577-1 Released: Wed Sep 9 07:18:53 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1176069,CVE-2020-14386 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2629-1 Released: Mon Sep 14 18:12:01 2020 Summary: Security update for shim Type: security Severity: moderate References: 1113225,1121268,1153953,1168104,1168994,1173411,1174320,1175626,1175656,CVE-2020-10713 This update for shim fixes the following issues: This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Changes: Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994) + Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin + Add vendor-dbx.bin as the vendor dbx to block unwanted keys - Update the path to grub-tpm.efi in shim-install (bsc#1174320) - Only check EFI variable copying when Secure Boot is enabled (bsc#1173411) - Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd (bsc#1168104) - shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. (bsc#1153953) - shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2638-1 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1165580 This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2684-1 Released: Fri Sep 18 15:01:24 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1176134,1176591 This update for grub2 fixes the following issues: - Make efi hand off the default entry point of the linux command (bsc#1176134) From sle-updates at lists.suse.com Wed Sep 23 06:25:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 14:25:55 +0200 (CEST) Subject: SUSE-IU-2020:88-1: Security update of suse-sles-15-sp2-chost-byos-v20200922-hvm-ssd-x86_64 Message-ID: <20200923122555.A4042FCE2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20200922-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:88-1 Image Tags : suse-sles-15-sp2-chost-byos-v20200922-hvm-ssd-x86_64:20200922 Image Release : Severity : important Type : security References : 1027519 1058115 1065600 1065729 1065729 1071995 1071995 1085030 1085030 1096405 1096406 1096407 1096408 1100077 1101023 1106843 1113719 1115750 1118118 1120163 1120862 1127544 1130528 1132087 1133021 1136031 1136132 1141320 1142733 1146358 1146359 1146991 1148868 1149032 1149164 1149911 1151708 1152472 1152472 1152489 1152489 1153274 1153274 1153520 1154063 1154353 1154353 1154488 1154492 1154492 1155305 1155518 1155518 1155798 1156395 1156395 1156913 1157169 1158050 1158242 1158265 1158336 1158748 1158765 1158983 1159058 1159086 1159781 1159867 1160634 1160947 1161495 1161573 1162002 1162063 1162400 1162680 1162702 1164260 1164648 1164777 1164780 1165211 1165580 1165828 1165933 1165975 1166985 1167104 1167494 1167651 1167773 1167773 1168230 1168235 1168389 1168422 1168669 1168779 1168838 1168959 1168994 1169021 1169094 1169095 1169194 1169444 1169514 1169521 1169681 1169771 1169790 1169850 1169851 1169947 1169997 1170011 1170154 1170284 1170442 1170475 1170476 1170617 1170745 1170774 1170801 1170879 1170891 1170895 1170964 1171150 1171189 1171191 1171219 1171220 1171246 1171284 1171417 1171437 1171513 1171529 1171530 1171546 1171634 1171652 1171656 1171662 1171688 1171688 1171699 1171732 1171739 1171743 1171759 1171828 1171857 1171868 1171878 1171904 1171915 1171982 1171983 1171988 1171995 1172017 1172040 1172046 1172061 1172062 1172063 1172064 1172065 1172066 1172067 1172068 1172069 1172073 1172085 1172086 1172095 1172108 1172169 1172170 1172195 1172197 1172201 1172205 1172208 1172223 1172247 1172307 1172342 1172343 1172344 1172356 1172365 1172366 1172374 1172383 1172384 1172386 1172391 1172393 1172394 1172396 1172418 1172453 1172458 1172467 1172477 1172484 1172495 1172537 1172543 1172566 1172687 1172698 1172704 1172710 1172719 1172739 1172745 1172751 1172759 1172775 1172781 1172782 1172783 1172807 1172807 1172810 1172814 1172816 1172823 1172824 1172841 1172861 1172871 1172871 1172925 1172929 1172938 1172939 1172940 1172956 1172963 1172983 1172984 1172985 1172986 1172987 1172988 1172989 1172990 1172999 1173032 1173060 1173068 1173074 1173085 1173106 1173139 1173159 1173160 1173161 1173206 1173227 1173229 1173238 1173240 1173271 1173274 1173280 1173284 1173336 1173357 1173359 1173376 1173377 1173378 1173380 1173422 1173428 1173438 1173461 1173468 1173485 1173514 1173539 1173552 1173560 1173573 1173582 1173625 1173746 1173776 1173798 1173812 1173813 1173817 1173818 1173820 1173822 1173823 1173824 1173825 1173826 1173827 1173828 1173830 1173831 1173832 1173833 1173834 1173836 1173837 1173838 1173839 1173841 1173843 1173844 1173845 1173847 1173849 1173860 1173894 1173941 1173954 1174002 1174003 1174011 1174018 1174026 1174072 1174091 1174116 1174120 1174126 1174127 1174128 1174129 1174154 1174185 1174205 1174244 1174247 1174260 1174263 1174264 1174320 1174331 1174332 1174333 1174345 1174356 1174362 1174387 1174396 1174398 1174407 1174409 1174411 1174421 1174438 1174462 1174463 1174484 1174513 1174527 1174543 1174543 1174551 1174567 1174570 1174618 1174625 1174627 1174645 1174673 1174689 1174699 1174736 1174737 1174757 1174762 1174770 1174771 1174777 1174782 1174805 1174824 1174825 1174847 1174852 1174865 1174880 1174897 1174906 1174969 1175009 1175010 1175011 1175012 1175013 1175014 1175015 1175016 1175017 1175018 1175019 1175020 1175021 1175036 1175052 1175060 1175109 1175112 1175116 1175128 1175149 1175175 1175176 1175180 1175181 1175182 1175183 1175184 1175185 1175186 1175187 1175188 1175189 1175190 1175191 1175192 1175195 1175199 1175213 1175232 1175250 1175251 1175263 1175284 1175296 1175344 1175345 1175346 1175347 1175367 1175377 1175440 1175493 1175546 1175550 1175654 1175691 1175766 1175768 1175769 1175770 1175771 1175772 1175774 1175775 1175811 1175830 1175831 1175834 1175873 1176069 1176134 1176179 1176591 927831 941629 962849 996146 CVE-2018-18751 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 CVE-2018-4700 CVE-2019-19462 CVE-2019-20810 CVE-2019-20812 CVE-2019-20907 CVE-2019-8675 CVE-2019-8696 CVE-2020-0305 CVE-2020-0543 CVE-2020-10135 CVE-2020-10700 CVE-2020-10704 CVE-2020-10711 CVE-2020-10713 CVE-2020-10730 CVE-2020-10732 CVE-2020-10745 CVE-2020-10751 CVE-2020-10760 CVE-2020-10761 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-10781 CVE-2020-12402 CVE-2020-12656 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13800 CVE-2020-13974 CVE-2020-14303 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-14416 CVE-2020-14422 CVE-2020-15393 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 CVE-2020-15719 CVE-2020-15780 CVE-2020-16166 CVE-2020-24977 CVE-2020-3898 CVE-2020-8023 CVE-2020-8231 ----------------------------------------------------------------- The container suse-sles-15-sp2-chost-byos-v20200922-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1476-1 Released: Thu Aug 2 14:20:03 2018 Summary: Security update for cups Type: security Severity: moderate References: 1096405,1096406,1096407,1096408,CVE-2018-4180,CVE-2018-4181,CVE-2018-4182,CVE-2018-4183 This update for cups fixes the following issues: The following security vulnerabilities were fixed: - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2882-1 Released: Mon Dec 10 08:07:44 2018 Summary: Security update for cups Type: security Severity: important References: 1115750,CVE-2018-4700 This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:608-1 Released: Wed Mar 13 15:21:02 2019 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1118118 This update for cups fixes the following issues: - Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2357-1 Released: Wed Sep 11 13:26:14 2019 Summary: Recommended update for lmdb Type: recommended Severity: moderate References: 1136132 This update for lmdb fixes the following issues: - Fix occasional crash when freed pages landed on the dirty list twice (bsc#1136132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3030-1 Released: Thu Nov 21 19:11:25 2019 Summary: Security update for cups Type: security Severity: important References: 1146358,1146359,CVE-2019-8675,CVE-2019-8696 This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:365-1 Released: Fri Feb 7 13:48:54 2020 Summary: Recommended update for lmdb Type: recommended Severity: moderate References: 1159086 This update for lmdb fixes the following issues: - Fix assert in LMBD during 'mdb_page_search_root'. (bsc#1159086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:517-1 Released: Thu Feb 27 14:39:01 2020 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1130528,1132087,1136031,1149164 This update for cifs-utils fixes the following issues: Update cifs-utils 6.9; (bsc#1132087); (bsc#1136031). * follow SMB default version changes in the kernel. * adds fixes for Azure * new smbinfo utility - Fix double-free in mount.cifs; (bsc#1149164). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1083-1 Released: Thu Apr 23 11:31:23 2020 Summary: Security update for cups Type: security Severity: important References: 1168422,CVE-2020-3898 This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1370-1 Released: Thu May 21 19:06:00 2020 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1171656 This update for systemd-presets-branding-SLE fixes the following issues: Cleanup of outdated autostart services (bsc#1171656): - Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE. - Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this. - Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1795-1 Released: Mon Jun 29 11:22:45 2020 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1172566 This update for lvm2 fixes the following issues: - Fix potential data loss problem with LVM cache (bsc#1172566) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1821-1 Released: Thu Jul 2 08:39:34 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1172807,1172816 This update for dracut fixes the following issues: - 35network-legacy: Fix dual stack setups. (bsc#1172807) - 95iscsi: fix missing space when compiling cmdline args. (bsc#1172816) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1822-1 Released: Thu Jul 2 11:30:42 2020 Summary: Security update for python3 Type: security Severity: important References: 1173274,CVE-2020-14422 This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1850-1 Released: Mon Jul 6 14:44:39 2020 Summary: Security update for mozilla-nss Type: security Severity: moderate References: 1168669,1173032,CVE-2020-12402 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1852-1 Released: Mon Jul 6 16:50:21 2020 Summary: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Type: recommended Severity: moderate References: 1169444 This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1885-1 Released: Fri Jul 10 14:54:22 2020 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1170154,1171546,1171995 This update for cloud-init contains the following fixes: - rsyslog warning, '~' is deprecated: (bsc#1170154) + replace deprecated syntax '& ~' by '& stop' for more information please see https://www.rsyslog.com/rsyslog-error-2307/. + Explicitly test for netconfig version 1 as well as 2. + Handle netconfig v2 device configurations (bsc#1171546, bsc#1171995) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1902-1 Released: Tue Jul 14 15:19:43 2020 Summary: Security update for xen Type: security Severity: important References: 1027519,1172205,1173376,1173377,1173378,1173380,CVE-2020-0543,CVE-2020-15563,CVE-2020-15565,CVE-2020-15566,CVE-2020-15567 This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205). Additional upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1938-1 Released: Thu Jul 16 14:43:32 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1169947,1170801,1172925,1173106 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to: - Enable zstd compression support for sle15 zypper was updated to version 1.14.37: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) libzypp was updated to 17.24.0 - Fix core dump with corrupted history file (bsc#1170801) - Enable zchunk metadata download if libsolv supports it. - Better handling of the purge-kernels algorithm. (bsc#1173106) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1948-1 Released: Fri Jul 17 14:48:02 2020 Summary: Security update for ldb, samba Type: security Severity: important References: 1141320,1162680,1169095,1169521,1169850,1169851,1171437,1172307,1173159,1173160,1173161,1173359,1174120,CVE-2020-10700,CVE-2020-10704,CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); - Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521); Changes in ldb: - Update to version 2.0.12 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + lib/ldb: add unit test for ldb_ldap internal code. - Update to version 2.0.11 + lib ldb: lmdb init var before calling mdb_reader_check. + lib ldb: lmdb clear stale readers on write txn start; (bso#14330). + ldb tests: Confirm lmdb free list handling ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1950-1 Released: Fri Jul 17 17:16:21 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1161573,1165828,1169997,1172807,1173560 This update for dracut fixes the following issues: - Update to version 049.1+suse.152.g8506e86f: * 01fips: modprobe failures during manual module loading is not fatal. (bsc#bsc#1169997) * 91zipl: parse-zipl.sh: honor SYSTEMD_READY. (bsc#1165828) * 95iscsi: fix ipv6 target discovery. (bsc#1172807) * 35network-legacy: correct conditional for creating did-setup file. (bsc#1172807) - Update to version 049.1+suse.148.gc4a6c2dd: * 95fcoe: load 'libfcoe' module as a fallback. (bsc#1173560) * 99base: enable the initqueue in both 'dracut --add-device' and 'dracut --mount' cases. (bsc#1161573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1952-1 Released: Fri Jul 17 17:35:24 2020 Summary: Recommended update for zypper-migration-plugin Type: recommended Severity: moderate References: 1171652 This update for zypper-migration-plugin fixes the following issue: - Update from version 0.12.1580220831.7102be8 to version 0.12.1590748670.86b0749 * Make sure that all the release packages are installed. (bsc#1171652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1953-1 Released: Sat Jul 18 03:06:11 2020 Summary: Recommended update for parted Type: recommended Severity: important References: 1164260 This update for parted fixes the following issue: - fix support of NVDIMM (pmemXs) devices (bsc#1164260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1954-1 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1172396 This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1986-1 Released: Tue Jul 21 16:06:12 2020 Summary: Recommended update for openvswitch Type: recommended Severity: moderate References: 1172861,1172929 This update for openvswitch fixes the following issues: - Preserve the old default OVS_USER_ID for users that removed the override at /etc/sysconfig/openvswitch. (bsc#1172861) - Fix possible changes of openvswitch configuration during upgrades. (bsc#1172929) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1987-1 Released: Tue Jul 21 17:02:15 2020 Summary: Recommended update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings Type: recommended Severity: important References: 1172477,1173336,1174011 This update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings fixes the following issues: libsolv: - No source changes, just shipping it as an installer update (required by yast2-pkg-bindings). libzypp: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) yast2-packager: - Handle variable expansion in repository name. (bsc#1172477) - Improve medium type detection, do not report Online medium when the /media.1/products file is missing in the repository, SMT does not mirror this file. (bsc#1173336) yast2-pkg-bindings: - Extensions to handle raw repository name. (bsc#1172477) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2000-1 Released: Wed Jul 22 09:04:41 2020 Summary: Recommended update for efivar Type: recommended Severity: important References: 1100077,1101023,1120862,1127544 This update for efivar fixes the following issues: - fix logic that checks for UCS-2 string termination (bsc#1127544) - fix casting of IPv4 addresses - Don't require an EUI for NVMe (bsc#1100077) - Add support for ACPI Generic Container and Embedded Controller root nodes (bsc#1101023) - fix for compilation failures bsc#1120862 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2015-1 Released: Thu Jul 23 09:21:24 2020 Summary: Security update for qemu Type: security Severity: important References: 1172383,1172384,1172386,1172495,1172710,CVE-2020-10761,CVE-2020-13361,CVE-2020-13362,CVE-2020-13659,CVE-2020-13800 This update for qemu to version 4.2.1 fixes the following issues: - CVE-2020-10761: Fixed a denial of service in Network Block Device (nbd) support infrastructure (bsc#1172710). - CVE-2020-13800: Fixed a denial of service possibility in ati-vga emulation (bsc#1172495). - CVE-2020-13659: Fixed a null pointer dereference possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172386). - CVE-2020-13362: Fixed an OOB access possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172383). - CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation (bsc#1172384). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2018-1 Released: Thu Jul 23 09:35:42 2020 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1172040 This update for apparmor fixes the following issues: - Add 'UI_Showfile' so Yast shows the profile correctly. (bsc#1172040) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2074-1 Released: Wed Jul 29 18:59:46 2020 Summary: Security update for grub2 Type: security Severity: important References: 1168994,1173812,1174463,1174570,CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer - Use grub_calloc for overflow check and return NULL when it would occur ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2105-1 Released: Mon Aug 3 16:42:25 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1058115,1065729,1071995,1085030,1148868,1152472,1152489,1153274,1154353,1154492,1155518,1155798,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158983,1159781,1159867,1160947,1161495,1162002,1162063,1162400,1162702,1164648,1164777,1164780,1165211,1165933,1165975,1166985,1167104,1167651,1167773,1168230,1168779,1168838,1168959,1169021,1169094,1169194,1169514,1169681,1169771,1170011,1170284,1170442,1170617,1170774,1170879,1170891,1170895,1171150,1171189,1171191,1171219,1171220,1171246,1171417,1171513,1171529,1171530,1171662,1171688,1171699,1171732,1171739,1171743,1171759,1171828,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172169,1172170,1172201,1172208,1172223,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172739,1172751,1172759,1172775,1172781,1172782,1 172783,1172814,1172823,1172841,1172871,1172938,1172939,1172940,1172956,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173060,1173068,1173074,1173085,1173139,1173206,1173271,1173280,1173284,1173428,1173438,1173461,1173514,1173552,1173573,1173625,1173746,1173776,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1174018,1174072,1174116,1174126,1174127,1174128,1174129,1174185,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174513,1174527,1174543,1174627,962849,CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0305,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020- 13143,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (bnc#1158265). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c could result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3 (bnc#1172453). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth?? BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem in versions This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-10781: A zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). - CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bnc#1171983). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-13143: gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c relies on kstrdup without considering the possibility of an internal '\0' value, which allowed attackers to trigger an out-of-bounds read (bnc#1171982). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). The following non-security bugs were fixed: - ACPICA: Dispatcher: add status checks (git-fixes). - ACPICA: Fixes for acpiExec namespace init file (git-fixes). - ACPI: configfs: Disallow loading ACPI tables when locked down (git-fixes). - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (git-fixes). - ACPI: GED: add support for _Exx / _Lxx handler methods (git-fixes). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (git-fixes). - ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes). - ACPI: PM: Avoid using power resources if there are none for D0 (git-fixes). - ACPI: sysfs: Fix pm_profile_attr type (git-fixes). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (git-fixes). - ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes). - af_unix: add compat_ioctl support (git-fixes). - agp/intel: Reinforce the barrier after GTT updates (git-fixes). - aio: fix async fsync creds (bsc#1173828). - ALSA: emu10k1: delete an unnecessary condition (git-fixes). - ALSA: es1688: Add the missed snd_card_free() (git-fixes). - ALSA: fireface: fix configuration error for nominal sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix invalid assignment to union data for directional parameter (git-fixes). - ALSA: hda: Add ElkhartLake HDMI codec vid (git-fixes). - ALSA: hda: add member to store ratio for stripe control (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (git-fixes). - ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes). - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261). - ALSA: hda - let hs_mic be picked ahead of hp_mic (git-fixes). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (git-fixes). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (git-fixes). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (git-fixes). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (git-fixes). - ALSA: hda/realtek - fixup for yet another Intel reference board (git-fixes). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (git-fixes). - ALSA: hda/tegra: correct number of SDO lines for Tegra194 (git-fixes). - ALSA: hda/tegra: workaround playback failure on Tegra194 (git-fixes). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: line6: Sync the pending work cancel at disconnection (git-fixes). - ALSA: opl3: fix infoleak in opl3 (git-fixes). - ALSA: pcm: disallow linking stream to itself (git-fixes). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: fix snd_pcm_link() lockdep splat (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (git-fixes). - ALSA: usb-audio: Clean up quirk entries with macros (git-fixes). - ALSA: usb-audio: Fix a limit check in proc_dump_substream_formats() (git-fixes). - ALSA: usb-audio: Fix inconsistent card PM state after resume (git-fixes). - ALSA: usb-audio: fixing upper volume limit for RME Babyface Pro routing crosspoints (git-fixes). - ALSA: usb-audio: Fixing usage of plain int instead of NULL (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix packet size calculation (bsc#1173847). - ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: Fix racy list management in output queue (git-fixes). - ALSA: usb-audio: Improve frames size computation (git-fixes). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (git-fixes). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Print more information in stream proc files (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Remove async workaround for Scarlett 2nd gen (git-fixes). - ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes). - ALSA: usb-audio: RME Babyface Pro mixer patch (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (git-fixes). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (networking-stable-20_04_17). - apparmor: ensure that dfa state tables have entries (git-fixes). - apparmor: fix introspection of of task mode for unconfined tasks (git-fixes). - apparmor: Fix memory leak of profile proxy (git-fixes). - apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes). - apparmor: remove useless aafs_create_symlink (git-fixes). - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id (bsc#1174398). - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode (bsc#1174398). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12424). - ARM: oxnas: make ox820_boot_secondary static (git-fixes). - asm-gemeric/tlb: remove stray function declarations (bsc#1156395). - ASoC: codecs: max98373: Removed superfluous volume control from chip default (git-fixes). - ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend (git-fixes). - ASoC: core: only convert non DPCM link to DPCM link (git-fixes). - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type (git-fixes). - ASoC: fix incomplete error-handling in img_i2s_in_probe (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes). - ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet (git-fixes). - ASoC: intel: cht_bsw_max98090_ti: Add all Chromebooks that need pmc_plt_clk_0 quirk (bsc#1171246). - ASoC: intel - fix the card names (git-fixes). - ASoC: max98373: reorder max98373_reset() in resume (git-fixes). - ASoC: max9867: fix volume controls (git-fixes). - ASoC: meson: add missing free_irq() in error path (git-fixes). - ASoc: q6afe: add support to get port direction (git-fixes). - ASoC: q6asm: handle EOS correctly (git-fixes). - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes). - ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes). - ASoC: rockchip: Fix a reference count leak (git-fixes). - ASoC: rt286: fix unexpected interrupt happens (git-fixes). - ASoC: rt5645: Add platform-data for Asus T101HA (git-fixes). - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5682: Report the button event in the headset type only (git-fixes). - ASoC: SOF: core: fix error return code in sof_probe_continue() (git-fixes). - ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes). - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags (git-fixes). - ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes). - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()' (git-fixes). - ASoC: topology: fix kernel oops on route addition error (git-fixes). - ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes). - ASoC: ux500: mop500: Fix some refcounted resources issues (git-fixes). - ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes). - ASoC: wm8974: remove unsupported clock mode (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: fix kernel null pointer dereference (git-fixes). - ath10k: Fix the race condition in firmware dump work queue (git-fixes). - ath10k: Remove ath10k_qmi_register_service_notifier() declaration (git-fixes). - ath10k: remove the max_sched_scan_reqs value (git-fixes). - ath10k: Skip handling del_server during driver exit (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (git-fixes). - ath9k: Fix use-after-free Read in htc_connect_service (git-fixes). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (git-fixes). - ax25: fix setsockopt(SO_BINDTODEVICE) (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Fix connection problem with WPA3 (git-fixes). - b43legacy: Fix case where channel status is corrupted (git-fixes). - b43_legacy: Fix connection problem with WPA3 (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - batman-adv: Revert 'disable ethtool link speed detection when auto negotiation off' (git-fixes). - bdev: fix bdev inode reference count disbalance regression (bsc#1174244) - bfq: Avoid false bfq queue merging (bsc#1171513). - bfq: Fix check detecting whether waker queue should be selected (bsc#1168838). - bfq: Use only idle IO periods for think time calculations (bsc#1171513). - bfq: Use 'ttime' local variable (bsc#1171513). - blacklist.conf: Add 9486727f5981 iommu/vt-d: Make Intel SVM code 64-bit only - blacklist.conf: Add superfluous stable commit IDs - blacklist.conf: cleanup removing unused exported symbols, unavoidable kABI breakage - blacklist.conf: for future infrastructure, and will need kABI workarounds in each user, only if we really need it - blk-iocost: Fix error on iocost_ioc_vrate_adj (bsc#1173206). - blk-iocost: fix incorrect vtime comparison in iocg_is_idle() (bsc#1173206). - blk-mq: consider non-idle request as 'inflight' in blk_mq_rq_inflight() (bsc#1165933). - block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (bsc#1173817). - block: Fix use-after-free in blkdev_get() (bsc#1173834). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes). - Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes). - Bluetooth: btmtkuart: Improve exception handling in btmtuart_probe() (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150). - bnxt_en: fix firmware message length endianness (bsc#1173894). - bnxt_en: Fix return code to 'flash_device' (bsc#1173894). - bnxt_en: Improve TQM ring context memory sizing formulas (jsc#SLE-8371 bsc#1153274). - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274). - bnxt_en: Return from timer if interface is not in open state (jsc#SLE-8371 bsc#1153274). - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274). - bpf: Document optval > PAGE_SIZE behavior for sockopt hooks (bsc#1155518). - bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518). - bpf: Do not return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE (bsc#1155518). - bpf: Fix an error code in check_btf_func() (bsc#1154353). - bpf: Fix map permissions check (bsc#1155518). - bpf: Prevent mmap()'ing read-only maps as writable (bsc#1155518). - bpf: Restrict bpf_probe_read{, str}() only to archs where they work (bsc#1172344). - bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier (bsc#1172344). - bpf, sockhash: Synchronize_rcu before free'ing map (git-fixes). - bpf, sockmap: Check update requirements after locking (git-fixes). - bpf: Undo internal BPF_PROBE_MEM in BPF insns dump (bsc#1155518). - bpf, xdp, samples: Fix null pointer dereference in *_user code (bsc#1155518). - brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094). - brcmfmac: fix wrong location to get firmware feature (git-fixes). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - bridge: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes). - bus: ti-sysc: Ignore clockactivity unless specified as a quirk (git-fixes). - carl9170: remove P2P_GO support (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: add comments for handle_cap_flush_ack logic (bsc#1172940). - ceph: allow rename operation under different quota realms (bsc#1172988). - ceph: ceph_kick_flushing_caps needs the s_mutex (bsc#1172986). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1172984 bsc#1167104). - ceph: document what protects i_dirty_item and i_flushing_item (bsc#1172940). - ceph: do not release i_ceph_lock in handle_cap_trunc (bsc#1172940). - ceph: do not return -ESTALE if there's still an open file (bsc#1171915). - ceph: do not take i_ceph_lock in handle_cap_import (bsc#1172940). - ceph: fix potential race in ceph_check_caps (bsc#1172940). - ceph: flush release queue when handling caps for unknown inode (bsc#1172939). - ceph: make sure mdsc->mutex is nested in s->s_mutex to fix dead lock (bsc#1172989). - ceph: normalize 'delta' parameter usage in check_quota_exceeded (bsc#1172987). - ceph: reorganize __send_cap for less spinlock abuse (bsc#1172940). - ceph: request expedited service on session's last cap flush (bsc#1172985 bsc#1167104). - ceph: reset i_requested_max_size if file write is not wanted (bsc#1172983). - ceph: skip checking caps when session reconnecting and releasing reqs (bsc#1172990). - ceph: split up __finish_cap_flush (bsc#1172940). - ceph: throw a warning if we destroy session with mutex still locked (bsc#1172940). - char/random: Add a newline at the end of the file (jsc#SLE-12424). - clk: bcm2835: Fix return type of bcm2835_register_gate (git-fixes). - clk: bcm2835: Remove casting to bcm2835_clk_register (git-fixes). - clk: clk-flexgen: fix clock-critical handling (git-fixes). - clk: mediatek: assign the initial value to clk_init_data of mtk_mux (git-fixes). - clk: meson: meson8b: Do not rely on u-boot to init all GP_PLL registers (git-fixes). - clk: meson: meson8b: Fix the polarity of the RESET_N lines (git-fixes). - clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits (git-fixes). - clk: qcom: Add missing msm8998 ufs_unipro_core_clk_src (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical (git-fixes). - clk: sifive: allocate sufficient memory for struct __prci_data (git-fixes). - clk: sprd: return correct type of value for _sprd_pll_recalc_rate (git-fixes). - clk: sunxi: Fix incorrect usage of round_down() (git-fixes). - clk: ti: am33xx: fix RTC clock parent (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (git-fixes). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (git-fixes). - component: Silence bind error on -EPROBE_DEFER (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1172739 - coredump: fix crash when umh is disabled (git-fixes). - coredump: fix null pointer dereference on coredump (git-fixes). - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes). - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once (git-fixes). - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn (git-fixes). - cpuidle: Fix three reference count leaks (git-fixes). - crypto: algapi - Avoid spurious modprobe on LOADED (git-fixes). - crypto: algboss - do not wait during notifier callback (git-fixes). - crypto: algif_skcipher - Cap recv SG list at ctx->used (git-fixes). - crypto - Avoid free() namespace collision (git-fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp -- do not 'select' CONFIG_DMADEVICES (git-fixes). - crypto/chcr: fix for ccm(aes) failed test (git-fixes). - crypto: chelsio/chtls: properly set tp->lsndtime (git-fixes). - crypto: drbg - fix error return code in drbg_alloc_state() (git-fixes). - crypto: omap-sham - add proper load balancing support for multicore (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: stm32/crc32 - fix multi-instance (git-fixes). - crypto: stm32/crc32 - fix run-time self test issue (git-fixes). - cxgb4: fix adapter crash due to wrong MC size (networking-stable-20_04_27). - cxgb4: fix large delays in PTP synchronization (networking-stable-20_04_27). - dccp: Fix possible memleak in dccp_init and dccp_fini (networking-stable-20_06_16). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - devlink: fix return value after hitting end in region read (networking-stable-20_05_12). - devmap: Use bpf_map_area_alloc() for allocating hash buckets (bsc#1154353). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dma-coherent: fix integer overflow in the reserved-memory dma allocation (git-fixes). - dma-debug: fix displaying of dma allocation type (git-fixes). - dma-direct: fix data truncation in dma_direct_get_required_mask() (git-fixes). - dmaengine: dmatest: Fix process hang when reading 'wait' parameter (git-fixes). - dmaengine: dmatest: Restore default for channel (git-fixes). - dmaengine: dmatest: stop completed threads when running without set channel (git-fixes). - dmaengine: dw: Initialize channel before each transfer (git-fixes). - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes). - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler (git-fixes). - dmaengine: mmp_tdma: Do not ignore slave config validation errors (git-fixes). - dmaengine: mmp_tdma: Reset channel error on release (git-fixes). - dmaengine: owl: Use correct lock in owl_dma_get_pchan() (git-fixes). - dmaengine: pch_dma.c: Avoid data race between probe and irq handler (git-fixes). - dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (git-fixes). - dm: do not use waitqueue for request-based DM (bsc#1165933). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: reject asynchronous pmem devices (bsc#1156395). - dpaa2-eth: prevent array underflow in update_cls_rule() (networking-stable-20_05_16). - dpaa2-eth: properly handle buffer size restrictions (networking-stable-20_05_16). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174396). - dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: phy: sr-usb: do not use internal fsm for USB2 phy init (git-fixes). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (git-fixes). - drm/amd/display: add basic atomic check for cursor plane (git-fixes). - drm/amd/display: drop cursor position check in atomic test (git-fixes). - drm: amd/display: fix Kconfig help text (bsc#1152489) * context changes - drm/amd/display: Only revalidate bandwidth on medium and fast updates (git-fixes). - drm/amd/display: Prevent dpcd reads with passive dongles (git-fixes). - drm/amd/display: Revalidate bandwidth before commiting DC updates (git-fixes). - drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (git-fixes). - drm/amd: fix potential memleak in err branch (git-fixes). - drm/amdgpu: add fw release for sdma v5_0 (git-fixes). - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes). - drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes). - drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes). - drm/amdgpu: fix gfx hang during suspend with video playback (v2) (git-fixes). - drm/amdgpu: fix the hw hang during perform system reboot and reset (git-fixes). - drm/amdgpu: force fbdev into vram (bsc#1152472) * context changes - drm/amdgpu: Init data to avoid oops while reading pp_num_states (git-fixes). - drm/amdgpu: invalidate L2 before SDMA IBs (v2) (git-fixes). - drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1152472) - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes). - drm/amdgpu: simplify padding calculations (v2) (git-fixes). - drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes). - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (git-fixes). - drm/amd/powerplay: avoid using pm_en before it is initialized revised (git-fixes). - drm/amd/powerplay: perform PG ungate prior to CG ungate (git-fixes). - drm: bridge: adv7511: Extend list of audio sample rates (git-fixes). - drm/connector: notify userspace on hotplug after register complete (bsc#1152489) * context changes - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (git-fixes). - drm/edid: Add Oculus Rift S to non-desktop list (git-fixes). - drm: encoder_slave: fix refcouting error for modules (git-fixes). - drm/etnaviv: fix perfmon domain interation (git-fixes). - drm/etnaviv: rework perfmon query infrastructure (git-fixes). - drm/exynos: fix ref count leak in mic_pre_enable (git-fixes). - drm/exynos: Properly propagate return value in drm_iommu_attach_device() (git-fixes). - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is (bsc#1152489) - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is disabled (git-fixes). - drm/i915: extend audio CDCLK>=2*BCLK constraint to more platforms (git-fixes). - drm/i915: Extend WaDisableDARBFClkGating to icl,ehl,tgl (bsc#1152489) - drm/i915: fix port checks for MST support on gen >= 11 (git-fixes). - drm/i915/gem: Avoid iterating an empty list (git-fixes). - drm/i915/gt: Do not schedule normal requests immediately along (bsc#1152489) - drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes). - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (bsc#1152489) - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (git-fixes). - drm/i915/gvt: Fix two CFL MMIO handling caused by regression. (bsc#1152489) - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes). - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1152489) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (git-fixes). - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1152489) * context changes - drm/i915: HDCP: fix Ri prime check done during link check (git-fixes). - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1152489) - drm/i915: Limit audio CDCLK>=2*BCLK constraint back to GLK only (git-fixes). - drm/i915: Propagate error from completed fences (git-fixes). - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (git-fixes). - drm/i915: work around false-positive maybe-uninitialized warning (git-fixes). - drm/mcde: dsi: Fix return value check in mcde_dsi_bind() (git-fixes). - drm: mcde: Fix display initialization problem (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489) - drm/msm/dpu: allow initialization of encoder locks during encoder init (git-fixes). - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes). - drm/msm: fix potential memleak in error branch (git-fixes). - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation (git-fixes). - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection (git-fixes). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (git-fixes). - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() (git-fixes). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (git-fixes). - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - drm: rcar-du: Fix build error (bsc#1152472) - drm/sun4i: hdmi ddc clk: Fix size of m divider (git-fixes). - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489) - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes). - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes). - drm/tegra: hub: Do not enable orphaned window group (git-fixes). - drm/vkms: Hold gem object while still in-use (git-fixes). - Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. (cherry picked from commit 70ad1b2fa5955d91e1a09a8027daf210e28fee30) - Drop a couple of block layer git-fixes Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. - dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() (git-fixes). - e1000: Distribute switch variables for initialization (git-fixes). - e1000e: Disable TSO for buffer overrun workaround (git-fixes). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (git-fixes). - e1000e: Relax condition to trigger reset for ME workaround (git-fixes). - EDAC/amd64: Add PCI device IDs for family 17h, model 70h (bsc#1165975). - EDAC/ghes: Setup DIMM label from DMI and use it in error reports (bsc#1168779). - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable (bsc#1152489). - EDAC/synopsys: Do not dump uninitialized pinf->col (bsc#1152489). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12424). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12424). - efi/tpm: Verify event log header before parsing (bsc#1173461). - eventpoll: fix missing wakeup for ovflist in ep_poll_callback (bsc#1159867). - evm: Check also if *tfm is an error pointer in init_desc() (git-fixes). - evm: Fix a small race in init_desc() (git-fixes). - evm: Fix possible memory leak in evm_calc_hmac_or_hash() (git-fixes). - evm: Fix RCU list related warnings (git-fixes). - exfat: add missing brelse() calls on error paths (git-fixes). - exfat: fix incorrect update of stream entry in __exfat_truncate() (git-fixes). - exfat: fix memory leak in exfat_parse_param() (git-fixes). - exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes). - ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843). - ext4: fix error pointer dereference (bsc#1173837). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (git-fixes). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fat: do not allow to mount if the FAT length == 0 (bsc#1173831). - fdt: add support for rng-seed (jsc#SLE-12424). - fdt: Update CRC check for rng-seed (jsc#SLE-12424). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (git-fixes). - firmware: imx-scu: Support one TX and one RX (git-fixes). - firmware: imx: warn on unexpected RX (git-fixes). - firmware: qcom_scm: fix bogous abuse of dma-direct internals (git-fixes). - firmware: xilinx: Fix an error handling path in 'zynqmp_firmware_probe()' (git-fixes). - Fix a regression of AF_ALG crypto interface hang with aes_s390 (bsc#1167651) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fork: prevent accidental access to clone3 features (bsc#1174018). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs: Do not check if there is a fsnotify watcher on pseudo inodes (bsc#1158765). - fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config file - fsnotify: Rearrange fast path to minimise overhead when there is no watcher (bsc#1158765). - fuse: copy_file_range should truncate cache (git-fixes). - fuse: fix copy_file_range cache issues (git-fixes). - genetlink: clean up family attributes allocations (git-fixes). - genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() (bsc#1154353). - geneve: allow changing DF behavior after creation (git-fixes). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - gfs2: fix glock reference problem in gfs2_trans_remove_revoke (bsc#1173823). - gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822). - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() (git-fixes). - gpio: dwapb: Append MODULE_ALIAS for platform driver (git-fixes). - gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration (git-fixes). - gpio: exar: Fix bad handling for ida_simple_get error path (git-fixes). - gpiolib: Document that GPIO line names are not globally unique (git-fixes). - gpio: pca953x: disable regmap locking for automatic address incrementing (git-fixes). - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes). - gpio: pca953x: fix handling of automatic address incrementing (git-fixes). - gpio: pca953x: Fix pca953x_gpio_set_config (git-fixes). - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 (git-fixes). - gpio: pxa: Fix return value of pxa_gpio_probe() (git-fixes). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (git-fixes). - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type (git-fixes). - gpu: host1x: Detach driver on unregister (git-fixes). - habanalabs: Align protection bits configuration of all TPCs (git-fixes). - HID: Add quirks for Trust Panora Graphic Tablet (git-fixes). - HID: alps: Add AUI1657 device ID (git-fixes). - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead (git-fixes). - HID: i2c-hid: add Schneider SCL142ALM to descriptor override (git-fixes). - HID: i2c-hid: reset Synaptics SYNA2393 on resume (git-fixes). - HID: intel-ish-hid: avoid bogus uninitialized-variable warning (git-fixes). - HID: logitech-hidpp: avoid repeated 'multiplier = ' log messages (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (git-fixes). - HID: multitouch: enable multi-input as a quirk for some devices (git-fixes). - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock (git-fixes). - HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes). - HID: quirks: Ignore Simply Automated UPB PIM (git-fixes). - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (git-fixes). - hinic: fix a bug of ndo_stop (networking-stable-20_05_16). - hinic: fix wrong para of wait_for_completion_timeout (networking-stable-20_05_16). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (git-fixes). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (git-fixes). - hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes). - hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes). - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes). - hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes). - i2c: altera: Fix race between xfer_msg and isr thread (git-fixes). - i2c: core: check returned size of emulated smbus block read (git-fixes). - i2c: designware-pci: Add support for Elkhart Lake PSE I2C (jsc#SLE-12734). - i2c: designware-pci: Fix BUG_ON during device removal (jsc#SLE-12734). - i2c: designware-pci: Switch over to MSI interrupts (jsc#SLE-12734). - i2c: dev: Fix the race between the release of i2c_dev and cdev (git-fixes). - i2c: eg20t: Load module automatically if ID matches (git-fixes). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c: fsi: Fix the port number field in status register (git-fixes). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411). - IB/hfi1: Fix module use count flaw due to leftover module put calls (bsc#1174407). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - IB/rdmavt: Free kernel completion queue when done (bsc#1173625). - ice: Fix error return code in ice_add_prof() (jsc#SLE-7926). - ice: Fix inability to set channels when down (jsc#SLE-7926). - ieee80211: Fix incorrect mask for default PE duration (git-fixes). - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' (git-fixes). - iio: adc: stm32-adc: fix device used to request dma (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: stm32-dfsdm: fix device used to request dma (git-fixes). - iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: ti-ads8344: Fix channel selection (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Do not allow buffers without any channels enabled to be activated (git-fixes). - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak (git-fixes). - iio:chemical:sps30: Fix timestamp alignment (git-fixes). - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (git-fixes). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (git-fixes). - iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes). - iio:humidity:hts221 Fix alignment and data leak issues (git-fixes). - iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes). - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (git-fixes). - iio: pressure: bmp280: Tolerate IRQ before registering (git-fixes). - iio:pressure:ms5611 Fix buffer element alignment (git-fixes). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes). - iio: sca3000: Remove an erroneous 'get_device()' (git-fixes). - iio: vcnl4000: Fix i2c swapped word reading (git-fixes). - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() (bsc#1172223). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1172223) - ima: Directly free *entry in ima_alloc_init_template() if digests is NULL (bsc#1172223). - ima: Remove __init annotation from ima_pcrread() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: dlink-dir685-touchkeys - fix a typo in driver name (git-fixes). - Input: edt-ft5x06 - fix get_default register write access (git-fixes). - Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (git-fixes). - Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes). - Input: i8042 - add ThinkPad S230u to i8042 reset list (git-fixes). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: mms114 - add extra compatible for mms345l (git-fixes). - Input: mms114 - fix handling of mms345l (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (git-fixes). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (git-fixes). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (git-fixes). - Input: xpad - add custom init packet for Xbox One S controllers (git-fixes). - intel_th: Fix a NULL dereference when hub driver is not loaded (git-fixes). - intel_th: pci: Add Emmitsburg PCH support (git-fixes). - intel_th: pci: Add Jasper Lake CPU support (git-fixes). - intel_th: pci: Add Tiger Lake PCH-H support (git-fixes). - iocost: check active_list of all the ancestors in iocg_activate() (bsc#1173206). - iocost: over-budget forced IOs should schedule async delay (bsc#1173206). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172061). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172062). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172063). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172393). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172064). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172065). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172066). - iommu/arm-smmu-v3: Do not reserve implementation defined register space (bsc#1174126). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172394). - iommu/qcom: Fix local_base status check (bsc#1172067). - iommu/virtio: Reverse arguments to list_add (bsc#1172068). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127). - iommu/vt-d: Update scalable mode paging structure coherency (bsc#1174128). - ionic: add pcie_print_link_status (bsc#1167773). - ionic: centralize queue reset code (bsc#1167773). - ionic: export features for vlans to use (bsc#1167773). - ionic: no link check while resetting queues (bsc#1167773). - ionic: remove support for mgmt device (bsc#1167773). - ionic: tame the watchdog timer on reconfig (bsc#1167773). - ionic: update the queue count on open (bsc#1167773). - ionic: wait on queue start until after IFF_UP (bsc#1167773). - io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832). - ipmi: use vzalloc instead of kmalloc for user creation (git-fixes). - ipv4: Update fib_select_default to handle nexthop objects (networking-stable-20_04_27). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipvs: Improve robustness to the ipvs sysctl (git-fixes). - irqchip/al-fic: Add support for irq retrigger (jsc#SLE-10505). - irqchip/ti-sci-inta: Fix processing of masked irqs (git-fixes). - irqchip/versatile-fpga: Apply clear-mask earlier (git-fixes). - irqchip/versatile-fpga: Handle chained IRQs properly (git-fixes). - iwlwifi: avoid debug max amsdu config overwriting itself (git-fixes). - iwlwifi: mvm: fix aux station leak (git-fixes). - iwlwifi: mvm: limit maximum queue appropriately (git-fixes). - iwlwifi: pcie: handle QuZ configs with killer NICs as well (bsc#1172374). - ixgbe: do not check firmware errors (bsc#1170284). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: fix data races at struct journal_head (bsc#1173438). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi fix for SUNRPC-dont-update-timeout-value-on-connection-reset.patch (bsc1174263). - kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12424). - kABI: protect struct fib_dump_filter (kabi). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kABI workaround for struct hdac_bus changes (git-fixes). - keys: asymmetric: fix error return code in software_key_query() (git-fixes). - ktest: Add timeout for ssh sync testing (git-fixes). - KVM: Check validity of resolved slot when searching memslots (bsc#1172069). - KVM: nVMX: always update CR3 in VMCS (git-fixes). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libbpf: Fix perf_buffer__free() API for sparse allocs (bsc#1155518). - libceph: do not omit recovery_deletes in target_copy() (git-fixes). - libceph: ignore pool overlay and cache logic on redirects (bsc#1172938). - lib: devres: add a helper function for ioremap_uc (git-fixes). - libertas_tf: avoid a null dereference in pointer priv (git-fixes). - lib/lzo: fix ambiguous encoding bug in lzo-rle (git-fixes). - libnvdimm/btt: fix variable 'rc' set but not used (bsc#1162400). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm: cover up nd_region changes (bsc#1162400). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/namespace: Enforce memremap_compat_align() (bsc#1162400). - libnvdimm/namsepace: Do not set claim_class on error (bsc#1162400). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm: Out of bounds read in __nd_ioctl() (bsc#1065729). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Fix build error (bsc#1162400). - libnvdimm/region: Introduce an 'align' attribute (bsc#1162400). - libnvdimm/region: Introduce NDD_LABELING (bsc#1162400). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (bsc#1174331). - lib: Uplevel the pmem 'region' ida to a global allocator (bc#1162400). - list: Add hlist_unhashed_lockless() (bsc#1173438). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locktorture: Allow CPU-hotplug to be disabled via --bootargs (bsc#1173068). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1171530). - lpfc: fix axchg pointer reference after free and double frees (bsc#1171530). - lpfc: Fix pointer checks and comments in LS receive refactoring (bsc#1171530). - lpfc: Fix return value in __lpfc_nvme_ls_abort (bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: mesh: fix discovery timer re-arming issue / crash (git-fixes). - mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() (git-fixes). - Make the 'Reducing compressed framebufer size' message be DRM_INFO_ONCE() (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: cedrus: Program output format during each run (git-fixes). - media: dvbdev: Fix tuner->demod media controller link (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (git-fixes). - media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776). - media: dvbsky: add support for Mygica T230C v2 (bsc#1173776). - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling (git-fixes). - media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - media: ov5640: fix use of destroyed mutex (git-fixes). - media: platform: fcp: Set appropriate DMA parameters (git-fixes). - media: Revert 'staging: imgu: Address a compiler warning on alignment' (git-fixes). - media: si2157: Better check for running tuner in init (git-fixes). - media: si2168: add support for Mygica T230C v2 (bsc#1173776). - media: staging: imgu: do not hold spinlock during freeing mmu page table (git-fixes). - media: staging/intel-ipu3: Implement lock for stream on/off operations (git-fixes). - media: staging: ipu3: Fix stale list entries on parameter queue failure (git-fixes). - media: staging: ipu3-imgu: Move alignment attribute to field (git-fixes). - media: vicodec: Fix error codes in probe function (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: release me_cl object reference (git-fixes). - mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602). - mfd: intel-lpss: Add Intel Tiger Lake PCI IDs (jsc#SLE-12737). - mfd: intel-lpss: Use devm_ioremap_uc for MMIO (git-fixes). - mfd: stmfx: Fix stmfx_irq_init error path (git-fixes). - mfd: stmfx: Reset chip on resume as supply was disabled (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - misc: fastrpc: fix potential fastrpc_invoke_ctx leak (git-fixes). - misc: rtsx: Add short delay after exit from ASPM (git-fixes). - mlxsw: core: Use different get_trend() callbacks for different thermal zones (networking-stable-20_06_10). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mm: adjust vm_committed_as_batch according to vm overcommit policy (bnc#1173271). - mmc: block: Fix use-after-free issue for rpmb (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE (git-fixes). - mmc: fix compilation of user API (git-fixes). - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed (git-fixes). - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error (git-fixes). - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (git-fixes). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (git-fixes). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (git-fixes). - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() (git-fixes). - mmc: tmio: Further fixup runtime PM management at remove (git-fixes). - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() (git-fixes). - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core (git-fixes). - mm: do not prepare anon_vma if vma has VM_WIPEONFORK (bsc#1169681). - mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844). - mm: memcontrol: fix memory.low proportional distribution (bsc#1168230). - mm/memory_hotplug: refrain from adding memory into an impossible node (bsc#1173552). - mm/memremap: drop unused SECTION_SIZE and SECTION_MASK (bsc#1162400 bsc#1170895 ltc#184375 ltc#185686). - mm/memremap_pages: Introduce memremap_compat_align() (bsc#1162400). - mm/memremap_pages: Kill unused __devm_memremap_pages() (bsc#1162400). - mm/mmap.c: close race between munmap() and expand_upwards()/downwards() (bsc#1174527). - mm/util.c: make vm_memory_committed() more accurate (bnc#1173271). - move unsortable patch out of sorted section patches.suse/revert-zram-convert-remaining-class_attr-to-class_attr_ro - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter (git-fixes). - mtd: Fix mtd not registered due to nvmem name collision (git-fixes). - mtd: rawnand: brcmnand: correctly verify erased pages (git-fixes). - mtd: rawnand: brcmnand: fix CS0 layout (git-fixes). - mtd: rawnand: brcmnand: fix hamming oob layout (git-fixes). - mtd: rawnand: diskonchip: Fix the probe error path (git-fixes). - mtd: rawnand: Fix nand_gpio_waitrdy() (git-fixes). - mtd: rawnand: ingenic: Fix the probe error path (git-fixes). - mtd: rawnand: marvell: Fix probe error path (git-fixes). - mtd: rawnand: marvell: Fix the condition on a return code (git-fixes). - mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered (git-fixes). - mtd: rawnand: mtk: Fix the probe error path (git-fixes). - mtd: rawnand: onfi: Fix redundancy detection check (git-fixes). - mtd: rawnand: orion: Fix the probe error path (git-fixes). - mtd: rawnand: oxnas: Keep track of registered devices (git-fixes). - mtd: rawnand: oxnas: Release all devices in the _remove() path (git-fixes). - mtd: rawnand: pasemi: Fix the probe error path (git-fixes). - mtd: rawnand: plat_nand: Fix the probe error path (git-fixes). - mtd: rawnand: sharpsl: Fix the probe error path (git-fixes). - mtd: rawnand: socrates: Fix the probe error path (git-fixes). - mtd: rawnand: sunxi: Fix the probe error path (git-fixes). - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings (git-fixes). - mtd: rawnand: tmio: Fix the probe error path (git-fixes). - mtd: rawnand: xway: Fix the probe error path (git-fixes). - mtd: spinand: Propagate ECC information to the MTD structure (git-fixes). - mtd: spi-nor: intel-spi: Add support for Intel Tiger Lake SPI serial flash (jsc#SLE-12737). - mvpp2: remove module bugfix (bsc#1154353). - mwifiex: avoid -Wstringop-overflow warning (git-fixes). - mwifiex: Fix memory corruption in dump_station (git-fixes). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824). - nbd: Fix memory leak in nbd_add_socket (git-fixes). - neigh: send protocol value in neighbor create notification (networking-stable-20_05_12). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702). - net: do not return invalid table id error when we fall back to PF_UNSPEC (networking-stable-20_05_27). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: declare lockless TX feature for slave ports (bsc#1154353). - net: dsa: Do not leave DSA master with NULL netdev_ops (networking-stable-20_05_12). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode (networking-stable-20_04_17). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1154492). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1154492). - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend (networking-stable-20_05_27). - net_failover: fixed rollback in net_failover_open() (networking-stable-20_06_10). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c (bsc#1171857). - netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c (bsc#1171857). - netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions (git-fixes). - netfilter: nft_tproxy: Fix port selector on Big Endian (git-fixes). - netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy (git-fixes). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: fsl/fman: treat all RGMII modes in memac_adjust_link() (bsc#1174398). - net: hns3: check reset pending after FLR prepare (bsc#1154353). - __netif_receive_skb_core: pass skb by reference (networking-stable-20_05_27). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() (bsc#1154353). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: macb: call pm_runtime_put_sync on failure path (git-fixes). - net: macb: fix an issue about leak related system resources (networking-stable-20_05_12). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Disable reload while removing the device (jsc#SLE-8464). - net/mlx5: drain health workqueue in case of driver load error (networking-stable-20_06_16). - net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464). - net/mlx5e: Add missing release firmware call (networking-stable-20_04_17). - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash (jsc#SLE-8464). - net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27). - net/mlx5e: Fix pfnum in devlink port attribute (networking-stable-20_04_17). - net/mlx5e: Fix repeated XSK usage on one channel (networking-stable-20_06_16). - net/mlx5e: Fix stats update for matchall classifier (jsc#SLE-8464). - net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#SLE-8464). - net/mlx5e: kTLS, Destroy key object after destroying the TIS (networking-stable-20_05_27). - net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta() (jsc#SLE-8464). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix cleaning unmanaged flow tables (jsc#SLE-8464). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (bsc#1172365). - net/mlx5: Fix error flow in case of function_setup failure (networking-stable-20_05_27). - net/mlx5: Fix fatal error handling during device load (networking-stable-20_06_16). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net/mlx5: Fix frequent ioread PCI access during recovery (networking-stable-20_04_17). - net/mlx5: Fix memory leak in mlx5_events_init (networking-stable-20_05_27). - net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del() (networking-stable-20_05_12). - net: mvpp2: fix RX hashing for non-10G ports (networking-stable-20_05_27). - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx() (networking-stable-20_05_12). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27). - net: openvswitch: ovs_ct_exit to be done under ovs_lock (networking-stable-20_04_27). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: propagate an error back to the callers of phy_sfp_probe (bsc#1154353). - net: phy: realtek: add support for configuring the RX delay on RTL8211F (bsc#1174398). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: qrtr: send msgs from local of same id as broadcast (networking-stable-20_04_17). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (bnc#1158748 (network regression)). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (networking-stable-20_05_12). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069). - net: stmmac: do not attach interface until resume finishes (bsc#1174072). - net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072). - net: stmmac: dwc-qos: use generic device api (bsc#1174072). - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a (networking-stable-20_06_07). - net: stmmac: fix num_por initialization (networking-stable-20_05_16). - net: stmmac: platform: fix probe for ACPI devices (bsc#1174072). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net: tc35815: Fix phydev supported/advertising mask (networking-stable-20_05_12). - net: tcp: fix rx timestamp behavior for tcp_recvmsg (networking-stable-20_05_16). - net/tls: fix encryption error checking (git-fixes). - net/tls: fix race condition causing kernel panic (networking-stable-20_05_27). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net/tls: free record only on encryption error (git-fixes). - net: tun: record RX queue in skb before do_xdp_generic() (networking-stable-20_04_17). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nexthop: Fix attribute checking for groups (networking-stable-20_05_27). - NFC: st21nfca: add missed kfree_skb() in an error path (git-fixes). - nfp: abm: fix a memory leak bug (networking-stable-20_05_12). - nfp: abm: fix error return code in nfp_abm_vnic_alloc() (networking-stable-20_05_16). - nfp: flower: fix used time of merge flow statistics (networking-stable-20_06_07). - nfs: add minor version to nfs_server_key for fscache (bsc#1172467). - nfsd4: fix nfsdfs reference count loop (git-fixes). - nfsd4: make drc_slab global, not per-net (git-fixes). - nfsd: always check return value of find_any_file (bsc#1172208). - nfsd: apply umask on fs without ACL support (git-fixes). - nfsd: fix nfsdfs inode reference count leak (git-fixes). - NFS: Fix fscache super_cookie index_key from changing after umount (git-fixes). - NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bsc#1174264). - nfs: fix NULL deference in nfs4_get_valid_delegation. - nfs: fscache: use timespec64 in inode auxdata (git-fixes). - nfs: set invalid blocks after NFSv4 writes (git-fixes). - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION (git-fixes). - NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes). - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included (git-fixes). - ntb: intel: add hw workaround for NTB BAR alignment (jsc#SLE-12710). - ntb: intel: Add Icelake (gen4) support for Intel NTB (jsc#SLE-12710). - ntb: intel: fix static declaration (jsc#SLE-12710). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme-fc: avoid gcc-10 zero-length-bounds warning (bsc#1173206). - nvme-fc: do not call nvme_cleanup_cmd() for AENs (bsc#1171688). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Allow no-op CFI ops in alternatives (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix !CFI insn_state propagation (bsc#1169514). - objtool: Fix ORC vs alternatives (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Remove check preventing branches within alternative (bsc#1169514). - objtool: Rename struct cfi_state (bsc#1169514). - objtool: Uniquely identify alternative instruction groups (bsc#1169514). - ovl: inode reference leak in ovl_is_inuse true case (git-fixes). - p54usb: add AirVasT USB stick device-id (git-fixes). - padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes). - padata: kABI fixup for struct padata_instance splitting nodes (git-fixes). - panic: do not print uninitialized taint_flags (bsc#1172814). - PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). - PCI: Add Loongson vendor ID (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (git-fixes). - PCI: amlogic: meson: Do not use FAST_LINK_MODE to set up link (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes). - PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513). - pcie: mobiveil: remove patchset v9 Prepare to backport upstream version. - PCI: Fix pci_register_host_bridge() device_register() error handling (git-fixes). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172871). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871). - PCI: hv: Introduce hv_msi_entry (bsc#1172871). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (bsc#1161495). - PCI: mobiveil: Add callback function for interrupt initialization (bsc#1161495). - PCI: mobiveil: Add callback function for link up check (bsc#1161495). - PCI: mobiveil: Add Header Type field check (bsc#1161495). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (bsc#1161495). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (bsc#1161495). - PCI: mobiveil: Collect the interrupt related operations into a function (bsc#1161495). - PCI: mobiveil: Fix sparse different address space warnings (bsc#1161495). - PCI: mobiveil: Fix unmet dependency warning for PCIE_MOBIVEIL_PLAT (bsc#1161495). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (bsc#1161495). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (bsc#1161495). - PCI: mobiveil: Move the host initialization into a function (bsc#1161495). - PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes). - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (git-fixes). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths (git-fixes). - PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes). - PCI: vmd: Filter resource type bits from shadow register (git-fixes). - pcm_native: result of put_user() needs to be checked (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1174332). - perf/core: Fix endless multiplex timer (git-fixes). - perf/core: fix parent pid/tid in task exit events (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (git-fixes). - pinctrl: intel: Add Intel Tiger Lake pin controller support (jsc#SLE-12737). - pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2 (git-fixes). - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes). - pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries (git-fixes). - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 (git-fixes). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (git-fixes). - pinctrl: sprd: Fix the incorrect pull-up definition (git-fixes). - pinctrl: stmfx: stmfx_pinconf_set does not require to get direction anymore (git-fixes). - pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes). - pinctrl: tigerlake: Tiger Lake uses _HID enumeration (jsc#SLE-12737). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (git-fixes). - platform/x86: asus_wmi: Reserve more space for struct bias_args (git-fixes). - platform/x86: dell-laptop: do not register micmute LED if there is no token (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (git-fixes). - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) (git-fixes). - platform/x86: intel-vbtn: Also handle tablet-mode switch on 'Detachable' and 'Portable' chassis-types (git-fixes). - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there (git-fixes). - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / 'Laptop' chasis-type (git-fixes). - platform/x86: intel-vbtn: Split keymap into buttons and switches parts (git-fixes). - platform/x86: intel-vbtn: Use acpi_evaluate_integer() (git-fixes). - platform/x86: ISST: Increase timeout (bsc#1174185). - PM: runtime: clk: Fix clk_pm_runtime_get() error path (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git-fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s/exception: Fix machine check no-loss idle wakeup (bsc#1156395). - powerpc/64s/kuap: Restore AMR in system reset exception (bsc#1156395). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again (bsc#1172344). - powerpc/fadump: Account for memory_limit while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: consider reserved ranges while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/fadump: use static allocation for reserved memory ranges (jsc#SLE-9099 git-fixes). - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes). - powerpc/kuap: PPC_KUAP_DEBUG should depend on PPC_KUAP (bsc#1156395). - powerpc/powernv: Fix a warning message (bsc#1156395). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: reset: qcom-pon: reg write mask depends on pon generation (git-fixes). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (git-fixes). - power: supply: core: fix HWMON temperature labels (git-fixes). - power: supply: core: fix memory leak in HWMON error path (git-fixes). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (git-fixes). - power: supply: smb347-charger: IRQSTAT_D is volatile (git-fixes). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready (bsc#1172095). - proc/meminfo: avoid open coded reading of vm_committed_as (bnc#1173271). - proc: Use new_inode not new_inode_pseudo (bsc#1173830). - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case (git-fixes). - pwm: sun4i: Move pwm_calculate() out of spin_lock() (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (git-fixes). - r8169: Revive default chip version for r8168 (bsc#1173085). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - random: fix data races at timer_rand_state (bsc#1173438). - rcu: Avoid data-race in rcu_gp_fqs_check_wake() (bsc#1171828). - rcu: Fix data-race due to atomic_t copy-by-value (bsc#1171828). - rcu: Make rcu_read_unlock_special() checks match raise_softirq_irqoff() (bsc#1172046). - rcu: Simplify rcu_read_unlock_special() deferred wakeups (bsc#1172046). - rcutorture: Add 100-CPU configuration (bsc#1173068). - rcutorture: Add worst-case call_rcu() forward-progress results (bsc#1173068). - rcutorture: Dispense with Dracut for initrd creation (bsc#1173068). - rcutorture: Make kvm-find-errors.sh abort on bad directory (bsc#1173068). - rcutorture: Remove CONFIG_HOTPLUG_CPU=n from scenarios (bsc#1173068). - rcutorture: Summarize summary of build and run results (bsc#1173068). - rcutorture: Test TREE03 with the threadirqs kernel boot parameter (bsc#1173068). - rcu: Use *_ONCE() to protect lockless ->expmask accesses (bsc#1171828). - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls (bsc#1173438). - RDMA/bnxt_re: Remove dead code from rcfw (bsc#1170774). - RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449). - RDMA/core: Move and rename trace_cm_id_create() (jsc#SLE-8449). - RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (jsc#SLE-8446). - RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET (bsc#1172841). - RDMA/srpt: Fix disabling device management (jsc#SLE-8449). - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (jsc#SLE-8449). - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes). - regmap: fix alignment issue (git-fixes). - regmap: Fix memory leak from regmap_register_patch (git-fixes). - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes). - remoteproc: Add missing '\n' in log messages (git-fixes). - remoteproc: Fall back to using parent memory pool if no dedicated available (git-fixes). - remoteproc: Fix and restore the parenting hierarchy for vdev (git-fixes). - remoteproc: Fix IDR initialisation in rproc_alloc() (git-fixes). - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use (git-fixes). - Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (git-fixes). - Revert 'drm/amd/display: disable dcn20 abm feature for bring up' (git-fixes). - Revert 'i2c: tegra: Fix suspending in active runtime PM state' (git-fixes). - Revert 'pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'' (git-fixes). - Revert 'thermal: mediatek: fix register index error' (git-fixes). - ring-buffer: Zero out time extend if it is nested and not absolute (git-fixes). - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/modules.fips: add aes-ce-ccm, des3_ede-x86_64, aes_ti and aes_neon_bs - rtc: mc13xxx: fix a double-unlock issue (git-fixes). - rtc: rv3028: Add missed check for devm_regmap_init_i2c() (git-fixes). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (git-fixes). - rtw88: fix an issue about leak system resources (git-fixes). - rxrpc: Fix call RCU cleanup using non-bh-safe locks (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194, LTC#185911). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes). - s390/pci: Fix s390_mmio_read/write with MIO (git-fixes). - s390/pci: Log new handle in clp_disable_fh() (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sched/cfs: change initial value of runnable_avg (bsc#1158765). - sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1172823). - sched/core: Fix PI boosting between RT and DEADLINE tasks (git fixes (sched)). - sched/core: Fix ttwu() race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: s/WF_ON_RQ/WQ_ON_CPU/ (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cpuacct: Fix charge cpuacct.usage_sys (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/deadline: Initialize ->dl_boosted (bsc#1172823). - sched/deadline: Initialize ->dl_boosted (git fixes (sched)). - sched: etf: do not assume all sockets are full blown (networking-stable-20_04_27). - sched/fair: find_idlest_group(): Remove unused sd_flag parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Fix enqueue_task_fair() warning some more (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix nohz next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize dequeue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize enqueue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Simplify the code of should_we_balance() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix race against ptrace_freeze_trace() (bsc#1174345). - sched: Make newidle_balance() static again (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Offload wakee task activation if it the wakee is descheduling (bnc#1158748, bnc#1159781). - sched: Optimize ttwu() spinning on p->on_cpu (bnc#1158748, bnc#1159781). - sched/pelt: Sync util/runnable_sum with PELT window when propagating (bnc#1155798 (CPU scheduler functional and performance backports)). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: libfc: free response frame from GPN_ID (bsc#1173849). - scsi: libfc: Handling of extra kref (bsc#1173849). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1173849). - scsi: libfc: Skip additional kref updating work event (bsc#1173849). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1171530). - scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1171530). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1171530). - scsi: lpfc: remove duplicate unloading checks (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530). - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (bsc#1173206). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: sd_zbc: Fix sd_zbc_complete() (bsc#1173206). - scsi: smartpqi: Update attribute name to `driver_version` (bsc#1173206). - scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes). - scsi: zfcp: add diagnostics buffer for exchange config data (bsc#1158050). - scsi: zfcp: auto variables for dereferenced structs in open port handler (bsc#1158050). - scsi: zfcp: diagnostics buffer caching and use for exchange port data (bsc#1158050). - scsi: zfcp: enhance handling of FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: expose fabric name as common fc_host sysfs attribute (bsc#1158050). - scsi: zfcp: Fence adapter status propagation for common statuses (bsc#1158050). - scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (bsc#1158050). - scsi: zfcp: Fence fc_host updates during link-down handling (bsc#1158050). - scsi: zfcp: fix fc_host attributes that should be unknown on local link down (bsc#1158050). - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (git-fixes). - scsi: zfcp: fix wrong data and display format of SFP+ temperature (bsc#1158050). - scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: introduce sysfs interface for diagnostics of local SFP transceiver (bsc#1158050). - scsi: zfcp: introduce sysfs interface to read the local B2B-Credit (bsc#1158050). - scsi: zfcp: log FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: log FC Endpoint Security of connections (bsc#1158050). - scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (bsc#1158050). - scsi: zfcp: Move fc_host updates during xport data handling into fenced function (bsc#1158050). - scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter variable (bsc#1158050). - scsi: zfcp: Move p-t-p port allocation to after xport data (bsc#1158050). - scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (bsc#1158050). - scsi: zfcp: Move shost updates during xconfig data handling into fenced function (bsc#1158050). - scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act (bsc#1158050). - scsi: zfcp: report FC Endpoint Security in sysfs (bsc#1158050). - scsi: zfcp: signal incomplete or error for sync exchange config/port data (bsc#1158050). - scsi: zfcp: support retrieval of SFP Data via Exchange Port Data (bsc#1158050). - scsi: zfcp: trace FC Endpoint Security of FCP devices and connections (bsc#1158050). - scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (bsc#1158050). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o (bsc#1155518). - selftests/bpf: CONFIG_LIRC required for test_lirc_mode2.sh (bsc#1155518). - selftests/bpf: Fix invalid memory reads in core_relo selftest (bsc#1155518). - selftests/bpf: Fix memory leak in extract_build_id() (bsc#1155518). - selftests/bpf, flow_dissector: Close TAP device FD after the test (bsc#1155518). - selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518). - selftests/net: in rxtimestamp getopt_long needs terminating null entry (networking-stable-20_06_16). - selftests/timens: handle a case when alarm clocks are not supported (bsc#1164648,jsc#SLE-11493). - selinux: fall back to ref-walk if audit is required (bsc#1174333). - selinux: revert 'stop passing MAY_NOT_BLOCK to the AVC upon follow_link' (bsc#1174333). - serial: 8250: Fix max baud limit in generic 8250 port (git-fixes). - serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941). - signal: Avoid corrupting si_pid and si_uid in do_notify_parent (bsc#1171529). - slimbus: core: Fix mismatch in of_node_get/put (git-fixes). - slimbus: ngd: get drvdata from correct device (git-fixes). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - socionext: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - soc: mediatek: cmdq: return send msg error code (git-fixes). - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner (git-fixes). - soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data (git-fixes). - soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request (git-fixes). - soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS (git-fixes). - soc: qcom: rpmh: Update dirty flag only when data changes (git-fixes). - soc/tegra: pmc: Select GENERIC_PINCONF (git-fixes). - soundwire: intel: fix memory leak with devm_kasprintf (git-fixes). - spi: bcm2835aux: Fix controller unregister order (git-fixes). - spi: bcm2835: Fix controller unregister order (git-fixes). - spi: bcm-qspi: Handle clock probe deferral (git-fixes). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (git-fixes). - SPI: designware: pci: Switch over to MSI interrupts (jsc#SLE-12735). - spi: dt-bindings: spi-controller: Fix #address-cells for slave mode (git-fixes). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix controller unregister order (git-fixes). - spi: dw: Fix native CS being unset (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw-pci: Add MODULE_DEVICE_TABLE (jsc#SLE-12735). - spi: dw-pci: Add runtime power management support (jsc#SLE-12735). - spi: dw-pci: Add support for Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw-pci: Fix Chip Select amount on Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: dw: use 'smp_mb()' to avoid sending spi data error (git-fixes). - spi: dw: Zero DMA Tx and Rx configurations on stack (git-fixes). - spi: Fix controller unregister order (git-fixes). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes). - spi: pxa2xx: Fix controller unregister order (git-fixes). - spi: pxa2xx: Fix runtime PM ref imbalance on probe error (git-fixes). - spi: Respect DataBitLength field of SpiSerialBusV2() ACPI resource (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: spidev: fix a race between spidev_release and spidev_remove (git-fixes). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (git-fixes). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (git-fixes). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (git-fixes). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (git-fixes). - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH (git-fixes). - staging: comedi: verify array index is correct before using it (git-fixes). - staging: iio: ad2s1210: Fix SPI reading (git-fixes). - staging: kpc2000: fix error return code in kp2000_pcie_probe() (git-fixes). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging: sm750fb: add missing case while setting FB_VISUAL (git-fixes). - sun6i: dsi: fix gcc-4.8 (bsc#1152489) - SUNRPC dont update timeout value on connection reset (bsc#1174263). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - SUNRPC: Signalled ASYNC tasks need to exit (git-fixes). - supported.conf: Add pinctrl-tigerlake as supported - supported.conf: Mark two hwtracing helper modules as externally supported (bsc#1170879) - svcrdma: Fix leak of svc_rdma_recv_ctxt objects (git-fixes). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: fix error recovery in tcp_zerocopy_receive() (networking-stable-20_05_16). - tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16). - tcp: md5: allow changing MD5 keys in all socket states (git-fixes). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - thermal/drivers: imx: Fix missing of_node_put() at probe time (git-fixes). - thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes). - thermal/drivers/rcar_gen3: Fix undefined temperature if negative (git-fixes). - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes). - thermal: int3403_thermal: Downgrade error message (git-fixes). - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (jsc#SLE-12668). - tick/sched: Annotate lockless access to last_jiffies_update (bsc#1173438). - timer: Use hlist_unhashed_lockless() in timer_pending() (bsc#1173438). - tipc: block BH before using dst_cache (networking-stable-20_05_27). - tipc: fix partial topology connection closure (networking-stable-20_05_12). - torture: Allow 'CFLIST' to specify default list of scenarios (bsc#1173068). - torture: Expand last_ts variable in kvm-test-1-run.sh (bsc#1173068). - torture: Handle jitter for CPUs that cannot be offlined (bsc#1173068). - torture: Handle systems lacking the mpstat command (bsc#1173068). - torture: Hoist calls to lscpu to higher-level kvm.sh script (bsc#1173068). - torture: Make results-directory date format completion-friendly (bsc#1173068). - torture: Use gawk instead of awk for systime() function (bsc#1173068). - tpm: Fix TIS locality timeout problems (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (git-fixes). - tpm_tis: Remove the HID IFX0102 (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (git-fixes). - tty: n_gsm: Fix SOF skipping (git-fixes). - tty: n_gsm: Fix waking up upper tty layer when room available (git-fixes). - tty: serial: add missing spin_lock_init for SiFive serial console (git-fixes). - tun: correct header offsets in napi frags mode (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827). - ubifs: remove broken lazytime support (bsc#1173826). - udp: Copy has_conns in reuseport_grow() (git-fixes). - udp: Improve load balancing for SO_REUSEPORT (git-fixes). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes). - usb: chipidea: core: add wakeup support for extcon (git-fixes). - USB: core: Fix misleading driver bug report (git-fixes). - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B (git-fixes). - usb: dwc2: Fix shutdown callback in platform (git-fixes). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: dwc3: pci: Enable extcon driver for Intel Merrifield (git-fixes). - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work (git-fixes). - usb/ehci-platform: Set PM runtime as active on resume (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: fix illegal array access in binding with UDC (git-fixes). - usb: gadget: Fix issue with config_ep_by_speed function (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (git-fixes). - usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes). - usb: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - usb: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - usb: gadget: legacy: fix redundant initialization warnings (git-fixes). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (git-fixes). - usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (git-fixes). - usb: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (git-fixes). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (git-fixes). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (git-fixes). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (git-fixes). - usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes). - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - usb: host: xhci-plat: keep runtime active when removing host (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usb: musb: Fix runtime PM imbalance on error (git-fixes). - usb: musb: start session in resume for host port (git-fixes). - usbnet: smsc95xx: Fix use-after-free after removal (git-fixes). - usb/ohci-platform: Fix a warning when hibernating (git-fixes). - USB: ohci-sm501: Add missed iounmap() in remove (git-fixes). - USB: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe() (git-fixes). - usb: renesas_usbhs: getting residue from callback_result (git-fixes). - USB: serial: ch341: add basis for quirk detection (git-fixes). - USB: serial: ch341: add new Product ID for CH340 (git-fixes). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes). - USB: serial: iuu_phoenix: fix memory corruption (git-fixes). - USB: serial: option: add GosunCn GM500 series (git-fixes). - USB: serial: option: add Quectel EG95 LTE modem (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs (git-fixes). - usb: usbfs: correct kernel->user page attribute mismatch (git-fixes). - USB: usbfs: fix mmap dma mismatch (git-fixes). - usb/xhci-plat: Set PM runtime as active on resume (git-fixes). - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages (git-fixes). - vfio: Ignore -ENODEV when getting MSI cookie (git-fixes). - vfio/mdev: Fix reference count leak in add_mdev_supported_type (git-fixes). - vfio/pci: fix memory leaks in alloc_perm_bits() (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129). - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (git-fixes). - video: fbdev: w100fb: Fix a potential double free (git-fixes). - video: vt8500lcdfb: fix fallthrough warning (bsc#1152489) - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - virt: vbox: Fix guest capabilities mask check (git-fixes). - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vrf: Fix IPv6 with qdisc and xfrm (networking-stable-20_04_27). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vsprintf: do not obfuscate NULL and error pointers (bsc#1172086). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - vxlan: use the correct nlattr array in NL_SET_ERR_MSG_ATTR (networking-stable-20_04_27). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: imx_sc_wdt: Fix reboot on crash (git-fixes). - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (git-fixes). - wil6210: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - wil6210: add wil_netif_rx() helper function (bsc#1154353). - wil6210: use after free in wil_netif_rx_any() (bsc#1154353). - wireguard: device: avoid circular netns references (git-fixes). - wireguard: noise: do not assign initiation time in if condition (git-fixes). - wireguard: noise: read preshared key while taking lock (bsc#1169021 jsc#SLE-12250). - wireguard: noise: separate receive counter from send counter (bsc#1169021 jsc#SLE-12250). - wireguard: queueing: preserve flow hash across packet scrubbing (bsc#1169021 jsc#SLE-12250). - wireguard: receive: account for napi_gro_receive never returning GRO_DROP (git-fixes). - wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning (git-fixes). - wireguard: selftests: use newer iproute2 for gcc-10 (bsc#1169021 jsc#SLE-12250). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (git-fixes). - workqueue: Remove the warning in wq_worker_sleeping() (git-fixes). - x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1152489). - x86: Fix early boot crash on gcc-10, third try (bsc#1152489). - x86/mm/cpa: Flush direct map alias during cpa (bsc#1152489). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (git-fixes). - x86/resctrl: Fix invalid attempt at removing the default resource group (bsc#1152489). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1152489). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes (block drivers)). - xfs: clean up the error handling in xfs_swap_extents (git-fixes). - xfs: do not commit sunit/swidth updates to disk if that would cause repair failures (bsc#1172169). - xfs: do not fail unwritten extent conversion on writeback due to edquot (bsc#1158242). - xfs: fix duplicate verification from xfs_qm_dqflush() (git-fixes). - xfs: force writes to delalloc regions to unwritten (bsc#1158242). - xfs: measure all contiguous previous extents for prealloc size (bsc#1158242). - xfs: preserve default grace interval during quotacheck (bsc#1172170). - xfs: refactor agfl length computation function (bsc#1172169). - xfs: split the sunit parameter update into two parts (bsc#1172169). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xhci: Poll for U0 after disabling USB2 LPM (git-fixes). - xhci: Return if xHCI does not support LPM (git-fixes). - xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes). - workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2160-1 Released: Thu Aug 6 20:05:42 2020 Summary: Security update for xen Type: security Severity: important References: 1172356,1174543 This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2182-1 Released: Mon Aug 10 11:39:48 2020 Summary: Recommended update for open-lldp Type: recommended Severity: moderate References: 1153520,1170745,1171284 This update for open-lldp fixes the following issues: - Fix for a segementation fault, when agents change their MAC address (bsc#1171284) - lldapd will now transmit the permanent MAC address (the MAC address of the underlying physical device) as port id, thus allowing the switch or any management application to differentiate between those ports. (bsc#1153520) - Fix for a segmentation fault, when lldapd registers an interface and it gets shortly removed afterwards. (bsc#1170745) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2219-1 Released: Wed Aug 12 15:47:42 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Type: recommended Severity: moderate References: 1170475,1170476,1173238,1173240,1173357,1174618,1174847 This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2224-1 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1171878,1172085 This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2244-1 Released: Fri Aug 14 15:27:35 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174782,1175036,1175060 This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2256-1 Released: Mon Aug 17 15:08:46 2020 Summary: Recommended update for sysfsutils Type: recommended Severity: moderate References: 1155305 This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2277-1 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Type: security Severity: moderate References: 1174091,CVE-2019-20907 This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2278-1 Released: Wed Aug 19 21:26:08 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1149911,1151708,1168235,1168389 This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2296-1 Released: Mon Aug 24 10:34:37 2020 Summary: Security update for gettext-runtime Type: security Severity: moderate References: 1106843,1113719,941629,CVE-2018-18751 This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2306-1 Released: Tue Aug 25 14:48:17 2020 Summary: Security update for grub2 Type: security Severity: important References: 1172745,1174421,CVE-2020-15705 This update for grub2 fixes the following issue: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2335-1 Released: Wed Aug 26 11:47:28 2020 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1174320 This update for perl-Bootloader fixes the following issues: Update from version 0.928 to version 0.931 - The *grub2* module directory has been moved to */usr/share/grub2*, the *tpm.mod* is now checked there. (bsc#1174320) - Reduce the number of warning about fstab. - Do not warn about missing *SECURE_BOOT* sysconfig on systems with a minimalistic */etc/sysconfig/bootloader*. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2380-1 Released: Fri Aug 28 14:54:08 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1175250,1175251 This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2386-1 Released: Sat Aug 29 01:21:01 2020 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1172810 This update for samba fixes the following issues: - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2396-1 Released: Mon Aug 31 17:27:13 2020 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: This update for open-iscsi fixes the following issues: Upgrade to upstream version 2.1.2 as 2.1.2-suse (jsc#SES-1081) - Use openssl for random data generation - Misspelled socket name might cause confusion to inexperienced user. - Let initiator name be created by iscsi-init.service. - iscsi: fix fd leak - Fix a compiler issue about string copy in iscsiuio - Fix a compiler issue about writing one byte - Fix issue with zero-length arrays at end of struct - Add *iscsi-init.service* Note that the '*iscsi-init.service*' adds a new systemd service called '*iscsi-init*', that creates the iSCSI initiator name file */etc/iscsi/initiatorname.iscsi*, if and only if it does not exist. - Proper disconnect of TCP connection - Fix SIGPIPE loop in signal handler - Update iscsi-iname.c - log:modify iSCSI shared memory permissions for logs - Sequence systemd services correctly when upgrading - Ignore iface.example in iface match checks - Fix type mismatch under musl. - Add Wants=remote-fs-pre.target for sequencing. - Fix issue where 'iscsi-iname -p' core dumps. - iscsi-iname: fix iscsi-iname -p access NULL pointer without given IQN prefix - Fix iscsi.service so it handles restarts better ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2425-1 Released: Tue Sep 1 13:54:05 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1174260 This update for nfs-utils fixes the following issues: - Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2441-1 Released: Tue Sep 1 22:16:10 2020 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1154063 This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2451-1 Released: Wed Sep 2 12:30:38 2020 Summary: Recommended update for dracut Type: recommended Severity: important References: 1167494,996146 This update for dracut fixes the following issues: Update from version 049.1+suse.152.g8506e86f to version 049.1+suse.156.g7d852636: - net-lib.sh: support infiniband network mac addresses (bsc#996146) - 95nfs: use ip_params_for_remote_addr() (bsc#1167494) - 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) - dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2457-1 Released: Wed Sep 2 15:29:51 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174567,1175766 This update for grub2 fixes the following issues: - The GRUB_VERIFY_FLAGS_DEFER_AUTH is enabled regardless secure boot status (bsc#1175766) A secure boot status check has been added before requesting other verifiers to verify external module, therefore external module loading can work after shim_lock module is loaded and secure boot turned off. - Make consistent check to enable relative path on btrfs (bsc#1174567) This fix unified the test in grub-install and grub-mkconfig. The path to default or selected btrfs subvolume/snapshot is used if the root file system is btrfs and the config has enabled btrfs snapshot booting. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2458-1 Released: Wed Sep 2 15:44:30 2020 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 927831 This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2486-1 Released: Thu Sep 3 20:15:36 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065600,1065729,1071995,1085030,1120163,1133021,1149032,1152472,1152489,1153274,1154353,1154488,1154492,1155518,1156395,1159058,1160634,1167773,1169790,1171634,1171688,1172108,1172197,1172247,1172418,1172871,1172963,1173468,1173485,1173798,1173813,1173954,1174002,1174003,1174026,1174205,1174247,1174362,1174387,1174484,1174625,1174645,1174689,1174699,1174737,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175493,1175546,1175550,1175654,1175691,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175834,1175873,CVE-2020-14314,CVE-2020-1 4331,CVE-2020-14356,CVE-2020-16166 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in ext4 (bsc#1173798). - CVE-2020-14331: Fixed a missing check in scrollback handling (bsc#1174205 bsc#1174247). - CVE-2020-14356: Fixed a NULL pointer dereference in the cgroupv2 subsystem (bsc#1175213). - CVE-2020-16166: Fixed an information leak in the network RNG (bsc#1174757). The following non-security bugs were fixed: - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: atmel: Remove invalid 'fall through' comments (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (git-fixes). - ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes). - ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes). - ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes). - ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes). - ALSA: echoaudio: Race conditions around 'opencount' (git-fixes). - ALSA: echoaudio: re-enable IRQs on failure path (git-fixes). - ALSA: echoaudio: Remove redundant check (git-fixes). - ALSA: firewire: fix kernel-doc (git-fixes). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes). - ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes). - ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes). - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes). - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes). - ALSA: hda/realtek - Fix unused variable warning (git-fixes). - ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes). - ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes). - ALSA: hda/tegra: Disable sync-write operation (git-fixes). - ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes). - ALSA: hda: avoid reset of sdo_limit (git-fixes). - ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: isa/gus: remove 'set but not used' warning (git-fixes). - ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes). - ALSA: isa: fix spelling mistakes in the comments (git-fixes). - ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes). - ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes). - ALSA: pci/asihpi: fix kernel-doc (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes). - ALSA: pci/au88x0: remove 'defined but not used' warnings (git-fixes). - ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes). - ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes). - ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes). - ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes). - ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes). - ALSA: pci/es1938: remove 'set but not used' warning (git-fixes). - ALSA: pci/fm801: fix kernel-doc (git-fixes). - ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes). - ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes). - ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes). - ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes). - ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes). - ALSA: seq: oss: Serialize ioctls (git-fixes). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes). - ALSA: usb-audio: add startech usb audio dock name (git-fixes). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: Fix some typos (git-fixes). - ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (git-fixes). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb/line6: remove 'defined but not used' warning (git-fixes). - ALSA: vx_core: remove warning for empty loop body (git-fixes). - ALSA: xen: remove 'set but not used' warning (git-fixes). - ALSA: xen: Remove superfluous fall through comments (git-fixes). - appletalk: Fix atalk_proc_init() return path (git-fixes). - arm/arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906). - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906). - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180). - arm64: cacheflush: Fix KGDB trap detection (bsc#1175188). - arm64: csum: Fix handling of bad packets (bsc#1175192). - arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016). - arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347). - arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346). - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345). - arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013). - arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012). - arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes). - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021). - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020). - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015). - arm64: dts: rockchip: Replace RK805 PMIC node name with 'pmic' on rk3328 boards (none bsc#1175014). - arm64: dts: uDPU: fix broken ethernet (bsc#1175344). - arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011). - arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185). - arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184). - arm64: hugetlb: avoid potential NULL dereference (bsc#1175183). - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186). - arm64: kexec_file: print appropriate variable (bsc#1175187). - arm64: kgdb: Fix single-step exception handling oops (bsc#1175191). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010). - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017). - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018). - arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009). - arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182). - arm64: vdso: do not free unallocated pages (bsc#1175181). - arm: percpu.h: fix build error (git-fixes). - arm: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906). - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes). - ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes). - ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes). - ASoC: meson: axg-tdmin: fix g12a skew (git-fixes). - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes). - ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes). - ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes). - ASoC: q6routing: add dummy register read/write function (git-fixes). - ASoC: SOF: nocodec: add missing .owner field (git-fixes). - ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix regression with Atheros 9271 (git-fixes). - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bdc: Fix bug causing crash after multiple disconnects (git-fixes). - bfq: fix blkio cgroup leakage v4 (bsc#1175775). - block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes). - Bluetooth: btusb: fix up firmware download sequence (git-fixes). - Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes). - Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518). - bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518). - bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518). - bpfilter: fix up a sparse annotation (bsc#1155518). - bpfilter: Initialize pos variable (bsc#1155518). - bpfilter: reject kernel addresses (bsc#1155518). - bpfilter: switch to kernel_write (bsc#1155518). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes). - brcmfmac: Set timeout value when configuring power save (bsc#1173468). - brcmfmac: To fix Bss Info flag definition Bug (git-fixes). - btmrvl: Fix firmware filename for sd8977 chipset (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (git-fixes). - btrfs: add helper to get the end offset of a file extent item (bsc#1175546). - btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: delete the ordered isize update code (bsc#1175377). - btrfs: do not set path->leave_spinning for truncate (bsc#1175377). - btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix lost i_size update after cloning inline extent (bsc#1175377). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix race between shrinking truncate and fiemap (bsc#1175377). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: introduce per-inode file extent tree (bsc#1175377). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: make full fsyncs always operate on the entire file again (bsc#1175546). - btrfs: make ranged full fsyncs more efficient (bsc#1175546). - btrfs: move extent_io_tree defs to their own header (bsc#1175377). - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149). - btrfs: Remove leftover of in-band dedupe (bsc#1175149). - btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377). - btrfs: remove useless check for copy_items() return value (bsc#1175546). - btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377). - btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377). - btrfs: separate out the extent io init function (bsc#1175377). - btrfs: separate out the extent leak code (bsc#1175377). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263). - btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377). - btrfs: use the file extent tree infrastructure (bsc#1175377). - cfg80211: check vendor command doit pointer before use (git-fixes). - clk: actions: Fix h_clk for Actions S500 SoC (git-fixes). - clk: at91: clk-generated: check best_rate against ranges (git-fixes). - clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes). - clk: at91: sam9x60-pll: check fcore against ranges (git-fixes). - clk: at91: sam9x60-pll: use logical or for range check (git-fixes). - clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes). - clk: at91: sckc: register slow_rc with accuracy option (git-fixes). - clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865). - clk: bcm63xx-gate: fix last clock availability (git-fixes). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes). - clk: iproc: round clock rate to the closest (git-fixes). - clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes). - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes). - clk: rockchip: Revert 'fix wrong mmc sample phase shift for rk3328' (git-fixes). - clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes). - crc-t10dif: Fix potential crypto notify dead-lock (git-fixes). - crypto: aesni - add compatibility with IAS (git-fixes). - crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes). - crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: ccree - fix resource leak on error path (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (git-fixes). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes). - dmaengine: ioat setting ioat timeout as module parameter (git-fixes). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes). - docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.) - drbd: Remove uninitialized_var() usage (git-fixes). - driver core: Avoid binding drivers to dead devices (git-fixes). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes). - drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes). - drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472) - drm/amd/powerplay: fix a crash when overclocking Vega M (git-fixes). - drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes). - drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0 - drm/amdgpu/gfx10: fix race condition for kiq (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes). - drm/amdgpu: fix preemption unit test (git-fixes). - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes). - drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c - drm/debugfs: fix plain echo to connector 'force' attribute (git-fixes). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes). - drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes). - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) * context changes - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes). - drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737). - drm/i915/gt: Move new timelines to the end of active_list (git-fixes). - drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) * context changes - drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes). - drm/i915: Actually emit the await_start (bsc#1174737). - drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737). - drm/i915: Do not poison i915_request.link on removal (bsc#1174737). - drm/i915: Drop no-semaphore boosting (bsc#1174737). - drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737). - drm/i915: Flush execution tasklets before checking request status (bsc#1174737). - drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737). - drm/i915: Ignore submit-fences on the same timeline (bsc#1174737). - drm/i915: Improve the start alignment of bonded pairs (bsc#1174737). - drm/i915: Keep track of request among the scheduling lists (bsc#1174737). - drm/i915: Lock signaler timeline while navigating (bsc#1174737). - drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737). - drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737). - drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737). - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) * context changes - drm/i915: Peel dma-fence-chains for await (bsc#1174737). - drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737). - drm/i915: Protect i915_request_await_start from early waits (bsc#1174737). - drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737). - drm/i915: Rely on direct submission to the queue (bsc#1174737). - drm/i915: Remove wait priority boosting (bsc#1174737). - drm/i915: Reorder await_execution before await_request (bsc#1174737). - drm/i915: Return early for await_start on same timeline (bsc#1174737). - drm/i915: Use EAGAIN for trylock failures (bsc#1174737). - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (git-fixes). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes). - drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (git-fixes). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm/radeon: disable AGP by default (git-fixes). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes). - drm/stm: repair runtime power management (git-fixes). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes - drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes). - drm: hold gem reference until object is no longer accessed (git-fixes). - drm: msm: a6xx: fix gpu failure after system resume (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes). - dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes). - enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28). - ext2: fix missing percpu_counter_inc (bsc#1175774). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: do not BUG on inconsistent journal feature (bsc#1171634). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins (git-fixes). - firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes). - firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes). - firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: Fix a reference count leak (git-fixes). - firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906). - firmware: smccc: Add function to fetch SMCCC version (bsc#1174906). - firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906). - firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906). - firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906). - firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906). - firmware: smccc: Update link to latest SMCCC specification (bsc#1174906). - firmware_loader: fix memory leak for paged buffer (bsc#1175367). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176). - fuse: fix weird page warning (bsc#1175175). - genetlink: remove genl_bind (networking-stable-20_07_17). - geneve: fix an uninitialized value in geneve_changelink() (git-fixes). - genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090). - genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090). - genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090). - gfs2: Another gfs2_find_jhead fix (bsc#1174824). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825). - go7007: add sanity checking for endpoints (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: arizona: put pm_runtime in case of failure (git-fixes). - gpio: max77620: Fix missing release of interrupt (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes). - habanalabs: increase timeout during reset (git-fixes). - HID: alps: support devices with report id 2 (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes). - HID: input: Fix devices that return multiple bytes in battery report (git-fixes). - HID: steam: fixes race in handling device list (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes). - i2c: also convert placeholder function to return errno (git-fixes). - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes). - i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411). - i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411). - i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - i2c: iproc: fix race between client unreg and isr (git-fixes). - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes). - i2c: rcar: avoid race when unregistering slave (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes). - i2c: slave: add sanity check when unregistering (git-fixes). - i2c: slave: improve sanity check when registering (git-fixes). - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes). - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes). - i40iw: Report correct firmware version (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (git-fixes). - IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes). - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes). - IB/hfi1: Ensure pq is not left on waitlist (git-fixes). - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes). - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes). - IB/mad: Fix use after free when destroying MAD agent (git-fixes). - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes). - IB/mlx5: Fix 50G per lane indication (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes). - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes). - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes). - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes). - IB/rdmavt: Delete unused routine (git-fixes). - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770). - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ice: Clear and free XLT entries on reset (jsc#SLE-7926). - ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926). - ide: Remove uninitialized_var() usage (git-fixes). - ieee802154: fix one possible memleak in adf7242_probe (git-fixes). - igc: Fix PTP initialization (bsc#1160634). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - Input: elan_i2c - only increment wakeup count on touch (git-fixes). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ionic: fix up filter locks and debug msgs (bsc#1167773). - ionic: keep rss hash after fw update (bsc#1167773). - ionic: unlock queue mutex in error path (bsc#1167773). - ionic: update filter id after replay (bsc#1167773). - ionic: use mutex to protect queue operations (bsc#1167773). - ionic: use offset for ethtool regs data (bsc#1167773). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17). - ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1175195). - iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI workaround for enum cpuhp_state (git-fixes). - kABI workaround for struct kvm_device (git-fixes). Just change an variable to 'const' type in kvm_device. - kABI workaround for struct kvm_vcpu_arch (git-fixes). Add a struct variable to the end of kvm_vcpu_arch and kvm_vcpu_arch is embedded into kvm_vcpu at the end. It is usually used by pointer and allocated dynamically, so this change should be fine even for external kvm module. - kABI/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - kABI/severities: ignore qla2xxx as all symbols are internal - kABI: genetlink: remove genl_bind (kabi). - kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645). - kernel.h: remove duplicate include of asm/div64.h (git-fixes). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190). - KVM: arm64: Correct PSTATE on exception entry (bsc#1133021). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021). - KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021). - KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593). - KVM: Play nice with read-only memslots when querying host page size (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: Reinstall old memslots if arch preparation fails (bsc#1133021). - KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021). - KVM: x86: Fix APIC page invalidation race (bsc#1133021). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: gpio: Fix semantic error (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: lm36274: fix use-after-free on unbind (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - locktorture: Print ratio of acquisitions, not failures (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix misplaced while instead of if (git-fixes). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - Mark the SLE15-SP2 kernel properly released. There perhaps was a typo, when SUSE_KERNEL_RELEASED missed the trailing 'D' - this leads to our kernels being marked as 'Unreleased kernel'. SUSE_KERNEL_RELEASED is defined in rpm/kernel-binary.spec.in. To fix that, it should be enough to switch from SUSE_KERNEL_RELEASE to SUSE_KERNEL_RELEASED. - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: camss: fix memory leaks on error handling paths in probe (git-fixes). - media: cxusb-analog: fix V4L2 dependency (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes). - media: media-request: Fix crash if memory allocation fails (git-fixes). - media: nuvoton-cir: remove setting tx carrier functions (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes). - media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes). - media: sur40: Remove uninitialized_var() usage (git-fixes). - media: vpss: clean up resources in init (git-fixes). - media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488). - mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm: Fix protection usage propagation (bsc#1174002). - mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes). - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes). - mtd: rawnand: qcom: avoid write to unavailable register (git-fixes). - mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28). - mwifiex: Fix firmware filename for sd8977 chipset (git-fixes). - mwifiex: Fix firmware filename for sd8997 chipset (git-fixes). - mwifiex: Prevent memory corruption handling keys (git-fixes). - ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518). - net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518). - net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518). - net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17). - net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid memory access violation by validating req_id properly (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: fix continuous keep-alive resets (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: Make missed_tx stat incremental (git-fixes). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: Prevent reset after device destruction (git-fixes). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: hns3: fix error handling for desc filling (git-fixes). - net: hns3: fix for not calculating TX BD send size correctly (git-fixes). - net: hns3: fix return value error when query MAC link status fail (git-fixes). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: lan78xx: replace bogus endpoint lookup (git-fixes). - net: mvneta: fix use of state->speed (networking-stable-20_07_17). - net: phy: Check harder for errors in get_phy_id() (git-fixes). - net: phy: fix memory leak in device-create error path (git-fixes). - net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17). - netdevsim: fix unbalaced locking in nsim_create() (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - ntb: Fix static check warning in perf_clear_test (git-fixes). - ntb: Fix the default port and peer numbers for legacy drivers (git-fixes). - ntb: hw: remove the code that sets the DMA mask (git-fixes). - ntb: ntb_pingpong: Choose doorbells based on port number (git-fixes). - ntb: ntb_test: Fix bug when counting remote files (git-fixes). - ntb: ntb_tool: reading the link file should not end in a NULL byte (git-fixes). - ntb: perf: Do not require one more memory window than number of peers (git-fixes). - ntb: perf: Fix race condition when run with ntb_test (git-fixes). - ntb: perf: Fix support for hardware that does not have port numbers (git-fixes). - ntb: Revert the change to use the NTB device dev for DMA allocations (git-fixes). - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes). - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108). - nvme-multipath: set bdi capabilities once (bsc#1159058). - nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058). - nvme-rdma: Add warning on state change failure at (bsc#1159058). - nvme-tcp: Add warning on state change failure at (bsc#1159058). - nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058). - nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes). - nvme: always search for namespace head (bsc#1159058). - nvme: avoid an Identify Controller command for each namespace (bsc#1159058). - nvme: check namespace head shared property (bsc#1159058). - nvme: clean up nvme_scan_work (bsc#1159058). - nvme: cleanup namespace identifier reporting in (bsc#1159058). - nvme: consolidate chunk_sectors settings (bsc#1159058). - nvme: consolodate io settings (bsc#1159058). - nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058). - nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058). - nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058). - nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058). - nvme: Fix controller creation races with teardown flow (bsc#1159058). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058). - nvme: fix identify error status silent ignore (git-fixes, bsc#1159058). - nvme: fix possible hang when ns scanning fails during error (bsc#1159058). - nvme: kABI fixes for nvme_ctrl (bsc#1159058). - nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058). - nvme: provide num dword helper (bsc#1159058). - nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058). - nvme: refine the Qemu Identify CNS quirk (bsc#1159058). - nvme: release ida resources (bsc#1159058). - nvme: release namespace head reference on error (bsc#1159058). - nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058). - nvme: remove unused parameter (bsc#1159058). - nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058). - nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058). - nvme: revalidate after verifying identifiers (bsc#1159058). - nvme: revalidate namespace stream parameters (bsc#1159058). - nvme: unlink head after removing last namespace (bsc#1159058). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (git-fixes). - openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix runtime PM imbalance on error (git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes). - phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes). - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes). - phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes). - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: ISST: Add new PCI device ids (git-fixes). - PM: wakeup: Show statistics for deleted wakeup sources again (git-fixes). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395). - powerpc/iommu: Allow bypass-only for DMA (bsc#1156395). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (git-fixes). - qed: suppress false-positives interrupt error messages on HW init (git-fixes). - r8169: fix jumbo configuration for RTL8168evl (bsc#1175296). - r8169: fix jumbo packet handling on resume from suspend (bsc#1175296). - r8169: fix resume on cable plug-in (bsc#1175296). - r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296). - r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296). - r8169: read common register for PCI commit (bsc#1175296). - random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes). - random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes). - random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes). - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes). - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes). - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes). - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes). - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes). - RDMA/cm: Remove a race freeing timewait_info (git-fixes). - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes). - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes). - RDMA/core: Fix double destruction of uobject (git-fixes). - RDMA/core: Fix double put of resource (git-fixes). - RDMA/core: Fix missing error check on dev_set_name() (git-fixes). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes). - RDMA/core: Fix race between destroy and release FD object (git-fixes). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes). - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes). - RDMA/counter: Query a counter before release (git-fixes). - RDMA/efa: Set maximum pkeys device attribute (git-fixes). - RDMA/hns: Bugfix for querying qkey (git-fixes). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes). - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes). - RDMA/iwcm: Fix iwcm work deallocation (git-fixes). - RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes). - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes). - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes). - RDMA/mlx5: Add init2init as a modify command (git-fixes). - RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446). - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes). - RDMA/mlx5: Fix typo in enum name (git-fixes). - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes). - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes). - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes). - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes). - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes). - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes). - RDMA/rxe: Set default vendor ID (git-fixes). - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes). - RDMA/siw: Fix failure handling during device creation (git-fixes). - RDMA/siw: Fix passive connection establishment (git-fixes). - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes). - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes). - RDMA/siw: Fix reporting vendor_part_id (git-fixes). - RDMA/siw: Fix setting active_mtu attribute (git-fixes). - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes). - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes). - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - remoteproc: qcom: q6v5: Update running state before requesting stop (git-fixes). - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes). - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes). - Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (git-fixes). - Revert 'drm/amd/display: Expose connector VRR range via debugfs' (bsc#1152489) * refreshed for context changes - Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (git-fixes). - Revert 'i2c: cadence: Fix the hold bit setting' (git-fixes). - Revert 'RDMA/cma: Simplify rdma_resolve_addr() error flow' (git-fixes). - Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003). - Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003). - rhashtable: Document the right function parameters (bsc#1174880). - rhashtable: drop duplicated word in (bsc#1174880). - rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880). - rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880). - rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/modules.fips: * add ecdh_generic (boo#1173813) - rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - rtw88: fix LDPC field for RA info (git-fixes). - rtw88: fix short GI capability based on current bandwidth (git-fixes). - sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28). - sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: remove unneeded semicolon (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes). - serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes). - serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes). - serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - serial: tegra: fix CREAD handling for PIO (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834). - soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116). - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes). - spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - spi: rockchip: Fix error in SPI slave pio read (git-fixes). - spi: spi-geni-qcom: Actually use our FIFO (git-fixes). - spi: spidev: Align buffers for DMA (git-fixes). - spi: stm32: fixes suspend/resume management (git-fixes). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging: rtl8712: handle firmware load failure (git-fixes). - staging: vchiq_arm: Add a matching unregister call (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes). - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes). - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - ubsan: check panic_on_warn (bsc#1174805). - uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762). - update upstream reference - usb: bdc: Halt controller on suspend (git-fixes). - usb: core: fix quirks_param_set() writing to a const pointer (git-fixes). - usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes). - usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes). - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: iowarrior: fix up report size handling for some devices (git-fixes). - usb: mtu3: clear dual mode of u3port when disable device (git-fixes). - usb: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - usb: serial: cp210x: re-enable auto-RTS on open (git-fixes). - usb: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - usb: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: tegra: Fix allocation for the FPCI context (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes). - watchdog: initialize device before misc_register (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - wl1251: fix always return 0 error (git-fixes). - x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes). - xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600). - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645). - xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645). - xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2577-1 Released: Wed Sep 9 07:18:53 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1176069,CVE-2020-14386 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2638-1 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1165580 This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2684-1 Released: Fri Sep 18 15:01:24 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1176134,1176591 This update for grub2 fixes the following issues: - Make efi hand off the default entry point of the linux command (bsc#1176134) From sle-updates at lists.suse.com Wed Sep 23 06:26:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 14:26:31 +0200 (CEST) Subject: SUSE-IU-2020:89-1: Security update of sles-15-sp2-chost-byos-v20200922 Message-ID: <20200923122631.68EB4FCE2@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp2-chost-byos-v20200922 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:89-1 Image Tags : sles-15-sp2-chost-byos-v20200922:20200922 Image Release : Severity : important Type : security References : 1058115 1065600 1065729 1065729 1071995 1071995 1085030 1085030 1106843 1113225 1113719 1120163 1121268 1133021 1142733 1146991 1148868 1149032 1149911 1151708 1152472 1152472 1152489 1152489 1153274 1153274 1153520 1153953 1154063 1154353 1154353 1154488 1154492 1154492 1155305 1155518 1155518 1155798 1156395 1156395 1157169 1158050 1158242 1158265 1158336 1158748 1158765 1158983 1159058 1159781 1159867 1160634 1160947 1161495 1162002 1162063 1162400 1162702 1164648 1164777 1164780 1165211 1165580 1165933 1165975 1166985 1167104 1167494 1167651 1167773 1167773 1168104 1168230 1168235 1168389 1168779 1168838 1168959 1168994 1169021 1169094 1169194 1169514 1169681 1169771 1169790 1170011 1170284 1170442 1170475 1170476 1170617 1170745 1170774 1170879 1170891 1170895 1170964 1171150 1171189 1171191 1171219 1171220 1171246 1171284 1171417 1171513 1171529 1171530 1171634 1171656 1171662 1171688 1171688 1171699 1171732 1171739 1171743 1171759 1171828 1171857 1171868 1171878 1171904 1171915 1171982 1171983 1171988 1172017 1172046 1172061 1172062 1172063 1172064 1172065 1172066 1172067 1172068 1172069 1172073 1172085 1172086 1172095 1172108 1172169 1172170 1172195 1172197 1172201 1172208 1172223 1172247 1172342 1172343 1172344 1172356 1172365 1172366 1172374 1172391 1172393 1172394 1172418 1172453 1172458 1172467 1172484 1172537 1172543 1172687 1172719 1172739 1172745 1172751 1172759 1172775 1172781 1172782 1172783 1172810 1172814 1172823 1172824 1172841 1172871 1172871 1172938 1172939 1172940 1172956 1172963 1172983 1172984 1172985 1172986 1172987 1172988 1172989 1172990 1172999 1173060 1173068 1173074 1173085 1173139 1173206 1173227 1173229 1173238 1173240 1173271 1173280 1173284 1173357 1173411 1173422 1173428 1173438 1173461 1173468 1173485 1173514 1173539 1173552 1173573 1173625 1173746 1173776 1173798 1173813 1173817 1173818 1173820 1173822 1173823 1173824 1173825 1173826 1173827 1173828 1173830 1173831 1173832 1173833 1173834 1173836 1173837 1173838 1173839 1173841 1173843 1173844 1173845 1173847 1173849 1173860 1173894 1173941 1173954 1174002 1174003 1174018 1174026 1174072 1174091 1174116 1174126 1174127 1174128 1174129 1174154 1174185 1174205 1174244 1174247 1174260 1174263 1174264 1174320 1174320 1174331 1174332 1174333 1174345 1174356 1174362 1174387 1174396 1174398 1174407 1174409 1174411 1174421 1174438 1174462 1174484 1174513 1174527 1174543 1174543 1174551 1174567 1174618 1174625 1174627 1174645 1174673 1174689 1174699 1174736 1174737 1174745 1174757 1174762 1174770 1174771 1174777 1174782 1174805 1174824 1174825 1174847 1174852 1174865 1174880 1174897 1174906 1174969 1175009 1175010 1175011 1175012 1175013 1175014 1175015 1175016 1175017 1175018 1175019 1175020 1175021 1175036 1175052 1175060 1175109 1175112 1175116 1175128 1175149 1175173 1175175 1175176 1175180 1175181 1175182 1175183 1175184 1175185 1175186 1175187 1175188 1175189 1175190 1175191 1175192 1175195 1175199 1175213 1175232 1175250 1175251 1175263 1175284 1175296 1175344 1175345 1175346 1175347 1175367 1175377 1175440 1175493 1175546 1175550 1175626 1175654 1175656 1175691 1175740 1175741 1175766 1175768 1175769 1175770 1175771 1175772 1175774 1175775 1175811 1175830 1175831 1175834 1175873 1176069 1176134 1176179 1176591 927831 941629 962849 996146 CVE-2018-18751 CVE-2019-19462 CVE-2019-20810 CVE-2019-20812 CVE-2019-20907 CVE-2020-0305 CVE-2020-10135 CVE-2020-10711 CVE-2020-10713 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-10781 CVE-2020-12656 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-14416 CVE-2020-15393 CVE-2020-15705 CVE-2020-15719 CVE-2020-15780 CVE-2020-16166 CVE-2020-24977 CVE-2020-8231 ----------------------------------------------------------------- The container sles-15-sp2-chost-byos-v20200922 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1370-1 Released: Thu May 21 19:06:00 2020 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1171656 This update for systemd-presets-branding-SLE fixes the following issues: Cleanup of outdated autostart services (bsc#1171656): - Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE. - Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this. - Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2099-1 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1173227,1173229,1173422 This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2105-1 Released: Mon Aug 3 16:42:25 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1058115,1065729,1071995,1085030,1148868,1152472,1152489,1153274,1154353,1154492,1155518,1155798,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158983,1159781,1159867,1160947,1161495,1162002,1162063,1162400,1162702,1164648,1164777,1164780,1165211,1165933,1165975,1166985,1167104,1167651,1167773,1168230,1168779,1168838,1168959,1169021,1169094,1169194,1169514,1169681,1169771,1170011,1170284,1170442,1170617,1170774,1170879,1170891,1170895,1171150,1171189,1171191,1171219,1171220,1171246,1171417,1171513,1171529,1171530,1171662,1171688,1171699,1171732,1171739,1171743,1171759,1171828,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172169,1172170,1172201,1172208,1172223,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172739,1172751,1172759,1172775,1172781,1172782,1 172783,1172814,1172823,1172841,1172871,1172938,1172939,1172940,1172956,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173060,1173068,1173074,1173085,1173139,1173206,1173271,1173280,1173284,1173428,1173438,1173461,1173514,1173552,1173573,1173625,1173746,1173776,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1174018,1174072,1174116,1174126,1174127,1174128,1174129,1174185,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174513,1174527,1174543,1174627,962849,CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0305,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020- 13143,CVE-2020-13974,CVE-2020-14416,CVE-2020-15393,CVE-2020-15780 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (bnc#1158265). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c could result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3 (bnc#1172453). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth?? BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem in versions This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-10781: A zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). - CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bnc#1171983). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-13143: gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c relies on kstrdup without considering the possibility of an internal '\0' value, which allowed attackers to trigger an out-of-bounds read (bnc#1171982). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). The following non-security bugs were fixed: - ACPICA: Dispatcher: add status checks (git-fixes). - ACPICA: Fixes for acpiExec namespace init file (git-fixes). - ACPI: configfs: Disallow loading ACPI tables when locked down (git-fixes). - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (git-fixes). - ACPI: GED: add support for _Exx / _Lxx handler methods (git-fixes). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (git-fixes). - ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes). - ACPI: PM: Avoid using power resources if there are none for D0 (git-fixes). - ACPI: sysfs: Fix pm_profile_attr type (git-fixes). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (git-fixes). - ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes). - af_unix: add compat_ioctl support (git-fixes). - agp/intel: Reinforce the barrier after GTT updates (git-fixes). - aio: fix async fsync creds (bsc#1173828). - ALSA: emu10k1: delete an unnecessary condition (git-fixes). - ALSA: es1688: Add the missed snd_card_free() (git-fixes). - ALSA: fireface: fix configuration error for nominal sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix invalid assignment to union data for directional parameter (git-fixes). - ALSA: hda: Add ElkhartLake HDMI codec vid (git-fixes). - ALSA: hda: add member to store ratio for stripe control (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (git-fixes). - ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes). - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261). - ALSA: hda - let hs_mic be picked ahead of hp_mic (git-fixes). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (git-fixes). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (git-fixes). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (git-fixes). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (git-fixes). - ALSA: hda/realtek - fixup for yet another Intel reference board (git-fixes). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (git-fixes). - ALSA: hda/tegra: correct number of SDO lines for Tegra194 (git-fixes). - ALSA: hda/tegra: workaround playback failure on Tegra194 (git-fixes). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: line6: Sync the pending work cancel at disconnection (git-fixes). - ALSA: opl3: fix infoleak in opl3 (git-fixes). - ALSA: pcm: disallow linking stream to itself (git-fixes). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: fix snd_pcm_link() lockdep splat (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (git-fixes). - ALSA: usb-audio: Clean up quirk entries with macros (git-fixes). - ALSA: usb-audio: Fix a limit check in proc_dump_substream_formats() (git-fixes). - ALSA: usb-audio: Fix inconsistent card PM state after resume (git-fixes). - ALSA: usb-audio: fixing upper volume limit for RME Babyface Pro routing crosspoints (git-fixes). - ALSA: usb-audio: Fixing usage of plain int instead of NULL (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix packet size calculation (bsc#1173847). - ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: Fix racy list management in output queue (git-fixes). - ALSA: usb-audio: Improve frames size computation (git-fixes). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (git-fixes). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Print more information in stream proc files (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Remove async workaround for Scarlett 2nd gen (git-fixes). - ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes). - ALSA: usb-audio: RME Babyface Pro mixer patch (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (git-fixes). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (networking-stable-20_04_17). - apparmor: ensure that dfa state tables have entries (git-fixes). - apparmor: fix introspection of of task mode for unconfined tasks (git-fixes). - apparmor: Fix memory leak of profile proxy (git-fixes). - apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes). - apparmor: remove useless aafs_create_symlink (git-fixes). - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id (bsc#1174398). - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode (bsc#1174398). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12424). - ARM: oxnas: make ox820_boot_secondary static (git-fixes). - asm-gemeric/tlb: remove stray function declarations (bsc#1156395). - ASoC: codecs: max98373: Removed superfluous volume control from chip default (git-fixes). - ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend (git-fixes). - ASoC: core: only convert non DPCM link to DPCM link (git-fixes). - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type (git-fixes). - ASoC: fix incomplete error-handling in img_i2s_in_probe (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes). - ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet (git-fixes). - ASoC: intel: cht_bsw_max98090_ti: Add all Chromebooks that need pmc_plt_clk_0 quirk (bsc#1171246). - ASoC: intel - fix the card names (git-fixes). - ASoC: max98373: reorder max98373_reset() in resume (git-fixes). - ASoC: max9867: fix volume controls (git-fixes). - ASoC: meson: add missing free_irq() in error path (git-fixes). - ASoc: q6afe: add support to get port direction (git-fixes). - ASoC: q6asm: handle EOS correctly (git-fixes). - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes). - ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes). - ASoC: rockchip: Fix a reference count leak (git-fixes). - ASoC: rt286: fix unexpected interrupt happens (git-fixes). - ASoC: rt5645: Add platform-data for Asus T101HA (git-fixes). - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5682: Report the button event in the headset type only (git-fixes). - ASoC: SOF: core: fix error return code in sof_probe_continue() (git-fixes). - ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes). - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags (git-fixes). - ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes). - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()' (git-fixes). - ASoC: topology: fix kernel oops on route addition error (git-fixes). - ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes). - ASoC: ux500: mop500: Fix some refcounted resources issues (git-fixes). - ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes). - ASoC: wm8974: remove unsupported clock mode (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: fix kernel null pointer dereference (git-fixes). - ath10k: Fix the race condition in firmware dump work queue (git-fixes). - ath10k: Remove ath10k_qmi_register_service_notifier() declaration (git-fixes). - ath10k: remove the max_sched_scan_reqs value (git-fixes). - ath10k: Skip handling del_server during driver exit (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (git-fixes). - ath9k: Fix use-after-free Read in htc_connect_service (git-fixes). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (git-fixes). - ax25: fix setsockopt(SO_BINDTODEVICE) (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Fix connection problem with WPA3 (git-fixes). - b43legacy: Fix case where channel status is corrupted (git-fixes). - b43_legacy: Fix connection problem with WPA3 (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - batman-adv: Revert 'disable ethtool link speed detection when auto negotiation off' (git-fixes). - bdev: fix bdev inode reference count disbalance regression (bsc#1174244) - bfq: Avoid false bfq queue merging (bsc#1171513). - bfq: Fix check detecting whether waker queue should be selected (bsc#1168838). - bfq: Use only idle IO periods for think time calculations (bsc#1171513). - bfq: Use 'ttime' local variable (bsc#1171513). - blacklist.conf: Add 9486727f5981 iommu/vt-d: Make Intel SVM code 64-bit only - blacklist.conf: Add superfluous stable commit IDs - blacklist.conf: cleanup removing unused exported symbols, unavoidable kABI breakage - blacklist.conf: for future infrastructure, and will need kABI workarounds in each user, only if we really need it - blk-iocost: Fix error on iocost_ioc_vrate_adj (bsc#1173206). - blk-iocost: fix incorrect vtime comparison in iocg_is_idle() (bsc#1173206). - blk-mq: consider non-idle request as 'inflight' in blk_mq_rq_inflight() (bsc#1165933). - block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (bsc#1173817). - block: Fix use-after-free in blkdev_get() (bsc#1173834). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes). - Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes). - Bluetooth: btmtkuart: Improve exception handling in btmtuart_probe() (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150). - bnxt_en: fix firmware message length endianness (bsc#1173894). - bnxt_en: Fix return code to 'flash_device' (bsc#1173894). - bnxt_en: Improve TQM ring context memory sizing formulas (jsc#SLE-8371 bsc#1153274). - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274). - bnxt_en: Return from timer if interface is not in open state (jsc#SLE-8371 bsc#1153274). - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274). - bpf: Document optval > PAGE_SIZE behavior for sockopt hooks (bsc#1155518). - bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518). - bpf: Do not return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE (bsc#1155518). - bpf: Fix an error code in check_btf_func() (bsc#1154353). - bpf: Fix map permissions check (bsc#1155518). - bpf: Prevent mmap()'ing read-only maps as writable (bsc#1155518). - bpf: Restrict bpf_probe_read{, str}() only to archs where they work (bsc#1172344). - bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier (bsc#1172344). - bpf, sockhash: Synchronize_rcu before free'ing map (git-fixes). - bpf, sockmap: Check update requirements after locking (git-fixes). - bpf: Undo internal BPF_PROBE_MEM in BPF insns dump (bsc#1155518). - bpf, xdp, samples: Fix null pointer dereference in *_user code (bsc#1155518). - brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094). - brcmfmac: fix wrong location to get firmware feature (git-fixes). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - bridge: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes). - bus: ti-sysc: Ignore clockactivity unless specified as a quirk (git-fixes). - carl9170: remove P2P_GO support (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: add comments for handle_cap_flush_ack logic (bsc#1172940). - ceph: allow rename operation under different quota realms (bsc#1172988). - ceph: ceph_kick_flushing_caps needs the s_mutex (bsc#1172986). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1172984 bsc#1167104). - ceph: document what protects i_dirty_item and i_flushing_item (bsc#1172940). - ceph: do not release i_ceph_lock in handle_cap_trunc (bsc#1172940). - ceph: do not return -ESTALE if there's still an open file (bsc#1171915). - ceph: do not take i_ceph_lock in handle_cap_import (bsc#1172940). - ceph: fix potential race in ceph_check_caps (bsc#1172940). - ceph: flush release queue when handling caps for unknown inode (bsc#1172939). - ceph: make sure mdsc->mutex is nested in s->s_mutex to fix dead lock (bsc#1172989). - ceph: normalize 'delta' parameter usage in check_quota_exceeded (bsc#1172987). - ceph: reorganize __send_cap for less spinlock abuse (bsc#1172940). - ceph: request expedited service on session's last cap flush (bsc#1172985 bsc#1167104). - ceph: reset i_requested_max_size if file write is not wanted (bsc#1172983). - ceph: skip checking caps when session reconnecting and releasing reqs (bsc#1172990). - ceph: split up __finish_cap_flush (bsc#1172940). - ceph: throw a warning if we destroy session with mutex still locked (bsc#1172940). - char/random: Add a newline at the end of the file (jsc#SLE-12424). - clk: bcm2835: Fix return type of bcm2835_register_gate (git-fixes). - clk: bcm2835: Remove casting to bcm2835_clk_register (git-fixes). - clk: clk-flexgen: fix clock-critical handling (git-fixes). - clk: mediatek: assign the initial value to clk_init_data of mtk_mux (git-fixes). - clk: meson: meson8b: Do not rely on u-boot to init all GP_PLL registers (git-fixes). - clk: meson: meson8b: Fix the polarity of the RESET_N lines (git-fixes). - clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits (git-fixes). - clk: qcom: Add missing msm8998 ufs_unipro_core_clk_src (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical (git-fixes). - clk: sifive: allocate sufficient memory for struct __prci_data (git-fixes). - clk: sprd: return correct type of value for _sprd_pll_recalc_rate (git-fixes). - clk: sunxi: Fix incorrect usage of round_down() (git-fixes). - clk: ti: am33xx: fix RTC clock parent (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (git-fixes). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (git-fixes). - component: Silence bind error on -EPROBE_DEFER (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1172739 - coredump: fix crash when umh is disabled (git-fixes). - coredump: fix null pointer dereference on coredump (git-fixes). - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes). - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once (git-fixes). - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn (git-fixes). - cpuidle: Fix three reference count leaks (git-fixes). - crypto: algapi - Avoid spurious modprobe on LOADED (git-fixes). - crypto: algboss - do not wait during notifier callback (git-fixes). - crypto: algif_skcipher - Cap recv SG list at ctx->used (git-fixes). - crypto - Avoid free() namespace collision (git-fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp -- do not 'select' CONFIG_DMADEVICES (git-fixes). - crypto/chcr: fix for ccm(aes) failed test (git-fixes). - crypto: chelsio/chtls: properly set tp->lsndtime (git-fixes). - crypto: drbg - fix error return code in drbg_alloc_state() (git-fixes). - crypto: omap-sham - add proper load balancing support for multicore (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: stm32/crc32 - fix multi-instance (git-fixes). - crypto: stm32/crc32 - fix run-time self test issue (git-fixes). - cxgb4: fix adapter crash due to wrong MC size (networking-stable-20_04_27). - cxgb4: fix large delays in PTP synchronization (networking-stable-20_04_27). - dccp: Fix possible memleak in dccp_init and dccp_fini (networking-stable-20_06_16). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - devlink: fix return value after hitting end in region read (networking-stable-20_05_12). - devmap: Use bpf_map_area_alloc() for allocating hash buckets (bsc#1154353). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dma-coherent: fix integer overflow in the reserved-memory dma allocation (git-fixes). - dma-debug: fix displaying of dma allocation type (git-fixes). - dma-direct: fix data truncation in dma_direct_get_required_mask() (git-fixes). - dmaengine: dmatest: Fix process hang when reading 'wait' parameter (git-fixes). - dmaengine: dmatest: Restore default for channel (git-fixes). - dmaengine: dmatest: stop completed threads when running without set channel (git-fixes). - dmaengine: dw: Initialize channel before each transfer (git-fixes). - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes). - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler (git-fixes). - dmaengine: mmp_tdma: Do not ignore slave config validation errors (git-fixes). - dmaengine: mmp_tdma: Reset channel error on release (git-fixes). - dmaengine: owl: Use correct lock in owl_dma_get_pchan() (git-fixes). - dmaengine: pch_dma.c: Avoid data race between probe and irq handler (git-fixes). - dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (git-fixes). - dm: do not use waitqueue for request-based DM (bsc#1165933). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: reject asynchronous pmem devices (bsc#1156395). - dpaa2-eth: prevent array underflow in update_cls_rule() (networking-stable-20_05_16). - dpaa2-eth: properly handle buffer size restrictions (networking-stable-20_05_16). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174396). - dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: phy: sr-usb: do not use internal fsm for USB2 phy init (git-fixes). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (git-fixes). - drm/amd/display: add basic atomic check for cursor plane (git-fixes). - drm/amd/display: drop cursor position check in atomic test (git-fixes). - drm: amd/display: fix Kconfig help text (bsc#1152489) * context changes - drm/amd/display: Only revalidate bandwidth on medium and fast updates (git-fixes). - drm/amd/display: Prevent dpcd reads with passive dongles (git-fixes). - drm/amd/display: Revalidate bandwidth before commiting DC updates (git-fixes). - drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (git-fixes). - drm/amd: fix potential memleak in err branch (git-fixes). - drm/amdgpu: add fw release for sdma v5_0 (git-fixes). - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes). - drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes). - drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes). - drm/amdgpu: fix gfx hang during suspend with video playback (v2) (git-fixes). - drm/amdgpu: fix the hw hang during perform system reboot and reset (git-fixes). - drm/amdgpu: force fbdev into vram (bsc#1152472) * context changes - drm/amdgpu: Init data to avoid oops while reading pp_num_states (git-fixes). - drm/amdgpu: invalidate L2 before SDMA IBs (v2) (git-fixes). - drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1152472) - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes). - drm/amdgpu: simplify padding calculations (v2) (git-fixes). - drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes). - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (git-fixes). - drm/amd/powerplay: avoid using pm_en before it is initialized revised (git-fixes). - drm/amd/powerplay: perform PG ungate prior to CG ungate (git-fixes). - drm: bridge: adv7511: Extend list of audio sample rates (git-fixes). - drm/connector: notify userspace on hotplug after register complete (bsc#1152489) * context changes - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (git-fixes). - drm/edid: Add Oculus Rift S to non-desktop list (git-fixes). - drm: encoder_slave: fix refcouting error for modules (git-fixes). - drm/etnaviv: fix perfmon domain interation (git-fixes). - drm/etnaviv: rework perfmon query infrastructure (git-fixes). - drm/exynos: fix ref count leak in mic_pre_enable (git-fixes). - drm/exynos: Properly propagate return value in drm_iommu_attach_device() (git-fixes). - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is (bsc#1152489) - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is disabled (git-fixes). - drm/i915: extend audio CDCLK>=2*BCLK constraint to more platforms (git-fixes). - drm/i915: Extend WaDisableDARBFClkGating to icl,ehl,tgl (bsc#1152489) - drm/i915: fix port checks for MST support on gen >= 11 (git-fixes). - drm/i915/gem: Avoid iterating an empty list (git-fixes). - drm/i915/gt: Do not schedule normal requests immediately along (bsc#1152489) - drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes). - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (bsc#1152489) - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (git-fixes). - drm/i915/gvt: Fix two CFL MMIO handling caused by regression. (bsc#1152489) - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes). - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1152489) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (git-fixes). - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1152489) * context changes - drm/i915: HDCP: fix Ri prime check done during link check (git-fixes). - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1152489) - drm/i915: Limit audio CDCLK>=2*BCLK constraint back to GLK only (git-fixes). - drm/i915: Propagate error from completed fences (git-fixes). - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (git-fixes). - drm/i915: work around false-positive maybe-uninitialized warning (git-fixes). - drm/mcde: dsi: Fix return value check in mcde_dsi_bind() (git-fixes). - drm: mcde: Fix display initialization problem (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489) - drm/msm/dpu: allow initialization of encoder locks during encoder init (git-fixes). - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes). - drm/msm: fix potential memleak in error branch (git-fixes). - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation (git-fixes). - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection (git-fixes). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (git-fixes). - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() (git-fixes). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (git-fixes). - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - drm: rcar-du: Fix build error (bsc#1152472) - drm/sun4i: hdmi ddc clk: Fix size of m divider (git-fixes). - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489) - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes). - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes). - drm/tegra: hub: Do not enable orphaned window group (git-fixes). - drm/vkms: Hold gem object while still in-use (git-fixes). - Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. (cherry picked from commit 70ad1b2fa5955d91e1a09a8027daf210e28fee30) - Drop a couple of block layer git-fixes Upstream changed the partition usage counter check back and forth and ended up reverting all changes. Let's drop our the partial backport. - dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() (git-fixes). - e1000: Distribute switch variables for initialization (git-fixes). - e1000e: Disable TSO for buffer overrun workaround (git-fixes). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (git-fixes). - e1000e: Relax condition to trigger reset for ME workaround (git-fixes). - EDAC/amd64: Add PCI device IDs for family 17h, model 70h (bsc#1165975). - EDAC/ghes: Setup DIMM label from DMI and use it in error reports (bsc#1168779). - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable (bsc#1152489). - EDAC/synopsys: Do not dump uninitialized pinf->col (bsc#1152489). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12424). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12424). - efi/tpm: Verify event log header before parsing (bsc#1173461). - eventpoll: fix missing wakeup for ovflist in ep_poll_callback (bsc#1159867). - evm: Check also if *tfm is an error pointer in init_desc() (git-fixes). - evm: Fix a small race in init_desc() (git-fixes). - evm: Fix possible memory leak in evm_calc_hmac_or_hash() (git-fixes). - evm: Fix RCU list related warnings (git-fixes). - exfat: add missing brelse() calls on error paths (git-fixes). - exfat: fix incorrect update of stream entry in __exfat_truncate() (git-fixes). - exfat: fix memory leak in exfat_parse_param() (git-fixes). - exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes). - ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843). - ext4: fix error pointer dereference (bsc#1173837). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (git-fixes). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fat: do not allow to mount if the FAT length == 0 (bsc#1173831). - fdt: add support for rng-seed (jsc#SLE-12424). - fdt: Update CRC check for rng-seed (jsc#SLE-12424). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (git-fixes). - firmware: imx-scu: Support one TX and one RX (git-fixes). - firmware: imx: warn on unexpected RX (git-fixes). - firmware: qcom_scm: fix bogous abuse of dma-direct internals (git-fixes). - firmware: xilinx: Fix an error handling path in 'zynqmp_firmware_probe()' (git-fixes). - Fix a regression of AF_ALG crypto interface hang with aes_s390 (bsc#1167651) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fork: prevent accidental access to clone3 features (bsc#1174018). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs: Do not check if there is a fsnotify watcher on pseudo inodes (bsc#1158765). - fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config file - fsnotify: Rearrange fast path to minimise overhead when there is no watcher (bsc#1158765). - fuse: copy_file_range should truncate cache (git-fixes). - fuse: fix copy_file_range cache issues (git-fixes). - genetlink: clean up family attributes allocations (git-fixes). - genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() (bsc#1154353). - geneve: allow changing DF behavior after creation (git-fixes). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - gfs2: fix glock reference problem in gfs2_trans_remove_revoke (bsc#1173823). - gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822). - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() (git-fixes). - gpio: dwapb: Append MODULE_ALIAS for platform driver (git-fixes). - gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration (git-fixes). - gpio: exar: Fix bad handling for ida_simple_get error path (git-fixes). - gpiolib: Document that GPIO line names are not globally unique (git-fixes). - gpio: pca953x: disable regmap locking for automatic address incrementing (git-fixes). - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes). - gpio: pca953x: fix handling of automatic address incrementing (git-fixes). - gpio: pca953x: Fix pca953x_gpio_set_config (git-fixes). - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 (git-fixes). - gpio: pxa: Fix return value of pxa_gpio_probe() (git-fixes). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (git-fixes). - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type (git-fixes). - gpu: host1x: Detach driver on unregister (git-fixes). - habanalabs: Align protection bits configuration of all TPCs (git-fixes). - HID: Add quirks for Trust Panora Graphic Tablet (git-fixes). - HID: alps: Add AUI1657 device ID (git-fixes). - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead (git-fixes). - HID: i2c-hid: add Schneider SCL142ALM to descriptor override (git-fixes). - HID: i2c-hid: reset Synaptics SYNA2393 on resume (git-fixes). - HID: intel-ish-hid: avoid bogus uninitialized-variable warning (git-fixes). - HID: logitech-hidpp: avoid repeated 'multiplier = ' log messages (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (git-fixes). - HID: multitouch: enable multi-input as a quirk for some devices (git-fixes). - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock (git-fixes). - HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes). - HID: quirks: Ignore Simply Automated UPB PIM (git-fixes). - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (git-fixes). - hinic: fix a bug of ndo_stop (networking-stable-20_05_16). - hinic: fix wrong para of wait_for_completion_timeout (networking-stable-20_05_16). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (git-fixes). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (git-fixes). - hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes). - hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes). - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes). - hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes). - i2c: altera: Fix race between xfer_msg and isr thread (git-fixes). - i2c: core: check returned size of emulated smbus block read (git-fixes). - i2c: designware-pci: Add support for Elkhart Lake PSE I2C (jsc#SLE-12734). - i2c: designware-pci: Fix BUG_ON during device removal (jsc#SLE-12734). - i2c: designware-pci: Switch over to MSI interrupts (jsc#SLE-12734). - i2c: dev: Fix the race between the release of i2c_dev and cdev (git-fixes). - i2c: eg20t: Load module automatically if ID matches (git-fixes). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c: fsi: Fix the port number field in status register (git-fixes). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411). - IB/hfi1: Fix module use count flaw due to leftover module put calls (bsc#1174407). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - IB/rdmavt: Free kernel completion queue when done (bsc#1173625). - ice: Fix error return code in ice_add_prof() (jsc#SLE-7926). - ice: Fix inability to set channels when down (jsc#SLE-7926). - ieee80211: Fix incorrect mask for default PE duration (git-fixes). - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' (git-fixes). - iio: adc: stm32-adc: fix device used to request dma (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: stm32-dfsdm: fix device used to request dma (git-fixes). - iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: ti-ads8344: Fix channel selection (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Do not allow buffers without any channels enabled to be activated (git-fixes). - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak (git-fixes). - iio:chemical:sps30: Fix timestamp alignment (git-fixes). - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (git-fixes). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (git-fixes). - iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes). - iio:humidity:hts221 Fix alignment and data leak issues (git-fixes). - iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes). - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (git-fixes). - iio: pressure: bmp280: Tolerate IRQ before registering (git-fixes). - iio:pressure:ms5611 Fix buffer element alignment (git-fixes). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes). - iio: sca3000: Remove an erroneous 'get_device()' (git-fixes). - iio: vcnl4000: Fix i2c swapped word reading (git-fixes). - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() (bsc#1172223). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1172223) - ima: Directly free *entry in ima_alloc_init_template() if digests is NULL (bsc#1172223). - ima: Remove __init annotation from ima_pcrread() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: dlink-dir685-touchkeys - fix a typo in driver name (git-fixes). - Input: edt-ft5x06 - fix get_default register write access (git-fixes). - Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (git-fixes). - Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes). - Input: i8042 - add ThinkPad S230u to i8042 reset list (git-fixes). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: mms114 - add extra compatible for mms345l (git-fixes). - Input: mms114 - fix handling of mms345l (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (git-fixes). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (git-fixes). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (git-fixes). - Input: xpad - add custom init packet for Xbox One S controllers (git-fixes). - intel_th: Fix a NULL dereference when hub driver is not loaded (git-fixes). - intel_th: pci: Add Emmitsburg PCH support (git-fixes). - intel_th: pci: Add Jasper Lake CPU support (git-fixes). - intel_th: pci: Add Tiger Lake PCH-H support (git-fixes). - iocost: check active_list of all the ancestors in iocg_activate() (bsc#1173206). - iocost: over-budget forced IOs should schedule async delay (bsc#1173206). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172061). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172062). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172063). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172393). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172064). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172065). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172066). - iommu/arm-smmu-v3: Do not reserve implementation defined register space (bsc#1174126). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172394). - iommu/qcom: Fix local_base status check (bsc#1172067). - iommu/virtio: Reverse arguments to list_add (bsc#1172068). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127). - iommu/vt-d: Update scalable mode paging structure coherency (bsc#1174128). - ionic: add pcie_print_link_status (bsc#1167773). - ionic: centralize queue reset code (bsc#1167773). - ionic: export features for vlans to use (bsc#1167773). - ionic: no link check while resetting queues (bsc#1167773). - ionic: remove support for mgmt device (bsc#1167773). - ionic: tame the watchdog timer on reconfig (bsc#1167773). - ionic: update the queue count on open (bsc#1167773). - ionic: wait on queue start until after IFF_UP (bsc#1167773). - io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832). - ipmi: use vzalloc instead of kmalloc for user creation (git-fixes). - ipv4: Update fib_select_default to handle nexthop objects (networking-stable-20_04_27). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipvs: Improve robustness to the ipvs sysctl (git-fixes). - irqchip/al-fic: Add support for irq retrigger (jsc#SLE-10505). - irqchip/ti-sci-inta: Fix processing of masked irqs (git-fixes). - irqchip/versatile-fpga: Apply clear-mask earlier (git-fixes). - irqchip/versatile-fpga: Handle chained IRQs properly (git-fixes). - iwlwifi: avoid debug max amsdu config overwriting itself (git-fixes). - iwlwifi: mvm: fix aux station leak (git-fixes). - iwlwifi: mvm: limit maximum queue appropriately (git-fixes). - iwlwifi: pcie: handle QuZ configs with killer NICs as well (bsc#1172374). - ixgbe: do not check firmware errors (bsc#1170284). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: fix data races at struct journal_head (bsc#1173438). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi fix for SUNRPC-dont-update-timeout-value-on-connection-reset.patch (bsc1174263). - kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12424). - kABI: protect struct fib_dump_filter (kabi). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kABI workaround for struct hdac_bus changes (git-fixes). - keys: asymmetric: fix error return code in software_key_query() (git-fixes). - ktest: Add timeout for ssh sync testing (git-fixes). - KVM: Check validity of resolved slot when searching memslots (bsc#1172069). - KVM: nVMX: always update CR3 in VMCS (git-fixes). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libbpf: Fix perf_buffer__free() API for sparse allocs (bsc#1155518). - libceph: do not omit recovery_deletes in target_copy() (git-fixes). - libceph: ignore pool overlay and cache logic on redirects (bsc#1172938). - lib: devres: add a helper function for ioremap_uc (git-fixes). - libertas_tf: avoid a null dereference in pointer priv (git-fixes). - lib/lzo: fix ambiguous encoding bug in lzo-rle (git-fixes). - libnvdimm/btt: fix variable 'rc' set but not used (bsc#1162400). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm: cover up nd_region changes (bsc#1162400). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/namespace: Enforce memremap_compat_align() (bsc#1162400). - libnvdimm/namsepace: Do not set claim_class on error (bsc#1162400). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm: Out of bounds read in __nd_ioctl() (bsc#1065729). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Fix build error (bsc#1162400). - libnvdimm/region: Introduce an 'align' attribute (bsc#1162400). - libnvdimm/region: Introduce NDD_LABELING (bsc#1162400). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (bsc#1174331). - lib: Uplevel the pmem 'region' ida to a global allocator (bc#1162400). - list: Add hlist_unhashed_lockless() (bsc#1173438). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locktorture: Allow CPU-hotplug to be disabled via --bootargs (bsc#1173068). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1171530). - lpfc: fix axchg pointer reference after free and double frees (bsc#1171530). - lpfc: Fix pointer checks and comments in LS receive refactoring (bsc#1171530). - lpfc: Fix return value in __lpfc_nvme_ls_abort (bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: mesh: fix discovery timer re-arming issue / crash (git-fixes). - mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() (git-fixes). - Make the 'Reducing compressed framebufer size' message be DRM_INFO_ONCE() (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: cedrus: Program output format during each run (git-fixes). - media: dvbdev: Fix tuner->demod media controller link (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (git-fixes). - media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776). - media: dvbsky: add support for Mygica T230C v2 (bsc#1173776). - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling (git-fixes). - media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - media: ov5640: fix use of destroyed mutex (git-fixes). - media: platform: fcp: Set appropriate DMA parameters (git-fixes). - media: Revert 'staging: imgu: Address a compiler warning on alignment' (git-fixes). - media: si2157: Better check for running tuner in init (git-fixes). - media: si2168: add support for Mygica T230C v2 (bsc#1173776). - media: staging: imgu: do not hold spinlock during freeing mmu page table (git-fixes). - media: staging/intel-ipu3: Implement lock for stream on/off operations (git-fixes). - media: staging: ipu3: Fix stale list entries on parameter queue failure (git-fixes). - media: staging: ipu3-imgu: Move alignment attribute to field (git-fixes). - media: vicodec: Fix error codes in probe function (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: release me_cl object reference (git-fixes). - mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602). - mfd: intel-lpss: Add Intel Tiger Lake PCI IDs (jsc#SLE-12737). - mfd: intel-lpss: Use devm_ioremap_uc for MMIO (git-fixes). - mfd: stmfx: Fix stmfx_irq_init error path (git-fixes). - mfd: stmfx: Reset chip on resume as supply was disabled (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - misc: fastrpc: fix potential fastrpc_invoke_ctx leak (git-fixes). - misc: rtsx: Add short delay after exit from ASPM (git-fixes). - mlxsw: core: Use different get_trend() callbacks for different thermal zones (networking-stable-20_06_10). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mm: adjust vm_committed_as_batch according to vm overcommit policy (bnc#1173271). - mmc: block: Fix use-after-free issue for rpmb (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE (git-fixes). - mmc: fix compilation of user API (git-fixes). - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed (git-fixes). - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error (git-fixes). - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (git-fixes). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (git-fixes). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (git-fixes). - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() (git-fixes). - mmc: tmio: Further fixup runtime PM management at remove (git-fixes). - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() (git-fixes). - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core (git-fixes). - mm: do not prepare anon_vma if vma has VM_WIPEONFORK (bsc#1169681). - mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844). - mm: memcontrol: fix memory.low proportional distribution (bsc#1168230). - mm/memory_hotplug: refrain from adding memory into an impossible node (bsc#1173552). - mm/memremap: drop unused SECTION_SIZE and SECTION_MASK (bsc#1162400 bsc#1170895 ltc#184375 ltc#185686). - mm/memremap_pages: Introduce memremap_compat_align() (bsc#1162400). - mm/memremap_pages: Kill unused __devm_memremap_pages() (bsc#1162400). - mm/mmap.c: close race between munmap() and expand_upwards()/downwards() (bsc#1174527). - mm/util.c: make vm_memory_committed() more accurate (bnc#1173271). - move unsortable patch out of sorted section patches.suse/revert-zram-convert-remaining-class_attr-to-class_attr_ro - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter (git-fixes). - mtd: Fix mtd not registered due to nvmem name collision (git-fixes). - mtd: rawnand: brcmnand: correctly verify erased pages (git-fixes). - mtd: rawnand: brcmnand: fix CS0 layout (git-fixes). - mtd: rawnand: brcmnand: fix hamming oob layout (git-fixes). - mtd: rawnand: diskonchip: Fix the probe error path (git-fixes). - mtd: rawnand: Fix nand_gpio_waitrdy() (git-fixes). - mtd: rawnand: ingenic: Fix the probe error path (git-fixes). - mtd: rawnand: marvell: Fix probe error path (git-fixes). - mtd: rawnand: marvell: Fix the condition on a return code (git-fixes). - mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered (git-fixes). - mtd: rawnand: mtk: Fix the probe error path (git-fixes). - mtd: rawnand: onfi: Fix redundancy detection check (git-fixes). - mtd: rawnand: orion: Fix the probe error path (git-fixes). - mtd: rawnand: oxnas: Keep track of registered devices (git-fixes). - mtd: rawnand: oxnas: Release all devices in the _remove() path (git-fixes). - mtd: rawnand: pasemi: Fix the probe error path (git-fixes). - mtd: rawnand: plat_nand: Fix the probe error path (git-fixes). - mtd: rawnand: sharpsl: Fix the probe error path (git-fixes). - mtd: rawnand: socrates: Fix the probe error path (git-fixes). - mtd: rawnand: sunxi: Fix the probe error path (git-fixes). - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings (git-fixes). - mtd: rawnand: tmio: Fix the probe error path (git-fixes). - mtd: rawnand: xway: Fix the probe error path (git-fixes). - mtd: spinand: Propagate ECC information to the MTD structure (git-fixes). - mtd: spi-nor: intel-spi: Add support for Intel Tiger Lake SPI serial flash (jsc#SLE-12737). - mvpp2: remove module bugfix (bsc#1154353). - mwifiex: avoid -Wstringop-overflow warning (git-fixes). - mwifiex: Fix memory corruption in dump_station (git-fixes). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824). - nbd: Fix memory leak in nbd_add_socket (git-fixes). - neigh: send protocol value in neighbor create notification (networking-stable-20_05_12). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702). - net: do not return invalid table id error when we fall back to PF_UNSPEC (networking-stable-20_05_27). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: declare lockless TX feature for slave ports (bsc#1154353). - net: dsa: Do not leave DSA master with NULL netdev_ops (networking-stable-20_05_12). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode (networking-stable-20_04_17). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1154492). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1154492). - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend (networking-stable-20_05_27). - net_failover: fixed rollback in net_failover_open() (networking-stable-20_06_10). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c (bsc#1171857). - netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c (bsc#1171857). - netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions (git-fixes). - netfilter: nft_tproxy: Fix port selector on Big Endian (git-fixes). - netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy (git-fixes). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: fsl/fman: treat all RGMII modes in memac_adjust_link() (bsc#1174398). - net: hns3: check reset pending after FLR prepare (bsc#1154353). - __netif_receive_skb_core: pass skb by reference (networking-stable-20_05_27). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() (bsc#1154353). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: macb: call pm_runtime_put_sync on failure path (git-fixes). - net: macb: fix an issue about leak related system resources (networking-stable-20_05_12). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Disable reload while removing the device (jsc#SLE-8464). - net/mlx5: drain health workqueue in case of driver load error (networking-stable-20_06_16). - net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464). - net/mlx5e: Add missing release firmware call (networking-stable-20_04_17). - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash (jsc#SLE-8464). - net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27). - net/mlx5e: Fix pfnum in devlink port attribute (networking-stable-20_04_17). - net/mlx5e: Fix repeated XSK usage on one channel (networking-stable-20_06_16). - net/mlx5e: Fix stats update for matchall classifier (jsc#SLE-8464). - net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#SLE-8464). - net/mlx5e: kTLS, Destroy key object after destroying the TIS (networking-stable-20_05_27). - net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta() (jsc#SLE-8464). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix cleaning unmanaged flow tables (jsc#SLE-8464). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (bsc#1172365). - net/mlx5: Fix error flow in case of function_setup failure (networking-stable-20_05_27). - net/mlx5: Fix fatal error handling during device load (networking-stable-20_06_16). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net/mlx5: Fix frequent ioread PCI access during recovery (networking-stable-20_04_17). - net/mlx5: Fix memory leak in mlx5_events_init (networking-stable-20_05_27). - net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del() (networking-stable-20_05_12). - net: mvpp2: fix RX hashing for non-10G ports (networking-stable-20_05_27). - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx() (networking-stable-20_05_12). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27). - net: openvswitch: ovs_ct_exit to be done under ovs_lock (networking-stable-20_04_27). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: propagate an error back to the callers of phy_sfp_probe (bsc#1154353). - net: phy: realtek: add support for configuring the RX delay on RTL8211F (bsc#1174398). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: qrtr: send msgs from local of same id as broadcast (networking-stable-20_04_17). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert 'net: get rid of an signed integer overflow in ip_idents_reserve()' (bnc#1158748 (network regression)). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (networking-stable-20_05_12). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069). - net: stmmac: do not attach interface until resume finishes (bsc#1174072). - net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072). - net: stmmac: dwc-qos: use generic device api (bsc#1174072). - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a (networking-stable-20_06_07). - net: stmmac: fix num_por initialization (networking-stable-20_05_16). - net: stmmac: platform: fix probe for ACPI devices (bsc#1174072). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net: tc35815: Fix phydev supported/advertising mask (networking-stable-20_05_12). - net: tcp: fix rx timestamp behavior for tcp_recvmsg (networking-stable-20_05_16). - net/tls: fix encryption error checking (git-fixes). - net/tls: fix race condition causing kernel panic (networking-stable-20_05_27). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net/tls: free record only on encryption error (git-fixes). - net: tun: record RX queue in skb before do_xdp_generic() (networking-stable-20_04_17). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nexthop: Fix attribute checking for groups (networking-stable-20_05_27). - NFC: st21nfca: add missed kfree_skb() in an error path (git-fixes). - nfp: abm: fix a memory leak bug (networking-stable-20_05_12). - nfp: abm: fix error return code in nfp_abm_vnic_alloc() (networking-stable-20_05_16). - nfp: flower: fix used time of merge flow statistics (networking-stable-20_06_07). - nfs: add minor version to nfs_server_key for fscache (bsc#1172467). - nfsd4: fix nfsdfs reference count loop (git-fixes). - nfsd4: make drc_slab global, not per-net (git-fixes). - nfsd: always check return value of find_any_file (bsc#1172208). - nfsd: apply umask on fs without ACL support (git-fixes). - nfsd: fix nfsdfs inode reference count leak (git-fixes). - NFS: Fix fscache super_cookie index_key from changing after umount (git-fixes). - NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bsc#1174264). - nfs: fix NULL deference in nfs4_get_valid_delegation. - nfs: fscache: use timespec64 in inode auxdata (git-fixes). - nfs: set invalid blocks after NFSv4 writes (git-fixes). - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION (git-fixes). - NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes). - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included (git-fixes). - ntb: intel: add hw workaround for NTB BAR alignment (jsc#SLE-12710). - ntb: intel: Add Icelake (gen4) support for Intel NTB (jsc#SLE-12710). - ntb: intel: fix static declaration (jsc#SLE-12710). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme-fc: avoid gcc-10 zero-length-bounds warning (bsc#1173206). - nvme-fc: do not call nvme_cleanup_cmd() for AENs (bsc#1171688). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Allow no-op CFI ops in alternatives (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix !CFI insn_state propagation (bsc#1169514). - objtool: Fix ORC vs alternatives (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Remove check preventing branches within alternative (bsc#1169514). - objtool: Rename struct cfi_state (bsc#1169514). - objtool: Uniquely identify alternative instruction groups (bsc#1169514). - ovl: inode reference leak in ovl_is_inuse true case (git-fixes). - p54usb: add AirVasT USB stick device-id (git-fixes). - padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes). - padata: kABI fixup for struct padata_instance splitting nodes (git-fixes). - panic: do not print uninitialized taint_flags (bsc#1172814). - PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). - PCI: Add Loongson vendor ID (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (git-fixes). - PCI: amlogic: meson: Do not use FAST_LINK_MODE to set up link (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes). - PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513). - pcie: mobiveil: remove patchset v9 Prepare to backport upstream version. - PCI: Fix pci_register_host_bridge() device_register() error handling (git-fixes). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172871). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871). - PCI: hv: Introduce hv_msi_entry (bsc#1172871). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (bsc#1161495). - PCI: mobiveil: Add callback function for interrupt initialization (bsc#1161495). - PCI: mobiveil: Add callback function for link up check (bsc#1161495). - PCI: mobiveil: Add Header Type field check (bsc#1161495). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (bsc#1161495). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (bsc#1161495). - PCI: mobiveil: Collect the interrupt related operations into a function (bsc#1161495). - PCI: mobiveil: Fix sparse different address space warnings (bsc#1161495). - PCI: mobiveil: Fix unmet dependency warning for PCIE_MOBIVEIL_PLAT (bsc#1161495). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (bsc#1161495). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (bsc#1161495). - PCI: mobiveil: Move the host initialization into a function (bsc#1161495). - PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes). - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (git-fixes). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths (git-fixes). - PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes). - PCI: vmd: Filter resource type bits from shadow register (git-fixes). - pcm_native: result of put_user() needs to be checked (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1174332). - perf/core: Fix endless multiplex timer (git-fixes). - perf/core: fix parent pid/tid in task exit events (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (git-fixes). - pinctrl: intel: Add Intel Tiger Lake pin controller support (jsc#SLE-12737). - pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2 (git-fixes). - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes). - pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries (git-fixes). - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 (git-fixes). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (git-fixes). - pinctrl: sprd: Fix the incorrect pull-up definition (git-fixes). - pinctrl: stmfx: stmfx_pinconf_set does not require to get direction anymore (git-fixes). - pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes). - pinctrl: tigerlake: Tiger Lake uses _HID enumeration (jsc#SLE-12737). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (git-fixes). - platform/x86: asus_wmi: Reserve more space for struct bias_args (git-fixes). - platform/x86: dell-laptop: do not register micmute LED if there is no token (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (git-fixes). - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) (git-fixes). - platform/x86: intel-vbtn: Also handle tablet-mode switch on 'Detachable' and 'Portable' chassis-types (git-fixes). - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there (git-fixes). - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / 'Laptop' chasis-type (git-fixes). - platform/x86: intel-vbtn: Split keymap into buttons and switches parts (git-fixes). - platform/x86: intel-vbtn: Use acpi_evaluate_integer() (git-fixes). - platform/x86: ISST: Increase timeout (bsc#1174185). - PM: runtime: clk: Fix clk_pm_runtime_get() error path (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git-fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s/exception: Fix machine check no-loss idle wakeup (bsc#1156395). - powerpc/64s/kuap: Restore AMR in system reset exception (bsc#1156395). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again (bsc#1172344). - powerpc/fadump: Account for memory_limit while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: consider reserved ranges while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/fadump: use static allocation for reserved memory ranges (jsc#SLE-9099 git-fixes). - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes). - powerpc/kuap: PPC_KUAP_DEBUG should depend on PPC_KUAP (bsc#1156395). - powerpc/powernv: Fix a warning message (bsc#1156395). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: reset: qcom-pon: reg write mask depends on pon generation (git-fixes). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (git-fixes). - power: supply: core: fix HWMON temperature labels (git-fixes). - power: supply: core: fix memory leak in HWMON error path (git-fixes). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (git-fixes). - power: supply: smb347-charger: IRQSTAT_D is volatile (git-fixes). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready (bsc#1172095). - proc/meminfo: avoid open coded reading of vm_committed_as (bnc#1173271). - proc: Use new_inode not new_inode_pseudo (bsc#1173830). - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case (git-fixes). - pwm: sun4i: Move pwm_calculate() out of spin_lock() (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (git-fixes). - r8169: Revive default chip version for r8168 (bsc#1173085). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - random: fix data races at timer_rand_state (bsc#1173438). - rcu: Avoid data-race in rcu_gp_fqs_check_wake() (bsc#1171828). - rcu: Fix data-race due to atomic_t copy-by-value (bsc#1171828). - rcu: Make rcu_read_unlock_special() checks match raise_softirq_irqoff() (bsc#1172046). - rcu: Simplify rcu_read_unlock_special() deferred wakeups (bsc#1172046). - rcutorture: Add 100-CPU configuration (bsc#1173068). - rcutorture: Add worst-case call_rcu() forward-progress results (bsc#1173068). - rcutorture: Dispense with Dracut for initrd creation (bsc#1173068). - rcutorture: Make kvm-find-errors.sh abort on bad directory (bsc#1173068). - rcutorture: Remove CONFIG_HOTPLUG_CPU=n from scenarios (bsc#1173068). - rcutorture: Summarize summary of build and run results (bsc#1173068). - rcutorture: Test TREE03 with the threadirqs kernel boot parameter (bsc#1173068). - rcu: Use *_ONCE() to protect lockless ->expmask accesses (bsc#1171828). - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls (bsc#1173438). - RDMA/bnxt_re: Remove dead code from rcfw (bsc#1170774). - RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449). - RDMA/core: Move and rename trace_cm_id_create() (jsc#SLE-8449). - RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (jsc#SLE-8446). - RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET (bsc#1172841). - RDMA/srpt: Fix disabling device management (jsc#SLE-8449). - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (jsc#SLE-8449). - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes). - regmap: fix alignment issue (git-fixes). - regmap: Fix memory leak from regmap_register_patch (git-fixes). - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes). - remoteproc: Add missing '\n' in log messages (git-fixes). - remoteproc: Fall back to using parent memory pool if no dedicated available (git-fixes). - remoteproc: Fix and restore the parenting hierarchy for vdev (git-fixes). - remoteproc: Fix IDR initialisation in rproc_alloc() (git-fixes). - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use (git-fixes). - Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (git-fixes). - Revert 'drm/amd/display: disable dcn20 abm feature for bring up' (git-fixes). - Revert 'i2c: tegra: Fix suspending in active runtime PM state' (git-fixes). - Revert 'pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'' (git-fixes). - Revert 'thermal: mediatek: fix register index error' (git-fixes). - ring-buffer: Zero out time extend if it is nested and not absolute (git-fixes). - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/modules.fips: add aes-ce-ccm, des3_ede-x86_64, aes_ti and aes_neon_bs - rtc: mc13xxx: fix a double-unlock issue (git-fixes). - rtc: rv3028: Add missed check for devm_regmap_init_i2c() (git-fixes). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (git-fixes). - rtw88: fix an issue about leak system resources (git-fixes). - rxrpc: Fix call RCU cleanup using non-bh-safe locks (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194, LTC#185911). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes). - s390/pci: Fix s390_mmio_read/write with MIO (git-fixes). - s390/pci: Log new handle in clp_disable_fh() (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sched/cfs: change initial value of runnable_avg (bsc#1158765). - sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1172823). - sched/core: Fix PI boosting between RT and DEADLINE tasks (git fixes (sched)). - sched/core: Fix ttwu() race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: s/WF_ON_RQ/WQ_ON_CPU/ (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cpuacct: Fix charge cpuacct.usage_sys (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/deadline: Initialize ->dl_boosted (bsc#1172823). - sched/deadline: Initialize ->dl_boosted (git fixes (sched)). - sched: etf: do not assume all sockets are full blown (networking-stable-20_04_27). - sched/fair: find_idlest_group(): Remove unused sd_flag parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Fix enqueue_task_fair() warning some more (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix nohz next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize dequeue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize enqueue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Simplify the code of should_we_balance() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix race against ptrace_freeze_trace() (bsc#1174345). - sched: Make newidle_balance() static again (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Offload wakee task activation if it the wakee is descheduling (bnc#1158748, bnc#1159781). - sched: Optimize ttwu() spinning on p->on_cpu (bnc#1158748, bnc#1159781). - sched/pelt: Sync util/runnable_sum with PELT window when propagating (bnc#1155798 (CPU scheduler functional and performance backports)). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: libfc: free response frame from GPN_ID (bsc#1173849). - scsi: libfc: Handling of extra kref (bsc#1173849). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1173849). - scsi: libfc: Skip additional kref updating work event (bsc#1173849). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1171530). - scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1171530). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1171530). - scsi: lpfc: remove duplicate unloading checks (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530). - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (bsc#1173206). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: sd_zbc: Fix sd_zbc_complete() (bsc#1173206). - scsi: smartpqi: Update attribute name to `driver_version` (bsc#1173206). - scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes). - scsi: zfcp: add diagnostics buffer for exchange config data (bsc#1158050). - scsi: zfcp: auto variables for dereferenced structs in open port handler (bsc#1158050). - scsi: zfcp: diagnostics buffer caching and use for exchange port data (bsc#1158050). - scsi: zfcp: enhance handling of FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: expose fabric name as common fc_host sysfs attribute (bsc#1158050). - scsi: zfcp: Fence adapter status propagation for common statuses (bsc#1158050). - scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (bsc#1158050). - scsi: zfcp: Fence fc_host updates during link-down handling (bsc#1158050). - scsi: zfcp: fix fc_host attributes that should be unknown on local link down (bsc#1158050). - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (git-fixes). - scsi: zfcp: fix wrong data and display format of SFP+ temperature (bsc#1158050). - scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: introduce sysfs interface for diagnostics of local SFP transceiver (bsc#1158050). - scsi: zfcp: introduce sysfs interface to read the local B2B-Credit (bsc#1158050). - scsi: zfcp: log FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: log FC Endpoint Security of connections (bsc#1158050). - scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (bsc#1158050). - scsi: zfcp: Move fc_host updates during xport data handling into fenced function (bsc#1158050). - scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter variable (bsc#1158050). - scsi: zfcp: Move p-t-p port allocation to after xport data (bsc#1158050). - scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (bsc#1158050). - scsi: zfcp: Move shost updates during xconfig data handling into fenced function (bsc#1158050). - scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act (bsc#1158050). - scsi: zfcp: report FC Endpoint Security in sysfs (bsc#1158050). - scsi: zfcp: signal incomplete or error for sync exchange config/port data (bsc#1158050). - scsi: zfcp: support retrieval of SFP Data via Exchange Port Data (bsc#1158050). - scsi: zfcp: trace FC Endpoint Security of FCP devices and connections (bsc#1158050). - scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (bsc#1158050). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o (bsc#1155518). - selftests/bpf: CONFIG_LIRC required for test_lirc_mode2.sh (bsc#1155518). - selftests/bpf: Fix invalid memory reads in core_relo selftest (bsc#1155518). - selftests/bpf: Fix memory leak in extract_build_id() (bsc#1155518). - selftests/bpf, flow_dissector: Close TAP device FD after the test (bsc#1155518). - selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518). - selftests/net: in rxtimestamp getopt_long needs terminating null entry (networking-stable-20_06_16). - selftests/timens: handle a case when alarm clocks are not supported (bsc#1164648,jsc#SLE-11493). - selinux: fall back to ref-walk if audit is required (bsc#1174333). - selinux: revert 'stop passing MAY_NOT_BLOCK to the AVC upon follow_link' (bsc#1174333). - serial: 8250: Fix max baud limit in generic 8250 port (git-fixes). - serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941). - signal: Avoid corrupting si_pid and si_uid in do_notify_parent (bsc#1171529). - slimbus: core: Fix mismatch in of_node_get/put (git-fixes). - slimbus: ngd: get drvdata from correct device (git-fixes). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - socionext: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - soc: mediatek: cmdq: return send msg error code (git-fixes). - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner (git-fixes). - soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data (git-fixes). - soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request (git-fixes). - soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS (git-fixes). - soc: qcom: rpmh: Update dirty flag only when data changes (git-fixes). - soc/tegra: pmc: Select GENERIC_PINCONF (git-fixes). - soundwire: intel: fix memory leak with devm_kasprintf (git-fixes). - spi: bcm2835aux: Fix controller unregister order (git-fixes). - spi: bcm2835: Fix controller unregister order (git-fixes). - spi: bcm-qspi: Handle clock probe deferral (git-fixes). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (git-fixes). - SPI: designware: pci: Switch over to MSI interrupts (jsc#SLE-12735). - spi: dt-bindings: spi-controller: Fix #address-cells for slave mode (git-fixes). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix controller unregister order (git-fixes). - spi: dw: Fix native CS being unset (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw-pci: Add MODULE_DEVICE_TABLE (jsc#SLE-12735). - spi: dw-pci: Add runtime power management support (jsc#SLE-12735). - spi: dw-pci: Add support for Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw-pci: Fix Chip Select amount on Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: dw: use 'smp_mb()' to avoid sending spi data error (git-fixes). - spi: dw: Zero DMA Tx and Rx configurations on stack (git-fixes). - spi: Fix controller unregister order (git-fixes). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes). - spi: pxa2xx: Fix controller unregister order (git-fixes). - spi: pxa2xx: Fix runtime PM ref imbalance on probe error (git-fixes). - spi: Respect DataBitLength field of SpiSerialBusV2() ACPI resource (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: spidev: fix a race between spidev_release and spidev_remove (git-fixes). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (git-fixes). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (git-fixes). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (git-fixes). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (git-fixes). - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH (git-fixes). - staging: comedi: verify array index is correct before using it (git-fixes). - staging: iio: ad2s1210: Fix SPI reading (git-fixes). - staging: kpc2000: fix error return code in kp2000_pcie_probe() (git-fixes). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging: sm750fb: add missing case while setting FB_VISUAL (git-fixes). - sun6i: dsi: fix gcc-4.8 (bsc#1152489) - SUNRPC dont update timeout value on connection reset (bsc#1174263). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - SUNRPC: Signalled ASYNC tasks need to exit (git-fixes). - supported.conf: Add pinctrl-tigerlake as supported - supported.conf: Mark two hwtracing helper modules as externally supported (bsc#1170879) - svcrdma: Fix leak of svc_rdma_recv_ctxt objects (git-fixes). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: fix error recovery in tcp_zerocopy_receive() (networking-stable-20_05_16). - tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16). - tcp: md5: allow changing MD5 keys in all socket states (git-fixes). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - thermal/drivers: imx: Fix missing of_node_put() at probe time (git-fixes). - thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes). - thermal/drivers/rcar_gen3: Fix undefined temperature if negative (git-fixes). - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes). - thermal: int3403_thermal: Downgrade error message (git-fixes). - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (jsc#SLE-12668). - tick/sched: Annotate lockless access to last_jiffies_update (bsc#1173438). - timer: Use hlist_unhashed_lockless() in timer_pending() (bsc#1173438). - tipc: block BH before using dst_cache (networking-stable-20_05_27). - tipc: fix partial topology connection closure (networking-stable-20_05_12). - torture: Allow 'CFLIST' to specify default list of scenarios (bsc#1173068). - torture: Expand last_ts variable in kvm-test-1-run.sh (bsc#1173068). - torture: Handle jitter for CPUs that cannot be offlined (bsc#1173068). - torture: Handle systems lacking the mpstat command (bsc#1173068). - torture: Hoist calls to lscpu to higher-level kvm.sh script (bsc#1173068). - torture: Make results-directory date format completion-friendly (bsc#1173068). - torture: Use gawk instead of awk for systime() function (bsc#1173068). - tpm: Fix TIS locality timeout problems (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (git-fixes). - tpm_tis: Remove the HID IFX0102 (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (git-fixes). - tty: n_gsm: Fix SOF skipping (git-fixes). - tty: n_gsm: Fix waking up upper tty layer when room available (git-fixes). - tty: serial: add missing spin_lock_init for SiFive serial console (git-fixes). - tun: correct header offsets in napi frags mode (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827). - ubifs: remove broken lazytime support (bsc#1173826). - udp: Copy has_conns in reuseport_grow() (git-fixes). - udp: Improve load balancing for SO_REUSEPORT (git-fixes). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes). - usb: chipidea: core: add wakeup support for extcon (git-fixes). - USB: core: Fix misleading driver bug report (git-fixes). - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B (git-fixes). - usb: dwc2: Fix shutdown callback in platform (git-fixes). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: dwc3: pci: Enable extcon driver for Intel Merrifield (git-fixes). - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work (git-fixes). - usb/ehci-platform: Set PM runtime as active on resume (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: fix illegal array access in binding with UDC (git-fixes). - usb: gadget: Fix issue with config_ep_by_speed function (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (git-fixes). - usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes). - usb: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - usb: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - usb: gadget: legacy: fix redundant initialization warnings (git-fixes). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (git-fixes). - usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (git-fixes). - usb: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (git-fixes). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (git-fixes). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (git-fixes). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (git-fixes). - usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes). - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - usb: host: xhci-plat: keep runtime active when removing host (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usb: musb: Fix runtime PM imbalance on error (git-fixes). - usb: musb: start session in resume for host port (git-fixes). - usbnet: smsc95xx: Fix use-after-free after removal (git-fixes). - usb/ohci-platform: Fix a warning when hibernating (git-fixes). - USB: ohci-sm501: Add missed iounmap() in remove (git-fixes). - USB: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe() (git-fixes). - usb: renesas_usbhs: getting residue from callback_result (git-fixes). - USB: serial: ch341: add basis for quirk detection (git-fixes). - USB: serial: ch341: add new Product ID for CH340 (git-fixes). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes). - USB: serial: iuu_phoenix: fix memory corruption (git-fixes). - USB: serial: option: add GosunCn GM500 series (git-fixes). - USB: serial: option: add Quectel EG95 LTE modem (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs (git-fixes). - usb: usbfs: correct kernel->user page attribute mismatch (git-fixes). - USB: usbfs: fix mmap dma mismatch (git-fixes). - usb/xhci-plat: Set PM runtime as active on resume (git-fixes). - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages (git-fixes). - vfio: Ignore -ENODEV when getting MSI cookie (git-fixes). - vfio/mdev: Fix reference count leak in add_mdev_supported_type (git-fixes). - vfio/pci: fix memory leaks in alloc_perm_bits() (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129). - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (git-fixes). - video: fbdev: w100fb: Fix a potential double free (git-fixes). - video: vt8500lcdfb: fix fallthrough warning (bsc#1152489) - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - virt: vbox: Fix guest capabilities mask check (git-fixes). - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vrf: Fix IPv6 with qdisc and xfrm (networking-stable-20_04_27). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vsprintf: do not obfuscate NULL and error pointers (bsc#1172086). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - vxlan: use the correct nlattr array in NL_SET_ERR_MSG_ATTR (networking-stable-20_04_27). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: imx_sc_wdt: Fix reboot on crash (git-fixes). - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (git-fixes). - wil6210: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - wil6210: add wil_netif_rx() helper function (bsc#1154353). - wil6210: use after free in wil_netif_rx_any() (bsc#1154353). - wireguard: device: avoid circular netns references (git-fixes). - wireguard: noise: do not assign initiation time in if condition (git-fixes). - wireguard: noise: read preshared key while taking lock (bsc#1169021 jsc#SLE-12250). - wireguard: noise: separate receive counter from send counter (bsc#1169021 jsc#SLE-12250). - wireguard: queueing: preserve flow hash across packet scrubbing (bsc#1169021 jsc#SLE-12250). - wireguard: receive: account for napi_gro_receive never returning GRO_DROP (git-fixes). - wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning (git-fixes). - wireguard: selftests: use newer iproute2 for gcc-10 (bsc#1169021 jsc#SLE-12250). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (git-fixes). - workqueue: Remove the warning in wq_worker_sleeping() (git-fixes). - x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1152489). - x86: Fix early boot crash on gcc-10, third try (bsc#1152489). - x86/mm/cpa: Flush direct map alias during cpa (bsc#1152489). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (git-fixes). - x86/resctrl: Fix invalid attempt at removing the default resource group (bsc#1152489). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1152489). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes (block drivers)). - xfs: clean up the error handling in xfs_swap_extents (git-fixes). - xfs: do not commit sunit/swidth updates to disk if that would cause repair failures (bsc#1172169). - xfs: do not fail unwritten extent conversion on writeback due to edquot (bsc#1158242). - xfs: fix duplicate verification from xfs_qm_dqflush() (git-fixes). - xfs: force writes to delalloc regions to unwritten (bsc#1158242). - xfs: measure all contiguous previous extents for prealloc size (bsc#1158242). - xfs: preserve default grace interval during quotacheck (bsc#1172170). - xfs: refactor agfl length computation function (bsc#1172169). - xfs: split the sunit parameter update into two parts (bsc#1172169). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xhci: Poll for U0 after disabling USB2 LPM (git-fixes). - xhci: Return if xHCI does not support LPM (git-fixes). - xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes). - workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2160-1 Released: Thu Aug 6 20:05:42 2020 Summary: Security update for xen Type: security Severity: important References: 1172356,1174543 This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2182-1 Released: Mon Aug 10 11:39:48 2020 Summary: Recommended update for open-lldp Type: recommended Severity: moderate References: 1153520,1170745,1171284 This update for open-lldp fixes the following issues: - Fix for a segementation fault, when agents change their MAC address (bsc#1171284) - lldapd will now transmit the permanent MAC address (the MAC address of the underlying physical device) as port id, thus allowing the switch or any management application to differentiate between those ports. (bsc#1153520) - Fix for a segmentation fault, when lldapd registers an interface and it gets shortly removed afterwards. (bsc#1170745) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2219-1 Released: Wed Aug 12 15:47:42 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud and python3-azuremetadata Type: recommended Severity: moderate References: 1170475,1170476,1173238,1173240,1173357,1174618,1174847 This update for supportutils-plugin-suse-public-cloud and python3-azuremetadata fixes the following issues: supportutils-plugin-suse-public-cloud: - Fixes an error when supportutils-plugin-suse-public-cloud and supportutils-plugin-salt are installed at the same time (bsc#1174618) - Sensitive information like credentials (such as access keys) will be removed when the metadata is being collected (bsc#1170475, bsc#1170476) python3-azuremetadata: - Added latest support for `--listapis` and `--api` (bsc#1173238, bsc#1173240) - Detects when the VM is running in ASM (Azure Classic) and does now handle the condition to generate the data without requiring access to the full IMDS available, only in ARM instances (bsc#1173357, bsc#1174847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2224-1 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1171878,1172085 This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2244-1 Released: Fri Aug 14 15:27:35 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174782,1175036,1175060 This update for grub2 fixes the following issues: - A potential regression has been fixed that would cause systems with an updated 'grub2' to boot no longer due to a missing 'grub-calloc' linker symbol. (bsc#1174782) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2256-1 Released: Mon Aug 17 15:08:46 2020 Summary: Recommended update for sysfsutils Type: recommended Severity: moderate References: 1155305 This update for sysfsutils fixes the following issue: - Fix cdev name comparison. (bsc#1155305) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2277-1 Released: Wed Aug 19 13:24:03 2020 Summary: Security update for python3 Type: security Severity: moderate References: 1174091,CVE-2019-20907 This update for python3 fixes the following issues: - bsc#1174091, CVE-2019-20907: avoiding possible infinite loop in specifically crafted tarball. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2278-1 Released: Wed Aug 19 21:26:08 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1149911,1151708,1168235,1168389 This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2296-1 Released: Mon Aug 24 10:34:37 2020 Summary: Security update for gettext-runtime Type: security Severity: moderate References: 1106843,1113719,941629,CVE-2018-18751 This update for gettext-runtime fixes the following issues: - Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629) - Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719) - Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2306-1 Released: Tue Aug 25 14:48:17 2020 Summary: Security update for grub2 Type: security Severity: important References: 1172745,1174421,CVE-2020-15705 This update for grub2 fixes the following issue: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2335-1 Released: Wed Aug 26 11:47:28 2020 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1174320 This update for perl-Bootloader fixes the following issues: Update from version 0.928 to version 0.931 - The *grub2* module directory has been moved to */usr/share/grub2*, the *tpm.mod* is now checked there. (bsc#1174320) - Reduce the number of warning about fstab. - Do not warn about missing *SECURE_BOOT* sysconfig on systems with a minimalistic */etc/sysconfig/bootloader*. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2380-1 Released: Fri Aug 28 14:54:08 2020 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1175250,1175251 This update for supportutils-plugin-suse-public-cloud contains the following fix: - Update to version 1.0.5: (bsc#1175250, bsc#1175251) + Query for new GCE initialization code packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2386-1 Released: Sat Aug 29 01:21:01 2020 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1172810 This update for samba fixes the following issues: - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2396-1 Released: Mon Aug 31 17:27:13 2020 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: This update for open-iscsi fixes the following issues: Upgrade to upstream version 2.1.2 as 2.1.2-suse (jsc#SES-1081) - Use openssl for random data generation - Misspelled socket name might cause confusion to inexperienced user. - Let initiator name be created by iscsi-init.service. - iscsi: fix fd leak - Fix a compiler issue about string copy in iscsiuio - Fix a compiler issue about writing one byte - Fix issue with zero-length arrays at end of struct - Add *iscsi-init.service* Note that the '*iscsi-init.service*' adds a new systemd service called '*iscsi-init*', that creates the iSCSI initiator name file */etc/iscsi/initiatorname.iscsi*, if and only if it does not exist. - Proper disconnect of TCP connection - Fix SIGPIPE loop in signal handler - Update iscsi-iname.c - log:modify iSCSI shared memory permissions for logs - Sequence systemd services correctly when upgrading - Ignore iface.example in iface match checks - Fix type mismatch under musl. - Add Wants=remote-fs-pre.target for sequencing. - Fix issue where 'iscsi-iname -p' core dumps. - iscsi-iname: fix iscsi-iname -p access NULL pointer without given IQN prefix - Fix iscsi.service so it handles restarts better ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2425-1 Released: Tue Sep 1 13:54:05 2020 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1174260 This update for nfs-utils fixes the following issues: - Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2441-1 Released: Tue Sep 1 22:16:10 2020 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1154063 This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2451-1 Released: Wed Sep 2 12:30:38 2020 Summary: Recommended update for dracut Type: recommended Severity: important References: 1167494,996146 This update for dracut fixes the following issues: Update from version 049.1+suse.152.g8506e86f to version 049.1+suse.156.g7d852636: - net-lib.sh: support infiniband network mac addresses (bsc#996146) - 95nfs: use ip_params_for_remote_addr() (bsc#1167494) - 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) - dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2457-1 Released: Wed Sep 2 15:29:51 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1174567,1175766 This update for grub2 fixes the following issues: - The GRUB_VERIFY_FLAGS_DEFER_AUTH is enabled regardless secure boot status (bsc#1175766) A secure boot status check has been added before requesting other verifiers to verify external module, therefore external module loading can work after shim_lock module is loaded and secure boot turned off. - Make consistent check to enable relative path on btrfs (bsc#1174567) This fix unified the test in grub-install and grub-mkconfig. The path to default or selected btrfs subvolume/snapshot is used if the root file system is btrfs and the config has enabled btrfs snapshot booting. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2458-1 Released: Wed Sep 2 15:44:30 2020 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 927831 This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2486-1 Released: Thu Sep 3 20:15:36 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065600,1065729,1071995,1085030,1120163,1133021,1149032,1152472,1152489,1153274,1154353,1154488,1154492,1155518,1156395,1159058,1160634,1167773,1169790,1171634,1171688,1172108,1172197,1172247,1172418,1172871,1172963,1173468,1173485,1173798,1173813,1173954,1174002,1174003,1174026,1174205,1174247,1174362,1174387,1174484,1174625,1174645,1174689,1174699,1174737,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175493,1175546,1175550,1175654,1175691,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175834,1175873,CVE-2020-14314,CVE-2020-1 4331,CVE-2020-14356,CVE-2020-16166 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in ext4 (bsc#1173798). - CVE-2020-14331: Fixed a missing check in scrollback handling (bsc#1174205 bsc#1174247). - CVE-2020-14356: Fixed a NULL pointer dereference in the cgroupv2 subsystem (bsc#1175213). - CVE-2020-16166: Fixed an information leak in the network RNG (bsc#1174757). The following non-security bugs were fixed: - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: atmel: Remove invalid 'fall through' comments (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (git-fixes). - ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes). - ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes). - ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes). - ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes). - ALSA: echoaudio: Race conditions around 'opencount' (git-fixes). - ALSA: echoaudio: re-enable IRQs on failure path (git-fixes). - ALSA: echoaudio: Remove redundant check (git-fixes). - ALSA: firewire: fix kernel-doc (git-fixes). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes). - ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes). - ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes). - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes). - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes). - ALSA: hda/realtek - Fix unused variable warning (git-fixes). - ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes). - ALSA: hda/realtek: Fix add a 'ultra_low_power' function for intel reference board (alc256) (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes). - ALSA: hda/tegra: Disable sync-write operation (git-fixes). - ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes). - ALSA: hda: avoid reset of sdo_limit (git-fixes). - ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: isa/gus: remove 'set but not used' warning (git-fixes). - ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes). - ALSA: isa: fix spelling mistakes in the comments (git-fixes). - ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes). - ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes). - ALSA: pci/asihpi: fix kernel-doc (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes). - ALSA: pci/au88x0: remove 'defined but not used' warnings (git-fixes). - ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes). - ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes). - ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes). - ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes). - ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes). - ALSA: pci/es1938: remove 'set but not used' warning (git-fixes). - ALSA: pci/fm801: fix kernel-doc (git-fixes). - ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes). - ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes). - ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes). - ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes). - ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes). - ALSA: seq: oss: Serialize ioctls (git-fixes). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes). - ALSA: usb-audio: add startech usb audio dock name (git-fixes). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: Fix some typos (git-fixes). - ALSA: usb-audio: fix spelling mistake 'buss' -> 'bus' (git-fixes). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb/line6: remove 'defined but not used' warning (git-fixes). - ALSA: vx_core: remove warning for empty loop body (git-fixes). - ALSA: xen: remove 'set but not used' warning (git-fixes). - ALSA: xen: Remove superfluous fall through comments (git-fixes). - appletalk: Fix atalk_proc_init() return path (git-fixes). - arm/arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906). - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906). - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180). - arm64: cacheflush: Fix KGDB trap detection (bsc#1175188). - arm64: csum: Fix handling of bad packets (bsc#1175192). - arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016). - arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347). - arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346). - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345). - arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013). - arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012). - arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes). - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021). - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020). - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015). - arm64: dts: rockchip: Replace RK805 PMIC node name with 'pmic' on rk3328 boards (none bsc#1175014). - arm64: dts: uDPU: fix broken ethernet (bsc#1175344). - arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011). - arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185). - arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184). - arm64: hugetlb: avoid potential NULL dereference (bsc#1175183). - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186). - arm64: kexec_file: print appropriate variable (bsc#1175187). - arm64: kgdb: Fix single-step exception handling oops (bsc#1175191). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010). - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017). - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018). - arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009). - arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182). - arm64: vdso: do not free unallocated pages (bsc#1175181). - arm: percpu.h: fix build error (git-fixes). - arm: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906). - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes). - ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes). - ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes). - ASoC: meson: axg-tdmin: fix g12a skew (git-fixes). - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes). - ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes). - ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes). - ASoC: q6routing: add dummy register read/write function (git-fixes). - ASoC: SOF: nocodec: add missing .owner field (git-fixes). - ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix regression with Atheros 9271 (git-fixes). - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bdc: Fix bug causing crash after multiple disconnects (git-fixes). - bfq: fix blkio cgroup leakage v4 (bsc#1175775). - block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes). - Bluetooth: btusb: fix up firmware download sequence (git-fixes). - Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes). - Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518). - bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518). - bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518). - bpfilter: fix up a sparse annotation (bsc#1155518). - bpfilter: Initialize pos variable (bsc#1155518). - bpfilter: reject kernel addresses (bsc#1155518). - bpfilter: switch to kernel_write (bsc#1155518). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes). - brcmfmac: Set timeout value when configuring power save (bsc#1173468). - brcmfmac: To fix Bss Info flag definition Bug (git-fixes). - btmrvl: Fix firmware filename for sd8977 chipset (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (git-fixes). - btrfs: add helper to get the end offset of a file extent item (bsc#1175546). - btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: delete the ordered isize update code (bsc#1175377). - btrfs: do not set path->leave_spinning for truncate (bsc#1175377). - btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix lost i_size update after cloning inline extent (bsc#1175377). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix race between shrinking truncate and fiemap (bsc#1175377). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: introduce per-inode file extent tree (bsc#1175377). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: make full fsyncs always operate on the entire file again (bsc#1175546). - btrfs: make ranged full fsyncs more efficient (bsc#1175546). - btrfs: move extent_io_tree defs to their own header (bsc#1175377). - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149). - btrfs: Remove leftover of in-band dedupe (bsc#1175149). - btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377). - btrfs: remove useless check for copy_items() return value (bsc#1175546). - btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377). - btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377). - btrfs: separate out the extent io init function (bsc#1175377). - btrfs: separate out the extent leak code (bsc#1175377). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263). - btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377). - btrfs: use the file extent tree infrastructure (bsc#1175377). - cfg80211: check vendor command doit pointer before use (git-fixes). - clk: actions: Fix h_clk for Actions S500 SoC (git-fixes). - clk: at91: clk-generated: check best_rate against ranges (git-fixes). - clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes). - clk: at91: sam9x60-pll: check fcore against ranges (git-fixes). - clk: at91: sam9x60-pll: use logical or for range check (git-fixes). - clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes). - clk: at91: sckc: register slow_rc with accuracy option (git-fixes). - clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865). - clk: bcm63xx-gate: fix last clock availability (git-fixes). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes). - clk: iproc: round clock rate to the closest (git-fixes). - clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes). - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes). - clk: rockchip: Revert 'fix wrong mmc sample phase shift for rk3328' (git-fixes). - clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes). - crc-t10dif: Fix potential crypto notify dead-lock (git-fixes). - crypto: aesni - add compatibility with IAS (git-fixes). - crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes). - crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: ccree - fix resource leak on error path (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (git-fixes). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes). - dmaengine: ioat setting ioat timeout as module parameter (git-fixes). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes). - docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.) - drbd: Remove uninitialized_var() usage (git-fixes). - driver core: Avoid binding drivers to dead devices (git-fixes). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes). - drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes). - drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472) - drm/amd/powerplay: fix a crash when overclocking Vega M (git-fixes). - drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes). - drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0 - drm/amdgpu/gfx10: fix race condition for kiq (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes). - drm/amdgpu: fix preemption unit test (git-fixes). - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes). - drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c - drm/debugfs: fix plain echo to connector 'force' attribute (git-fixes). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes). - drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes). - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) * context changes - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes). - drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737). - drm/i915/gt: Move new timelines to the end of active_list (git-fixes). - drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) * context changes - drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes). - drm/i915: Actually emit the await_start (bsc#1174737). - drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737). - drm/i915: Do not poison i915_request.link on removal (bsc#1174737). - drm/i915: Drop no-semaphore boosting (bsc#1174737). - drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737). - drm/i915: Flush execution tasklets before checking request status (bsc#1174737). - drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737). - drm/i915: Ignore submit-fences on the same timeline (bsc#1174737). - drm/i915: Improve the start alignment of bonded pairs (bsc#1174737). - drm/i915: Keep track of request among the scheduling lists (bsc#1174737). - drm/i915: Lock signaler timeline while navigating (bsc#1174737). - drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737). - drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737). - drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737). - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) * context changes - drm/i915: Peel dma-fence-chains for await (bsc#1174737). - drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737). - drm/i915: Protect i915_request_await_start from early waits (bsc#1174737). - drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737). - drm/i915: Rely on direct submission to the queue (bsc#1174737). - drm/i915: Remove wait priority boosting (bsc#1174737). - drm/i915: Reorder await_execution before await_request (bsc#1174737). - drm/i915: Return early for await_start on same timeline (bsc#1174737). - drm/i915: Use EAGAIN for trylock failures (bsc#1174737). - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (git-fixes). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes). - drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (git-fixes). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm/radeon: disable AGP by default (git-fixes). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes). - drm/stm: repair runtime power management (git-fixes). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes - drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes). - drm: hold gem reference until object is no longer accessed (git-fixes). - drm: msm: a6xx: fix gpu failure after system resume (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes). - dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes). - enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28). - ext2: fix missing percpu_counter_inc (bsc#1175774). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: do not BUG on inconsistent journal feature (bsc#1171634). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at 'struct fbcon_ops'->clear_margins (git-fixes). - firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes). - firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes). - firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: Fix a reference count leak (git-fixes). - firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906). - firmware: smccc: Add function to fetch SMCCC version (bsc#1174906). - firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906). - firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906). - firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906). - firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906). - firmware: smccc: Update link to latest SMCCC specification (bsc#1174906). - firmware_loader: fix memory leak for paged buffer (bsc#1175367). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176). - fuse: fix weird page warning (bsc#1175175). - genetlink: remove genl_bind (networking-stable-20_07_17). - geneve: fix an uninitialized value in geneve_changelink() (git-fixes). - genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090). - genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090). - genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090). - gfs2: Another gfs2_find_jhead fix (bsc#1174824). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825). - go7007: add sanity checking for endpoints (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: arizona: put pm_runtime in case of failure (git-fixes). - gpio: max77620: Fix missing release of interrupt (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes). - habanalabs: increase timeout during reset (git-fixes). - HID: alps: support devices with report id 2 (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes). - HID: input: Fix devices that return multiple bytes in battery report (git-fixes). - HID: steam: fixes race in handling device list (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes). - i2c: also convert placeholder function to return errno (git-fixes). - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes). - i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411). - i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411). - i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - i2c: iproc: fix race between client unreg and isr (git-fixes). - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes). - i2c: rcar: avoid race when unregistering slave (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes). - i2c: slave: add sanity check when unregistering (git-fixes). - i2c: slave: improve sanity check when registering (git-fixes). - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes). - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes). - i40iw: Report correct firmware version (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (git-fixes). - IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes). - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes). - IB/hfi1: Ensure pq is not left on waitlist (git-fixes). - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes). - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes). - IB/mad: Fix use after free when destroying MAD agent (git-fixes). - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes). - IB/mlx5: Fix 50G per lane indication (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes). - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes). - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes). - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes). - IB/rdmavt: Delete unused routine (git-fixes). - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770). - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ice: Clear and free XLT entries on reset (jsc#SLE-7926). - ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926). - ide: Remove uninitialized_var() usage (git-fixes). - ieee802154: fix one possible memleak in adf7242_probe (git-fixes). - igc: Fix PTP initialization (bsc#1160634). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - Input: elan_i2c - only increment wakeup count on touch (git-fixes). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ionic: fix up filter locks and debug msgs (bsc#1167773). - ionic: keep rss hash after fw update (bsc#1167773). - ionic: unlock queue mutex in error path (bsc#1167773). - ionic: update filter id after replay (bsc#1167773). - ionic: use mutex to protect queue operations (bsc#1167773). - ionic: use offset for ethtool regs data (bsc#1167773). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17). - ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1175195). - iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI workaround for enum cpuhp_state (git-fixes). - kABI workaround for struct kvm_device (git-fixes). Just change an variable to 'const' type in kvm_device. - kABI workaround for struct kvm_vcpu_arch (git-fixes). Add a struct variable to the end of kvm_vcpu_arch and kvm_vcpu_arch is embedded into kvm_vcpu at the end. It is usually used by pointer and allocated dynamically, so this change should be fine even for external kvm module. - kABI/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - kABI/severities: ignore qla2xxx as all symbols are internal - kABI: genetlink: remove genl_bind (kabi). - kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645). - kernel.h: remove duplicate include of asm/div64.h (git-fixes). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190). - KVM: arm64: Correct PSTATE on exception entry (bsc#1133021). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021). - KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021). - KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593). - KVM: Play nice with read-only memslots when querying host page size (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: Reinstall old memslots if arch preparation fails (bsc#1133021). - KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021). - KVM: x86: Fix APIC page invalidation race (bsc#1133021). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: gpio: Fix semantic error (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: lm36274: fix use-after-free on unbind (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - locktorture: Print ratio of acquisitions, not failures (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix misplaced while instead of if (git-fixes). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - Mark the SLE15-SP2 kernel properly released. There perhaps was a typo, when SUSE_KERNEL_RELEASED missed the trailing 'D' - this leads to our kernels being marked as 'Unreleased kernel'. SUSE_KERNEL_RELEASED is defined in rpm/kernel-binary.spec.in. To fix that, it should be enough to switch from SUSE_KERNEL_RELEASE to SUSE_KERNEL_RELEASED. - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: camss: fix memory leaks on error handling paths in probe (git-fixes). - media: cxusb-analog: fix V4L2 dependency (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes). - media: media-request: Fix crash if memory allocation fails (git-fixes). - media: nuvoton-cir: remove setting tx carrier functions (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes). - media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes). - media: sur40: Remove uninitialized_var() usage (git-fixes). - media: vpss: clean up resources in init (git-fixes). - media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488). - mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm: Fix protection usage propagation (bsc#1174002). - mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes). - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes). - mtd: rawnand: qcom: avoid write to unavailable register (git-fixes). - mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28). - mwifiex: Fix firmware filename for sd8977 chipset (git-fixes). - mwifiex: Fix firmware filename for sd8997 chipset (git-fixes). - mwifiex: Prevent memory corruption handling keys (git-fixes). - ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518). - net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518). - net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518). - net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17). - net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid memory access violation by validating req_id properly (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: fix continuous keep-alive resets (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: Make missed_tx stat incremental (git-fixes). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: Prevent reset after device destruction (git-fixes). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: hns3: fix error handling for desc filling (git-fixes). - net: hns3: fix for not calculating TX BD send size correctly (git-fixes). - net: hns3: fix return value error when query MAC link status fail (git-fixes). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: lan78xx: replace bogus endpoint lookup (git-fixes). - net: mvneta: fix use of state->speed (networking-stable-20_07_17). - net: phy: Check harder for errors in get_phy_id() (git-fixes). - net: phy: fix memory leak in device-create error path (git-fixes). - net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17). - netdevsim: fix unbalaced locking in nsim_create() (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - ntb: Fix static check warning in perf_clear_test (git-fixes). - ntb: Fix the default port and peer numbers for legacy drivers (git-fixes). - ntb: hw: remove the code that sets the DMA mask (git-fixes). - ntb: ntb_pingpong: Choose doorbells based on port number (git-fixes). - ntb: ntb_test: Fix bug when counting remote files (git-fixes). - ntb: ntb_tool: reading the link file should not end in a NULL byte (git-fixes). - ntb: perf: Do not require one more memory window than number of peers (git-fixes). - ntb: perf: Fix race condition when run with ntb_test (git-fixes). - ntb: perf: Fix support for hardware that does not have port numbers (git-fixes). - ntb: Revert the change to use the NTB device dev for DMA allocations (git-fixes). - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes). - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108). - nvme-multipath: set bdi capabilities once (bsc#1159058). - nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058). - nvme-rdma: Add warning on state change failure at (bsc#1159058). - nvme-tcp: Add warning on state change failure at (bsc#1159058). - nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058). - nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes). - nvme: always search for namespace head (bsc#1159058). - nvme: avoid an Identify Controller command for each namespace (bsc#1159058). - nvme: check namespace head shared property (bsc#1159058). - nvme: clean up nvme_scan_work (bsc#1159058). - nvme: cleanup namespace identifier reporting in (bsc#1159058). - nvme: consolidate chunk_sectors settings (bsc#1159058). - nvme: consolodate io settings (bsc#1159058). - nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058). - nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058). - nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058). - nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058). - nvme: Fix controller creation races with teardown flow (bsc#1159058). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058). - nvme: fix identify error status silent ignore (git-fixes, bsc#1159058). - nvme: fix possible hang when ns scanning fails during error (bsc#1159058). - nvme: kABI fixes for nvme_ctrl (bsc#1159058). - nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058). - nvme: provide num dword helper (bsc#1159058). - nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058). - nvme: refine the Qemu Identify CNS quirk (bsc#1159058). - nvme: release ida resources (bsc#1159058). - nvme: release namespace head reference on error (bsc#1159058). - nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058). - nvme: remove unused parameter (bsc#1159058). - nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058). - nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058). - nvme: revalidate after verifying identifiers (bsc#1159058). - nvme: revalidate namespace stream parameters (bsc#1159058). - nvme: unlink head after removing last namespace (bsc#1159058). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (git-fixes). - openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix runtime PM imbalance on error (git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes). - phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes). - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes). - phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes). - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: ISST: Add new PCI device ids (git-fixes). - PM: wakeup: Show statistics for deleted wakeup sources again (git-fixes). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395). - powerpc/iommu: Allow bypass-only for DMA (bsc#1156395). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (git-fixes). - qed: suppress false-positives interrupt error messages on HW init (git-fixes). - r8169: fix jumbo configuration for RTL8168evl (bsc#1175296). - r8169: fix jumbo packet handling on resume from suspend (bsc#1175296). - r8169: fix resume on cable plug-in (bsc#1175296). - r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296). - r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296). - r8169: read common register for PCI commit (bsc#1175296). - random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes). - random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes). - random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes). - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes). - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes). - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes). - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes). - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes). - RDMA/cm: Remove a race freeing timewait_info (git-fixes). - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes). - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes). - RDMA/core: Fix double destruction of uobject (git-fixes). - RDMA/core: Fix double put of resource (git-fixes). - RDMA/core: Fix missing error check on dev_set_name() (git-fixes). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes). - RDMA/core: Fix race between destroy and release FD object (git-fixes). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes). - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes). - RDMA/counter: Query a counter before release (git-fixes). - RDMA/efa: Set maximum pkeys device attribute (git-fixes). - RDMA/hns: Bugfix for querying qkey (git-fixes). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes). - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes). - RDMA/iwcm: Fix iwcm work deallocation (git-fixes). - RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes). - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes). - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes). - RDMA/mlx5: Add init2init as a modify command (git-fixes). - RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446). - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes). - RDMA/mlx5: Fix typo in enum name (git-fixes). - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes). - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes). - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes). - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes). - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes). - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes). - RDMA/rxe: Set default vendor ID (git-fixes). - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes). - RDMA/siw: Fix failure handling during device creation (git-fixes). - RDMA/siw: Fix passive connection establishment (git-fixes). - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes). - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes). - RDMA/siw: Fix reporting vendor_part_id (git-fixes). - RDMA/siw: Fix setting active_mtu attribute (git-fixes). - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes). - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes). - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - remoteproc: qcom: q6v5: Update running state before requesting stop (git-fixes). - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes). - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes). - Revert 'ALSA: hda: call runtime_allow() for all hda controllers' (git-fixes). - Revert 'drm/amd/display: Expose connector VRR range via debugfs' (bsc#1152489) * refreshed for context changes - Revert 'drm/amdgpu: Fix NULL dereference in dpm sysfs handlers' (git-fixes). - Revert 'i2c: cadence: Fix the hold bit setting' (git-fixes). - Revert 'RDMA/cma: Simplify rdma_resolve_addr() error flow' (git-fixes). - Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003). - Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003). - rhashtable: Document the right function parameters (bsc#1174880). - rhashtable: drop duplicated word in (bsc#1174880). - rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880). - rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880). - rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/modules.fips: * add ecdh_generic (boo#1173813) - rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - rtw88: fix LDPC field for RA info (git-fixes). - rtw88: fix short GI capability based on current bandwidth (git-fixes). - sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28). - sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: remove unneeded semicolon (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes). - serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes). - serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes). - serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - serial: tegra: fix CREAD handling for PIO (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834). - soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116). - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes). - spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - spi: rockchip: Fix error in SPI slave pio read (git-fixes). - spi: spi-geni-qcom: Actually use our FIFO (git-fixes). - spi: spidev: Align buffers for DMA (git-fixes). - spi: stm32: fixes suspend/resume management (git-fixes). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging: rtl8712: handle firmware load failure (git-fixes). - staging: vchiq_arm: Add a matching unregister call (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes). - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes). - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - ubsan: check panic_on_warn (bsc#1174805). - uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762). - update upstream reference - usb: bdc: Halt controller on suspend (git-fixes). - usb: core: fix quirks_param_set() writing to a const pointer (git-fixes). - usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes). - usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes). - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: iowarrior: fix up report size handling for some devices (git-fixes). - usb: mtu3: clear dual mode of u3port when disable device (git-fixes). - usb: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - usb: serial: cp210x: re-enable auto-RTS on open (git-fixes). - usb: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - usb: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: tegra: Fix allocation for the FPCI context (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes). - watchdog: initialize device before misc_register (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - wl1251: fix always return 0 error (git-fixes). - x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes). - xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600). - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645). - xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645). - xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2577-1 Released: Wed Sep 9 07:18:53 2020 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1176069,CVE-2020-14386 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2629-1 Released: Mon Sep 14 18:12:01 2020 Summary: Security update for shim Type: security Severity: moderate References: 1113225,1121268,1153953,1168104,1168994,1173411,1174320,1175626,1175656,CVE-2020-10713 This update for shim fixes the following issues: This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Changes: Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994) + Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin + Add vendor-dbx.bin as the vendor dbx to block unwanted keys - Update the path to grub-tpm.efi in shim-install (bsc#1174320) - Only check EFI variable copying when Secure Boot is enabled (bsc#1173411) - Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd (bsc#1168104) - shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. (bsc#1153953) - shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2638-1 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1165580 This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2655-1 Released: Wed Sep 16 14:44:27 2020 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin Type: recommended Severity: moderate References: 1174745,1175173,1175740,1175741 This update for google-guest-agent, google-guest-configs, google-guest-oslogin contains the following fixes: - Update to version 20200819.00. (bsc#1175740, bsc#1175741) * handle oslogin enable/disable cases (#70). (bsc#1175173) * add README (#69) * Fix metric for addIPForwardEntry (#68) * Correctly determine default route index (#67) * oslogin: dont add entry to pam.d/su (#66) * end group.conf with newline (#64) * Add source field in googet spec (#59) * Set route to metadata on interface with default route (#47) * fix typo in boto.cfg (#62) - Properly handle enabling of systemd services when upgrading from the old google-compute-engine-init package (bsc#1174745) - Update to version 20200626.00. (bsc#1175740, bsc#1175741) * Updates the udev rules for local SSD disks. (#9) * Fix tx affinity logic when number of CPUs is above 32 (#6) - Switch udev requires to pkgconfig to allow the build service to use the -mini package for build optimization - Update to version 20200819.00. (bsc#1175740, bsc#1175741) * deny non-2fa users (#37) * use asterisks instead (#39) * set passwords to ! (#38) * correct index 0 bug (#36) * Support security key generated OTP challenges. (#35) - No post action for ssh ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2684-1 Released: Fri Sep 18 15:01:24 2020 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1176134,1176591 This update for grub2 fixes the following issues: - Make efi hand off the default entry point of the linux command (bsc#1176134) From sle-updates at lists.suse.com Wed Sep 23 07:13:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 15:13:46 +0200 (CEST) Subject: SUSE-RU-2020:2723-1: moderate: Recommended update for mdadm Message-ID: <20200923131346.24192FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2723-1 Rating: moderate References: #1175004 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issues: - Implement to treat the 'Dell softraid' array as local array. (bsc#1175004) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2723=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2723=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): mdadm-4.1-15.17.2 mdadm-debuginfo-4.1-15.17.2 mdadm-debugsource-4.1-15.17.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): mdadm-4.1-15.17.2 mdadm-debuginfo-4.1-15.17.2 mdadm-debugsource-4.1-15.17.2 References: https://bugzilla.suse.com/1175004 From sle-updates at lists.suse.com Wed Sep 23 07:14:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 15:14:40 +0200 (CEST) Subject: SUSE-SU-2020:2721-1: important: Security update for samba Message-ID: <20200923131440.58971FCE2@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2721-1 Rating: important References: #1174120 #1174316 #1176579 Cross-References: CVE-2020-1472 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Fixed an issue where multiple home folders were created(bsc#1174316, bso#13369). - Fixed an issue where the net command was unable to negotiate SMB2 (bsc#1174120); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2721=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2721=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2721=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2721=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2721=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2721=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2721=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2721=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2721=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2721=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-2721=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2721=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2721=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): samba-doc-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): samba-doc-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE OpenStack Cloud 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE OpenStack Cloud 9 (noarch): samba-doc-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE OpenStack Cloud 8 (noarch): samba-doc-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE OpenStack Cloud 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): samba-doc-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): samba-doc-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): samba-doc-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): samba-doc-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): samba-doc-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.237.40a3f495f75-3.55.1 ctdb-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.237.40a3f495f75-3.55.1 ctdb-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.16+git.237.40a3f495f75-3.55.1 ctdb-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-4.6.16+git.237.40a3f495f75-3.55.1 samba-ceph-4.6.16+git.237.40a3f495f75-3.55.1 samba-ceph-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Enterprise Storage 5 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 - SUSE Enterprise Storage 5 (noarch): samba-doc-4.6.16+git.237.40a3f495f75-3.55.1 - HPE Helion Openstack 8 (noarch): samba-doc-4.6.16+git.237.40a3f495f75-3.55.1 - HPE Helion Openstack 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc-binding0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libdcerpc0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-krb5pac0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-nbt0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr-standard0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libndr0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libnetapi0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-credentials0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-errors0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-hostconfig0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-passdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamba-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsamdb0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbconf0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libsmbldap0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libtevent-util0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 libwbclient0-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-client-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-debugsource-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-libs-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-32bit-4.6.16+git.237.40a3f495f75-3.55.1 samba-winbind-debuginfo-4.6.16+git.237.40a3f495f75-3.55.1 References: https://www.suse.com/security/cve/CVE-2020-1472.html https://bugzilla.suse.com/1174120 https://bugzilla.suse.com/1174316 https://bugzilla.suse.com/1176579 From sle-updates at lists.suse.com Wed Sep 23 07:15:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 15:15:52 +0200 (CEST) Subject: SUSE-SU-2020:2719-1: important: Security update for samba Message-ID: <20200923131552.654D1FCE2@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2719-1 Rating: important References: #1172810 #1176579 Cross-References: CVE-2020-1472 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Add 'libsmbldap0' to 'libsmbldap2' package to fix upgrades from previous versions. (bsc#1172810) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2719=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2719=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2719=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2719=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2719=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libdcerpc-binding0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-binding0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-devel-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr-devel-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr0-4.7.11+git.270.63e2076625b-4.48.1 libndr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libnetapi-devel-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-policy-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-policy0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamdb-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util-devel-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libwbclient-devel-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-4.7.11+git.270.63e2076625b-4.48.1 samba-client-4.7.11+git.270.63e2076625b-4.48.1 samba-client-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-core-devel-4.7.11+git.270.63e2076625b-4.48.1 samba-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-debugsource-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libdcerpc-binding0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-client-32bit-4.7.11+git.270.63e2076625b-4.48.1 samba-client-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-32bit-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-32bit-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libdcerpc-binding0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-binding0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-devel-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr-devel-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr0-4.7.11+git.270.63e2076625b-4.48.1 libndr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libnetapi-devel-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-policy-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-policy0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamdb-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util-devel-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libwbclient-devel-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-4.7.11+git.270.63e2076625b-4.48.1 samba-client-4.7.11+git.270.63e2076625b-4.48.1 samba-client-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-core-devel-4.7.11+git.270.63e2076625b-4.48.1 samba-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-debugsource-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-binding0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-devel-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr-devel-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr0-4.7.11+git.270.63e2076625b-4.48.1 libndr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libnetapi-devel-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-policy-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-policy0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamdb-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util-devel-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libwbclient-devel-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-4.7.11+git.270.63e2076625b-4.48.1 samba-client-4.7.11+git.270.63e2076625b-4.48.1 samba-client-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-core-devel-4.7.11+git.270.63e2076625b-4.48.1 samba-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-debugsource-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-client-32bit-4.7.11+git.270.63e2076625b-4.48.1 samba-client-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-32bit-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-32bit-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-binding0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-devel-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr-devel-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-samr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard-devel-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr0-4.7.11+git.270.63e2076625b-4.48.1 libndr0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libnetapi-devel-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-policy-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-policy0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamdb-devel-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap-devel-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util-devel-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libwbclient-devel-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-4.7.11+git.270.63e2076625b-4.48.1 samba-client-4.7.11+git.270.63e2076625b-4.48.1 samba-client-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-core-devel-4.7.11+git.270.63e2076625b-4.48.1 samba-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-debugsource-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libdcerpc0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr-standard0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libndr0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libndr0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libnetapi0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamba-util0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsamdb0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsmbclient0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsmbconf0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-32bit-4.7.11+git.270.63e2076625b-4.48.1 libsmbldap2-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libtevent-util0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-32bit-4.7.11+git.270.63e2076625b-4.48.1 libwbclient0-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-client-32bit-4.7.11+git.270.63e2076625b-4.48.1 samba-client-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-32bit-4.7.11+git.270.63e2076625b-4.48.1 samba-libs-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-32bit-4.7.11+git.270.63e2076625b-4.48.1 samba-winbind-32bit-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.11+git.270.63e2076625b-4.48.1 ctdb-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-debuginfo-4.7.11+git.270.63e2076625b-4.48.1 samba-debugsource-4.7.11+git.270.63e2076625b-4.48.1 References: https://www.suse.com/security/cve/CVE-2020-1472.html https://bugzilla.suse.com/1172810 https://bugzilla.suse.com/1176579 From sle-updates at lists.suse.com Wed Sep 23 07:16:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 15:16:56 +0200 (CEST) Subject: SUSE-SU-2020:2722-1: important: Security update for samba Message-ID: <20200923131656.DC9F2FCE2@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2722-1 Rating: important References: #1176579 Cross-References: CVE-2020-1472 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2722=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2722=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2722=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-2722=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): libsamba-policy0-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-policy0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-ad-dc-4.9.5+git.373.26895a83dbf-3.44.1 samba-ad-dc-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-debugsource-4.9.5+git.373.26895a83dbf-3.44.1 samba-dsdb-modules-4.9.5+git.373.26895a83dbf-3.44.1 samba-dsdb-modules-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-libs-python-4.9.5+git.373.26895a83dbf-3.44.1 samba-libs-python-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-python-4.9.5+git.373.26895a83dbf-3.44.1 samba-python-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.373.26895a83dbf-3.44.1 libdcerpc-binding0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libdcerpc-devel-4.9.5+git.373.26895a83dbf-3.44.1 libdcerpc-samr-devel-4.9.5+git.373.26895a83dbf-3.44.1 libdcerpc-samr0-4.9.5+git.373.26895a83dbf-3.44.1 libdcerpc-samr0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libdcerpc0-4.9.5+git.373.26895a83dbf-3.44.1 libdcerpc0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libndr-devel-4.9.5+git.373.26895a83dbf-3.44.1 libndr-krb5pac-devel-4.9.5+git.373.26895a83dbf-3.44.1 libndr-krb5pac0-4.9.5+git.373.26895a83dbf-3.44.1 libndr-krb5pac0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libndr-nbt-devel-4.9.5+git.373.26895a83dbf-3.44.1 libndr-nbt0-4.9.5+git.373.26895a83dbf-3.44.1 libndr-nbt0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libndr-standard-devel-4.9.5+git.373.26895a83dbf-3.44.1 libndr-standard0-4.9.5+git.373.26895a83dbf-3.44.1 libndr-standard0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libndr0-4.9.5+git.373.26895a83dbf-3.44.1 libndr0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libnetapi-devel-4.9.5+git.373.26895a83dbf-3.44.1 libnetapi0-4.9.5+git.373.26895a83dbf-3.44.1 libnetapi0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-credentials-devel-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-credentials0-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-credentials0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-errors-devel-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-errors0-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-errors0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-hostconfig-devel-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-hostconfig0-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-hostconfig0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-passdb-devel-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-passdb0-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-passdb0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-policy-devel-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-policy-python3-devel-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-policy0-python3-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-policy0-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-util-devel-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-util0-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-util0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamdb-devel-4.9.5+git.373.26895a83dbf-3.44.1 libsamdb0-4.9.5+git.373.26895a83dbf-3.44.1 libsamdb0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsmbclient-devel-4.9.5+git.373.26895a83dbf-3.44.1 libsmbclient0-4.9.5+git.373.26895a83dbf-3.44.1 libsmbclient0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsmbconf-devel-4.9.5+git.373.26895a83dbf-3.44.1 libsmbconf0-4.9.5+git.373.26895a83dbf-3.44.1 libsmbconf0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsmbldap-devel-4.9.5+git.373.26895a83dbf-3.44.1 libsmbldap2-4.9.5+git.373.26895a83dbf-3.44.1 libsmbldap2-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libtevent-util-devel-4.9.5+git.373.26895a83dbf-3.44.1 libtevent-util0-4.9.5+git.373.26895a83dbf-3.44.1 libtevent-util0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libwbclient-devel-4.9.5+git.373.26895a83dbf-3.44.1 libwbclient0-4.9.5+git.373.26895a83dbf-3.44.1 libwbclient0-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-4.9.5+git.373.26895a83dbf-3.44.1 samba-client-4.9.5+git.373.26895a83dbf-3.44.1 samba-client-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-core-devel-4.9.5+git.373.26895a83dbf-3.44.1 samba-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-debugsource-4.9.5+git.373.26895a83dbf-3.44.1 samba-libs-4.9.5+git.373.26895a83dbf-3.44.1 samba-libs-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-libs-python3-4.9.5+git.373.26895a83dbf-3.44.1 samba-libs-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-python3-4.9.5+git.373.26895a83dbf-3.44.1 samba-python3-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-winbind-4.9.5+git.373.26895a83dbf-3.44.1 samba-winbind-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libdcerpc0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libdcerpc0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libndr-krb5pac0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libndr-nbt0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libndr-standard0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libndr-standard0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libndr0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libndr0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libnetapi0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libnetapi0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-credentials0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-errors0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-hostconfig0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-passdb0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-util0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libsamba-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsamdb0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libsamdb0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsmbconf0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libsmbconf0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libsmbldap2-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libsmbldap2-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libtevent-util0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libtevent-util0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 libwbclient0-32bit-4.9.5+git.373.26895a83dbf-3.44.1 libwbclient0-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-libs-32bit-4.9.5+git.373.26895a83dbf-3.44.1 samba-libs-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-winbind-32bit-4.9.5+git.373.26895a83dbf-3.44.1 samba-winbind-32bit-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.373.26895a83dbf-3.44.1 ctdb-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-debugsource-4.9.5+git.373.26895a83dbf-3.44.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): samba-ceph-4.9.5+git.373.26895a83dbf-3.44.1 samba-ceph-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-debuginfo-4.9.5+git.373.26895a83dbf-3.44.1 samba-debugsource-4.9.5+git.373.26895a83dbf-3.44.1 References: https://www.suse.com/security/cve/CVE-2020-1472.html https://bugzilla.suse.com/1176579 From sle-updates at lists.suse.com Wed Sep 23 07:17:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 15:17:50 +0200 (CEST) Subject: SUSE-SU-2020:2724-1: important: Security update for samba Message-ID: <20200923131750.E3940FCE2@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2724-1 Rating: important References: #1176579 Cross-References: CVE-2020-1472 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2724=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2724=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2724=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2724=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2020-2724=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.36.1 libdcerpc-binding0-4.4.2-38.36.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.36.1 libdcerpc-binding0-debuginfo-4.4.2-38.36.1 libdcerpc0-32bit-4.4.2-38.36.1 libdcerpc0-4.4.2-38.36.1 libdcerpc0-debuginfo-32bit-4.4.2-38.36.1 libdcerpc0-debuginfo-4.4.2-38.36.1 libndr-krb5pac0-32bit-4.4.2-38.36.1 libndr-krb5pac0-4.4.2-38.36.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.36.1 libndr-krb5pac0-debuginfo-4.4.2-38.36.1 libndr-nbt0-32bit-4.4.2-38.36.1 libndr-nbt0-4.4.2-38.36.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.36.1 libndr-nbt0-debuginfo-4.4.2-38.36.1 libndr-standard0-32bit-4.4.2-38.36.1 libndr-standard0-4.4.2-38.36.1 libndr-standard0-debuginfo-32bit-4.4.2-38.36.1 libndr-standard0-debuginfo-4.4.2-38.36.1 libndr0-32bit-4.4.2-38.36.1 libndr0-4.4.2-38.36.1 libndr0-debuginfo-32bit-4.4.2-38.36.1 libndr0-debuginfo-4.4.2-38.36.1 libnetapi0-32bit-4.4.2-38.36.1 libnetapi0-4.4.2-38.36.1 libnetapi0-debuginfo-32bit-4.4.2-38.36.1 libnetapi0-debuginfo-4.4.2-38.36.1 libsamba-credentials0-32bit-4.4.2-38.36.1 libsamba-credentials0-4.4.2-38.36.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.36.1 libsamba-credentials0-debuginfo-4.4.2-38.36.1 libsamba-errors0-32bit-4.4.2-38.36.1 libsamba-errors0-4.4.2-38.36.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.36.1 libsamba-errors0-debuginfo-4.4.2-38.36.1 libsamba-hostconfig0-32bit-4.4.2-38.36.1 libsamba-hostconfig0-4.4.2-38.36.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.36.1 libsamba-hostconfig0-debuginfo-4.4.2-38.36.1 libsamba-passdb0-32bit-4.4.2-38.36.1 libsamba-passdb0-4.4.2-38.36.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.36.1 libsamba-passdb0-debuginfo-4.4.2-38.36.1 libsamba-util0-32bit-4.4.2-38.36.1 libsamba-util0-4.4.2-38.36.1 libsamba-util0-debuginfo-32bit-4.4.2-38.36.1 libsamba-util0-debuginfo-4.4.2-38.36.1 libsamdb0-32bit-4.4.2-38.36.1 libsamdb0-4.4.2-38.36.1 libsamdb0-debuginfo-32bit-4.4.2-38.36.1 libsamdb0-debuginfo-4.4.2-38.36.1 libsmbclient0-32bit-4.4.2-38.36.1 libsmbclient0-4.4.2-38.36.1 libsmbclient0-debuginfo-32bit-4.4.2-38.36.1 libsmbclient0-debuginfo-4.4.2-38.36.1 libsmbconf0-32bit-4.4.2-38.36.1 libsmbconf0-4.4.2-38.36.1 libsmbconf0-debuginfo-32bit-4.4.2-38.36.1 libsmbconf0-debuginfo-4.4.2-38.36.1 libsmbldap0-32bit-4.4.2-38.36.1 libsmbldap0-4.4.2-38.36.1 libsmbldap0-debuginfo-32bit-4.4.2-38.36.1 libsmbldap0-debuginfo-4.4.2-38.36.1 libtevent-util0-32bit-4.4.2-38.36.1 libtevent-util0-4.4.2-38.36.1 libtevent-util0-debuginfo-32bit-4.4.2-38.36.1 libtevent-util0-debuginfo-4.4.2-38.36.1 libwbclient0-32bit-4.4.2-38.36.1 libwbclient0-4.4.2-38.36.1 libwbclient0-debuginfo-32bit-4.4.2-38.36.1 libwbclient0-debuginfo-4.4.2-38.36.1 samba-4.4.2-38.36.1 samba-client-32bit-4.4.2-38.36.1 samba-client-4.4.2-38.36.1 samba-client-debuginfo-32bit-4.4.2-38.36.1 samba-client-debuginfo-4.4.2-38.36.1 samba-debuginfo-4.4.2-38.36.1 samba-debugsource-4.4.2-38.36.1 samba-libs-32bit-4.4.2-38.36.1 samba-libs-4.4.2-38.36.1 samba-libs-debuginfo-32bit-4.4.2-38.36.1 samba-libs-debuginfo-4.4.2-38.36.1 samba-winbind-32bit-4.4.2-38.36.1 samba-winbind-4.4.2-38.36.1 samba-winbind-debuginfo-32bit-4.4.2-38.36.1 samba-winbind-debuginfo-4.4.2-38.36.1 - SUSE OpenStack Cloud 7 (noarch): samba-doc-4.4.2-38.36.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libdcerpc-binding0-4.4.2-38.36.1 libdcerpc-binding0-debuginfo-4.4.2-38.36.1 libdcerpc0-4.4.2-38.36.1 libdcerpc0-debuginfo-4.4.2-38.36.1 libndr-krb5pac0-4.4.2-38.36.1 libndr-krb5pac0-debuginfo-4.4.2-38.36.1 libndr-nbt0-4.4.2-38.36.1 libndr-nbt0-debuginfo-4.4.2-38.36.1 libndr-standard0-4.4.2-38.36.1 libndr-standard0-debuginfo-4.4.2-38.36.1 libndr0-4.4.2-38.36.1 libndr0-debuginfo-4.4.2-38.36.1 libnetapi0-4.4.2-38.36.1 libnetapi0-debuginfo-4.4.2-38.36.1 libsamba-credentials0-4.4.2-38.36.1 libsamba-credentials0-debuginfo-4.4.2-38.36.1 libsamba-errors0-4.4.2-38.36.1 libsamba-errors0-debuginfo-4.4.2-38.36.1 libsamba-hostconfig0-4.4.2-38.36.1 libsamba-hostconfig0-debuginfo-4.4.2-38.36.1 libsamba-passdb0-4.4.2-38.36.1 libsamba-passdb0-debuginfo-4.4.2-38.36.1 libsamba-util0-4.4.2-38.36.1 libsamba-util0-debuginfo-4.4.2-38.36.1 libsamdb0-4.4.2-38.36.1 libsamdb0-debuginfo-4.4.2-38.36.1 libsmbclient0-4.4.2-38.36.1 libsmbclient0-debuginfo-4.4.2-38.36.1 libsmbconf0-4.4.2-38.36.1 libsmbconf0-debuginfo-4.4.2-38.36.1 libsmbldap0-4.4.2-38.36.1 libsmbldap0-debuginfo-4.4.2-38.36.1 libtevent-util0-4.4.2-38.36.1 libtevent-util0-debuginfo-4.4.2-38.36.1 libwbclient0-4.4.2-38.36.1 libwbclient0-debuginfo-4.4.2-38.36.1 samba-4.4.2-38.36.1 samba-client-4.4.2-38.36.1 samba-client-debuginfo-4.4.2-38.36.1 samba-debuginfo-4.4.2-38.36.1 samba-debugsource-4.4.2-38.36.1 samba-libs-4.4.2-38.36.1 samba-libs-debuginfo-4.4.2-38.36.1 samba-winbind-4.4.2-38.36.1 samba-winbind-debuginfo-4.4.2-38.36.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): samba-doc-4.4.2-38.36.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.36.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.36.1 libdcerpc0-32bit-4.4.2-38.36.1 libdcerpc0-debuginfo-32bit-4.4.2-38.36.1 libndr-krb5pac0-32bit-4.4.2-38.36.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.36.1 libndr-nbt0-32bit-4.4.2-38.36.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.36.1 libndr-standard0-32bit-4.4.2-38.36.1 libndr-standard0-debuginfo-32bit-4.4.2-38.36.1 libndr0-32bit-4.4.2-38.36.1 libndr0-debuginfo-32bit-4.4.2-38.36.1 libnetapi0-32bit-4.4.2-38.36.1 libnetapi0-debuginfo-32bit-4.4.2-38.36.1 libsamba-credentials0-32bit-4.4.2-38.36.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.36.1 libsamba-errors0-32bit-4.4.2-38.36.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.36.1 libsamba-hostconfig0-32bit-4.4.2-38.36.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.36.1 libsamba-passdb0-32bit-4.4.2-38.36.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.36.1 libsamba-util0-32bit-4.4.2-38.36.1 libsamba-util0-debuginfo-32bit-4.4.2-38.36.1 libsamdb0-32bit-4.4.2-38.36.1 libsamdb0-debuginfo-32bit-4.4.2-38.36.1 libsmbclient0-32bit-4.4.2-38.36.1 libsmbclient0-debuginfo-32bit-4.4.2-38.36.1 libsmbconf0-32bit-4.4.2-38.36.1 libsmbconf0-debuginfo-32bit-4.4.2-38.36.1 libsmbldap0-32bit-4.4.2-38.36.1 libsmbldap0-debuginfo-32bit-4.4.2-38.36.1 libtevent-util0-32bit-4.4.2-38.36.1 libtevent-util0-debuginfo-32bit-4.4.2-38.36.1 libwbclient0-32bit-4.4.2-38.36.1 libwbclient0-debuginfo-32bit-4.4.2-38.36.1 samba-client-32bit-4.4.2-38.36.1 samba-client-debuginfo-32bit-4.4.2-38.36.1 samba-libs-32bit-4.4.2-38.36.1 samba-libs-debuginfo-32bit-4.4.2-38.36.1 samba-winbind-32bit-4.4.2-38.36.1 samba-winbind-debuginfo-32bit-4.4.2-38.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libdcerpc-binding0-4.4.2-38.36.1 libdcerpc-binding0-debuginfo-4.4.2-38.36.1 libdcerpc0-4.4.2-38.36.1 libdcerpc0-debuginfo-4.4.2-38.36.1 libndr-krb5pac0-4.4.2-38.36.1 libndr-krb5pac0-debuginfo-4.4.2-38.36.1 libndr-nbt0-4.4.2-38.36.1 libndr-nbt0-debuginfo-4.4.2-38.36.1 libndr-standard0-4.4.2-38.36.1 libndr-standard0-debuginfo-4.4.2-38.36.1 libndr0-4.4.2-38.36.1 libndr0-debuginfo-4.4.2-38.36.1 libnetapi0-4.4.2-38.36.1 libnetapi0-debuginfo-4.4.2-38.36.1 libsamba-credentials0-4.4.2-38.36.1 libsamba-credentials0-debuginfo-4.4.2-38.36.1 libsamba-errors0-4.4.2-38.36.1 libsamba-errors0-debuginfo-4.4.2-38.36.1 libsamba-hostconfig0-4.4.2-38.36.1 libsamba-hostconfig0-debuginfo-4.4.2-38.36.1 libsamba-passdb0-4.4.2-38.36.1 libsamba-passdb0-debuginfo-4.4.2-38.36.1 libsamba-util0-4.4.2-38.36.1 libsamba-util0-debuginfo-4.4.2-38.36.1 libsamdb0-4.4.2-38.36.1 libsamdb0-debuginfo-4.4.2-38.36.1 libsmbclient0-4.4.2-38.36.1 libsmbclient0-debuginfo-4.4.2-38.36.1 libsmbconf0-4.4.2-38.36.1 libsmbconf0-debuginfo-4.4.2-38.36.1 libsmbldap0-4.4.2-38.36.1 libsmbldap0-debuginfo-4.4.2-38.36.1 libtevent-util0-4.4.2-38.36.1 libtevent-util0-debuginfo-4.4.2-38.36.1 libwbclient0-4.4.2-38.36.1 libwbclient0-debuginfo-4.4.2-38.36.1 samba-4.4.2-38.36.1 samba-client-4.4.2-38.36.1 samba-client-debuginfo-4.4.2-38.36.1 samba-debuginfo-4.4.2-38.36.1 samba-debugsource-4.4.2-38.36.1 samba-libs-4.4.2-38.36.1 samba-libs-debuginfo-4.4.2-38.36.1 samba-winbind-4.4.2-38.36.1 samba-winbind-debuginfo-4.4.2-38.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.36.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.36.1 libdcerpc0-32bit-4.4.2-38.36.1 libdcerpc0-debuginfo-32bit-4.4.2-38.36.1 libndr-krb5pac0-32bit-4.4.2-38.36.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.36.1 libndr-nbt0-32bit-4.4.2-38.36.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.36.1 libndr-standard0-32bit-4.4.2-38.36.1 libndr-standard0-debuginfo-32bit-4.4.2-38.36.1 libndr0-32bit-4.4.2-38.36.1 libndr0-debuginfo-32bit-4.4.2-38.36.1 libnetapi0-32bit-4.4.2-38.36.1 libnetapi0-debuginfo-32bit-4.4.2-38.36.1 libsamba-credentials0-32bit-4.4.2-38.36.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.36.1 libsamba-errors0-32bit-4.4.2-38.36.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.36.1 libsamba-hostconfig0-32bit-4.4.2-38.36.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.36.1 libsamba-passdb0-32bit-4.4.2-38.36.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.36.1 libsamba-util0-32bit-4.4.2-38.36.1 libsamba-util0-debuginfo-32bit-4.4.2-38.36.1 libsamdb0-32bit-4.4.2-38.36.1 libsamdb0-debuginfo-32bit-4.4.2-38.36.1 libsmbclient0-32bit-4.4.2-38.36.1 libsmbclient0-debuginfo-32bit-4.4.2-38.36.1 libsmbconf0-32bit-4.4.2-38.36.1 libsmbconf0-debuginfo-32bit-4.4.2-38.36.1 libsmbldap0-32bit-4.4.2-38.36.1 libsmbldap0-debuginfo-32bit-4.4.2-38.36.1 libtevent-util0-32bit-4.4.2-38.36.1 libtevent-util0-debuginfo-32bit-4.4.2-38.36.1 libwbclient0-32bit-4.4.2-38.36.1 libwbclient0-debuginfo-32bit-4.4.2-38.36.1 samba-client-32bit-4.4.2-38.36.1 samba-client-debuginfo-32bit-4.4.2-38.36.1 samba-libs-32bit-4.4.2-38.36.1 samba-libs-debuginfo-32bit-4.4.2-38.36.1 samba-winbind-32bit-4.4.2-38.36.1 samba-winbind-debuginfo-32bit-4.4.2-38.36.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): samba-doc-4.4.2-38.36.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.4.2-38.36.1 libdcerpc-binding0-4.4.2-38.36.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.36.1 libdcerpc-binding0-debuginfo-4.4.2-38.36.1 libdcerpc0-32bit-4.4.2-38.36.1 libdcerpc0-4.4.2-38.36.1 libdcerpc0-debuginfo-32bit-4.4.2-38.36.1 libdcerpc0-debuginfo-4.4.2-38.36.1 libndr-krb5pac0-32bit-4.4.2-38.36.1 libndr-krb5pac0-4.4.2-38.36.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.36.1 libndr-krb5pac0-debuginfo-4.4.2-38.36.1 libndr-nbt0-32bit-4.4.2-38.36.1 libndr-nbt0-4.4.2-38.36.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.36.1 libndr-nbt0-debuginfo-4.4.2-38.36.1 libndr-standard0-32bit-4.4.2-38.36.1 libndr-standard0-4.4.2-38.36.1 libndr-standard0-debuginfo-32bit-4.4.2-38.36.1 libndr-standard0-debuginfo-4.4.2-38.36.1 libndr0-32bit-4.4.2-38.36.1 libndr0-4.4.2-38.36.1 libndr0-debuginfo-32bit-4.4.2-38.36.1 libndr0-debuginfo-4.4.2-38.36.1 libnetapi0-32bit-4.4.2-38.36.1 libnetapi0-4.4.2-38.36.1 libnetapi0-debuginfo-32bit-4.4.2-38.36.1 libnetapi0-debuginfo-4.4.2-38.36.1 libsamba-credentials0-32bit-4.4.2-38.36.1 libsamba-credentials0-4.4.2-38.36.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.36.1 libsamba-credentials0-debuginfo-4.4.2-38.36.1 libsamba-errors0-32bit-4.4.2-38.36.1 libsamba-errors0-4.4.2-38.36.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.36.1 libsamba-errors0-debuginfo-4.4.2-38.36.1 libsamba-hostconfig0-32bit-4.4.2-38.36.1 libsamba-hostconfig0-4.4.2-38.36.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.36.1 libsamba-hostconfig0-debuginfo-4.4.2-38.36.1 libsamba-passdb0-32bit-4.4.2-38.36.1 libsamba-passdb0-4.4.2-38.36.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.36.1 libsamba-passdb0-debuginfo-4.4.2-38.36.1 libsamba-util0-32bit-4.4.2-38.36.1 libsamba-util0-4.4.2-38.36.1 libsamba-util0-debuginfo-32bit-4.4.2-38.36.1 libsamba-util0-debuginfo-4.4.2-38.36.1 libsamdb0-32bit-4.4.2-38.36.1 libsamdb0-4.4.2-38.36.1 libsamdb0-debuginfo-32bit-4.4.2-38.36.1 libsamdb0-debuginfo-4.4.2-38.36.1 libsmbclient0-32bit-4.4.2-38.36.1 libsmbclient0-4.4.2-38.36.1 libsmbclient0-debuginfo-32bit-4.4.2-38.36.1 libsmbclient0-debuginfo-4.4.2-38.36.1 libsmbconf0-32bit-4.4.2-38.36.1 libsmbconf0-4.4.2-38.36.1 libsmbconf0-debuginfo-32bit-4.4.2-38.36.1 libsmbconf0-debuginfo-4.4.2-38.36.1 libsmbldap0-32bit-4.4.2-38.36.1 libsmbldap0-4.4.2-38.36.1 libsmbldap0-debuginfo-32bit-4.4.2-38.36.1 libsmbldap0-debuginfo-4.4.2-38.36.1 libtevent-util0-32bit-4.4.2-38.36.1 libtevent-util0-4.4.2-38.36.1 libtevent-util0-debuginfo-32bit-4.4.2-38.36.1 libtevent-util0-debuginfo-4.4.2-38.36.1 libwbclient0-32bit-4.4.2-38.36.1 libwbclient0-4.4.2-38.36.1 libwbclient0-debuginfo-32bit-4.4.2-38.36.1 libwbclient0-debuginfo-4.4.2-38.36.1 samba-4.4.2-38.36.1 samba-client-32bit-4.4.2-38.36.1 samba-client-4.4.2-38.36.1 samba-client-debuginfo-32bit-4.4.2-38.36.1 samba-client-debuginfo-4.4.2-38.36.1 samba-debuginfo-4.4.2-38.36.1 samba-debugsource-4.4.2-38.36.1 samba-libs-32bit-4.4.2-38.36.1 samba-libs-4.4.2-38.36.1 samba-libs-debuginfo-32bit-4.4.2-38.36.1 samba-libs-debuginfo-4.4.2-38.36.1 samba-winbind-32bit-4.4.2-38.36.1 samba-winbind-4.4.2-38.36.1 samba-winbind-debuginfo-32bit-4.4.2-38.36.1 samba-winbind-debuginfo-4.4.2-38.36.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): samba-doc-4.4.2-38.36.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-38.36.1 ctdb-debuginfo-4.4.2-38.36.1 samba-debuginfo-4.4.2-38.36.1 samba-debugsource-4.4.2-38.36.1 References: https://www.suse.com/security/cve/CVE-2020-1472.html https://bugzilla.suse.com/1176579 From sle-updates at lists.suse.com Wed Sep 23 07:18:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 15:18:44 +0200 (CEST) Subject: SUSE-SU-2020:2718-1: moderate: Security update for pdns Message-ID: <20200923131844.5BD2CFCE2@maintenance.suse.de> SUSE Security Update: Security update for pdns ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2718-1 Rating: moderate References: #1176535 SOC-11392 Cross-References: CVE-2020-17482 Affected Products: SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for pdns fixes the following issues: - CVE-2020-17482: Fixed an issue where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory (bsc#1176535) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2718=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2718=1 Package List: - SUSE OpenStack Cloud 8 (x86_64): pdns-4.1.2-3.9.1 pdns-backend-mysql-4.1.2-3.9.1 pdns-backend-mysql-debuginfo-4.1.2-3.9.1 pdns-debuginfo-4.1.2-3.9.1 pdns-debugsource-4.1.2-3.9.1 - HPE Helion Openstack 8 (x86_64): pdns-4.1.2-3.9.1 pdns-backend-mysql-4.1.2-3.9.1 pdns-backend-mysql-debuginfo-4.1.2-3.9.1 pdns-debuginfo-4.1.2-3.9.1 pdns-debugsource-4.1.2-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-17482.html https://bugzilla.suse.com/1176535 From sle-updates at lists.suse.com Wed Sep 23 07:19:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 15:19:36 +0200 (CEST) Subject: SUSE-SU-2020:2720-1: important: Security update for samba Message-ID: <20200923131936.A1DA0FCE2@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2720-1 Rating: important References: #1176579 Cross-References: CVE-2020-1472 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - Update to 4.10.18 - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2720=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2720=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2720=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libndr-devel-4.10.18+git.208.88201368c52-3.17.1 libndr-krb5pac-devel-4.10.18+git.208.88201368c52-3.17.1 libndr-nbt-devel-4.10.18+git.208.88201368c52-3.17.1 libndr-standard-devel-4.10.18+git.208.88201368c52-3.17.1 libsamba-util-devel-4.10.18+git.208.88201368c52-3.17.1 libsmbclient-devel-4.10.18+git.208.88201368c52-3.17.1 libwbclient-devel-4.10.18+git.208.88201368c52-3.17.1 samba-core-devel-4.10.18+git.208.88201368c52-3.17.1 samba-debuginfo-4.10.18+git.208.88201368c52-3.17.1 samba-debugsource-4.10.18+git.208.88201368c52-3.17.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.10.18+git.208.88201368c52-3.17.1 libdcerpc-binding0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libdcerpc0-4.10.18+git.208.88201368c52-3.17.1 libdcerpc0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libndr-krb5pac0-4.10.18+git.208.88201368c52-3.17.1 libndr-krb5pac0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libndr-nbt0-4.10.18+git.208.88201368c52-3.17.1 libndr-nbt0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libndr-standard0-4.10.18+git.208.88201368c52-3.17.1 libndr-standard0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libndr0-4.10.18+git.208.88201368c52-3.17.1 libndr0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libnetapi0-4.10.18+git.208.88201368c52-3.17.1 libnetapi0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libsamba-credentials0-4.10.18+git.208.88201368c52-3.17.1 libsamba-credentials0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libsamba-errors0-4.10.18+git.208.88201368c52-3.17.1 libsamba-errors0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libsamba-hostconfig0-4.10.18+git.208.88201368c52-3.17.1 libsamba-hostconfig0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libsamba-passdb0-4.10.18+git.208.88201368c52-3.17.1 libsamba-passdb0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libsamba-util0-4.10.18+git.208.88201368c52-3.17.1 libsamba-util0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libsamdb0-4.10.18+git.208.88201368c52-3.17.1 libsamdb0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libsmbclient0-4.10.18+git.208.88201368c52-3.17.1 libsmbclient0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libsmbconf0-4.10.18+git.208.88201368c52-3.17.1 libsmbconf0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libsmbldap2-4.10.18+git.208.88201368c52-3.17.1 libsmbldap2-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libtevent-util0-4.10.18+git.208.88201368c52-3.17.1 libtevent-util0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 libwbclient0-4.10.18+git.208.88201368c52-3.17.1 libwbclient0-debuginfo-4.10.18+git.208.88201368c52-3.17.1 samba-4.10.18+git.208.88201368c52-3.17.1 samba-client-4.10.18+git.208.88201368c52-3.17.1 samba-client-debuginfo-4.10.18+git.208.88201368c52-3.17.1 samba-debuginfo-4.10.18+git.208.88201368c52-3.17.1 samba-debugsource-4.10.18+git.208.88201368c52-3.17.1 samba-libs-4.10.18+git.208.88201368c52-3.17.1 samba-libs-debuginfo-4.10.18+git.208.88201368c52-3.17.1 samba-libs-python3-4.10.18+git.208.88201368c52-3.17.1 samba-libs-python3-debuginfo-4.10.18+git.208.88201368c52-3.17.1 samba-winbind-4.10.18+git.208.88201368c52-3.17.1 samba-winbind-debuginfo-4.10.18+git.208.88201368c52-3.17.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdcerpc-binding0-32bit-4.10.18+git.208.88201368c52-3.17.1 libdcerpc-binding0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libdcerpc0-32bit-4.10.18+git.208.88201368c52-3.17.1 libdcerpc0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libndr-krb5pac0-32bit-4.10.18+git.208.88201368c52-3.17.1 libndr-krb5pac0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libndr-nbt0-32bit-4.10.18+git.208.88201368c52-3.17.1 libndr-nbt0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libndr-standard0-32bit-4.10.18+git.208.88201368c52-3.17.1 libndr-standard0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libndr0-32bit-4.10.18+git.208.88201368c52-3.17.1 libndr0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libnetapi0-32bit-4.10.18+git.208.88201368c52-3.17.1 libnetapi0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamba-credentials0-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamba-credentials0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamba-errors0-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamba-errors0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamba-hostconfig0-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamba-hostconfig0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamba-passdb0-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamba-passdb0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamba-util0-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamba-util0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamdb0-32bit-4.10.18+git.208.88201368c52-3.17.1 libsamdb0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libsmbclient0-32bit-4.10.18+git.208.88201368c52-3.17.1 libsmbclient0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libsmbconf0-32bit-4.10.18+git.208.88201368c52-3.17.1 libsmbconf0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libsmbldap2-32bit-4.10.18+git.208.88201368c52-3.17.1 libsmbldap2-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libtevent-util0-32bit-4.10.18+git.208.88201368c52-3.17.1 libtevent-util0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 libwbclient0-32bit-4.10.18+git.208.88201368c52-3.17.1 libwbclient0-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 samba-client-32bit-4.10.18+git.208.88201368c52-3.17.1 samba-client-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 samba-libs-32bit-4.10.18+git.208.88201368c52-3.17.1 samba-libs-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 samba-libs-python3-32bit-4.10.18+git.208.88201368c52-3.17.1 samba-libs-python3-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 samba-winbind-32bit-4.10.18+git.208.88201368c52-3.17.1 samba-winbind-debuginfo-32bit-4.10.18+git.208.88201368c52-3.17.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.10.18+git.208.88201368c52-3.17.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.10.18+git.208.88201368c52-3.17.1 ctdb-debuginfo-4.10.18+git.208.88201368c52-3.17.1 samba-debuginfo-4.10.18+git.208.88201368c52-3.17.1 samba-debugsource-4.10.18+git.208.88201368c52-3.17.1 References: https://www.suse.com/security/cve/CVE-2020-1472.html https://bugzilla.suse.com/1176579 From sle-updates at lists.suse.com Wed Sep 23 13:13:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 21:13:24 +0200 (CEST) Subject: SUSE-SU-2020:2730-1: important: Security update for samba Message-ID: <20200923191324.D8AE7FCEB@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2730-1 Rating: important References: #1176579 Cross-References: CVE-2020-1472 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Update to samba 4.11.13 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403); + dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7; (bso#14424); + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450); + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + lib/util: do not install "test_util_paths"; (bso#14370); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + util: Allow symlinks in directory_create_or_exist; (bso#14166); + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358); + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2730=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2730=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2730=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.11.13+git.189.e9bd318cd13-4.11.1 samba-ad-dc-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-debugsource-4.11.13+git.189.e9bd318cd13-4.11.1 samba-dsdb-modules-4.11.13+git.189.e9bd318cd13-4.11.1 samba-dsdb-modules-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.11.13+git.189.e9bd318cd13-4.11.1 libdcerpc-binding0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libdcerpc-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libdcerpc-samr-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libdcerpc-samr0-4.11.13+git.189.e9bd318cd13-4.11.1 libdcerpc-samr0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libdcerpc0-4.11.13+git.189.e9bd318cd13-4.11.1 libdcerpc0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-krb5pac-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-krb5pac0-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-krb5pac0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-nbt-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-nbt0-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-nbt0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-standard-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-standard0-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-standard0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libndr0-4.11.13+git.189.e9bd318cd13-4.11.1 libndr0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libnetapi-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libnetapi0-4.11.13+git.189.e9bd318cd13-4.11.1 libnetapi0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-credentials-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-credentials0-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-credentials0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-errors-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-errors0-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-errors0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-hostconfig-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-hostconfig0-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-hostconfig0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-passdb-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-passdb0-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-passdb0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-policy-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-policy-python3-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-policy0-python3-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-policy0-python3-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-util-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-util0-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-util0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamdb-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libsamdb0-4.11.13+git.189.e9bd318cd13-4.11.1 libsamdb0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbclient-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbclient0-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbclient0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbconf-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbconf0-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbconf0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbldap-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbldap2-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbldap2-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libtevent-util-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libtevent-util0-4.11.13+git.189.e9bd318cd13-4.11.1 libtevent-util0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libwbclient-devel-4.11.13+git.189.e9bd318cd13-4.11.1 libwbclient0-4.11.13+git.189.e9bd318cd13-4.11.1 libwbclient0-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-4.11.13+git.189.e9bd318cd13-4.11.1 samba-client-4.11.13+git.189.e9bd318cd13-4.11.1 samba-client-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-core-devel-4.11.13+git.189.e9bd318cd13-4.11.1 samba-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-debugsource-4.11.13+git.189.e9bd318cd13-4.11.1 samba-libs-4.11.13+git.189.e9bd318cd13-4.11.1 samba-libs-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-libs-python3-4.11.13+git.189.e9bd318cd13-4.11.1 samba-libs-python3-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-python3-4.11.13+git.189.e9bd318cd13-4.11.1 samba-python3-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-winbind-4.11.13+git.189.e9bd318cd13-4.11.1 samba-winbind-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): samba-ceph-4.11.13+git.189.e9bd318cd13-4.11.1 samba-ceph-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libdcerpc-binding0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libdcerpc0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libdcerpc0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-krb5pac0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-krb5pac0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-nbt0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-nbt0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-standard0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libndr-standard0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libndr0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libndr0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libnetapi0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libnetapi0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-credentials0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-credentials0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-errors0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-errors0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-hostconfig0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-hostconfig0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-passdb0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-passdb0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-util0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libsamba-util0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsamdb0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libsamdb0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbconf0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbconf0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbldap2-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libsmbldap2-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libtevent-util0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libtevent-util0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 libwbclient0-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 libwbclient0-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-libs-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 samba-libs-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-winbind-32bit-4.11.13+git.189.e9bd318cd13-4.11.1 samba-winbind-32bit-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.13+git.189.e9bd318cd13-4.11.1 ctdb-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-debuginfo-4.11.13+git.189.e9bd318cd13-4.11.1 samba-debugsource-4.11.13+git.189.e9bd318cd13-4.11.1 References: https://www.suse.com/security/cve/CVE-2020-1472.html https://bugzilla.suse.com/1176579 From sle-updates at lists.suse.com Wed Sep 23 13:14:15 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 21:14:15 +0200 (CEST) Subject: SUSE-SU-2020:2727-1: moderate: Security update for wavpack Message-ID: <20200923191415.6E6F3FCEB@maintenance.suse.de> SUSE Security Update: Security update for wavpack ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2727-1 Rating: moderate References: #1120930 Cross-References: CVE-2018-19840 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wavpack fixes the following issues: Security issues fixed: - CVE-2018-19840: Fixed a denial-of-service in the WavpackPackInit function from pack_utils.c (bsc#1120930) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2727=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2727=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): wavpack-4.60.99-5.6.3 wavpack-debuginfo-4.60.99-5.6.3 wavpack-debugsource-4.60.99-5.6.3 wavpack-devel-4.60.99-5.6.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libwavpack1-4.60.99-5.6.3 libwavpack1-debuginfo-4.60.99-5.6.3 wavpack-debuginfo-4.60.99-5.6.3 wavpack-debugsource-4.60.99-5.6.3 References: https://www.suse.com/security/cve/CVE-2018-19840.html https://bugzilla.suse.com/1120930 From sle-updates at lists.suse.com Wed Sep 23 13:15:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 21:15:05 +0200 (CEST) Subject: SUSE-SU-2020:2729-1: moderate: Security update for cifs-utils Message-ID: <20200923191505.D3CBFFCEB@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2729-1 Rating: moderate References: #1152930 #1174477 Cross-References: CVE-2020-14342 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477). - Fixed an invalid free in mount.cifs; (bsc#1152930). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2729=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2729=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-5.6.1 cifs-utils-debuginfo-6.9-5.6.1 cifs-utils-debugsource-6.9-5.6.1 cifs-utils-devel-6.9-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-5.6.1 cifs-utils-debuginfo-6.9-5.6.1 cifs-utils-debugsource-6.9-5.6.1 cifs-utils-devel-6.9-5.6.1 References: https://www.suse.com/security/cve/CVE-2020-14342.html https://bugzilla.suse.com/1152930 https://bugzilla.suse.com/1174477 From sle-updates at lists.suse.com Wed Sep 23 13:16:02 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 21:16:02 +0200 (CEST) Subject: SUSE-SU-2020:14498-1: Security update for libcdio Message-ID: <20200923191602.4A961FCEB@maintenance.suse.de> SUSE Security Update: Security update for libcdio ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14498-1 Rating: low References: #1082821 Cross-References: CVE-2017-18199 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcdio and libcdio-mini fixes the following issues: Security issue fixed: - CVE-2017-18199: Fixed a NULL Pointer Dereference in realloc_symlink which could allow remote attackers to cause Denial of Service (bsc#1082821). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libcdio-14498=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libcdio-14498=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libcdio7-0.80-8.3.5 libcdio_cdda0-0.80-8.3.5 libcdio_paranoia0-0.80-8.3.5 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libcdio-debuginfo-0.80-8.3.5 libcdio-debugsource-0.80-8.3.5 References: https://www.suse.com/security/cve/CVE-2017-18199.html https://bugzilla.suse.com/1082821 From sle-updates at lists.suse.com Wed Sep 23 13:16:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 21:16:51 +0200 (CEST) Subject: SUSE-SU-2020:2726-1: moderate: Security update for python-pip Message-ID: <20200923191651.9B199FCEB@maintenance.suse.de> SUSE Security Update: Security update for python-pip ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2726-1 Rating: moderate References: #1176262 SOC-11388 Cross-References: CVE-2019-20916 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in _download_http_url (bsc#1176262) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2726=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2726=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2726=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-pip-9.0.1-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-pip-9.0.1-3.3.1 - HPE Helion Openstack 8 (noarch): python-pip-9.0.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 From sle-updates at lists.suse.com Wed Sep 23 13:17:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 23 Sep 2020 21:17:42 +0200 (CEST) Subject: SUSE-SU-2020:2728-1: moderate: Security update for cifs-utils Message-ID: <20200923191742.17357FCEB@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2728-1 Rating: moderate References: #1174477 Cross-References: CVE-2020-14342 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2728=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2728=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-debuginfo-6.9-13.11.1 cifs-utils-debugsource-6.9-13.11.1 cifs-utils-devel-6.9-13.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-13.11.1 cifs-utils-debuginfo-6.9-13.11.1 cifs-utils-debugsource-6.9-13.11.1 References: https://www.suse.com/security/cve/CVE-2020-14342.html https://bugzilla.suse.com/1174477 From sle-updates at lists.suse.com Thu Sep 24 01:00:59 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 09:00:59 +0200 (CEST) Subject: SUSE-CU-2020:501-1: Security update of suse/sle15 Message-ID: <20200924070059.A7304FCFD@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:501-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.751 Container Release : 8.2.751 Severity : moderate Type : security References : 1174079 1175568 CVE-2020-8027 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). From sle-updates at lists.suse.com Thu Sep 24 04:13:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 12:13:46 +0200 (CEST) Subject: SUSE-SU-2020:2731-1: moderate: Security update for conmon, fuse-overlayfs, libcontainers-common, podman Message-ID: <20200924101346.553B9FCEB@maintenance.suse.de> SUSE Security Update: Security update for conmon, fuse-overlayfs, libcontainers-common, podman ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2731-1 Rating: moderate References: #1162432 #1164090 #1165738 #1171578 #1174075 #1175821 #1175957 SLE-12122 Cross-References: CVE-2020-1726 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise Module for Containers 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 6 fixes is now available. Description: This update for conmon, fuse-overlayfs, libcontainers-common, podman fixes the following issues: podman was updated to v2.0.6 (bsc#1175821) - install missing systemd units for the new Rest API (bsc#1175957) and a few man-pages that where missing before - Drop varlink API related bits (in favor of the new API) - fix install location for zsh completions * Fixed a bug where running systemd in a container on a cgroups v1 system would fail. * Fixed a bug where /etc/passwd could be re-created every time a container is restarted if the container's /etc/passwd did not contain an entry for the user the container was started as. * Fixed a bug where containers without an /etc/passwd file specifying a non-root user would not start. * Fixed a bug where the --remote flag would sometimes not make remote connections and would instead attempt to run Podman locally. Update to v2.0.6: * Features - Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id. - The podman system connection command has been reworked to support multiple connections, and reenabled for use! - Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance. * Changes - Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd). - Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged. * Bugfixes - Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964). - Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271). - Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present. - Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]). - Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893). - Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124). - Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180). - Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104). - Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting. - Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128). - Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed. - Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces. - Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container. - Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image. - Fixed a bug where pod infra containers were not properly unmounted after exiting. - Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route. - Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017). - Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host. - Fixed a bug where podman build would not generate an event on completion (#7022). - Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122). - Fixed a bug where Podman would not create working directories specified by the container image if they did not exist. - Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115). - Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped). - Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123). - Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image. - Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285). - Fixed a bug where the podman version command did not properly include build time and Git commit. - Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734). - Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user. - Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103). * API - Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185). - Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197). - Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found. - Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping). - Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294). - Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value. - The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally. - Change hard requires for AppArmor to Recommends. They are not needed for runtime or with SELinux but already installed if AppArmor is used [jsc#SMO-15] - Add BuildRequires for pkg-config(libselinux) to build with SELinux support [jsc#SMO-15] Update to v2.0.4 * Fixed a bug where the output of podman image search did not populate the Description field as it was mistakenly assigned to the ID field. * Fixed a bug where podman build - and podman build on an HTTP target would fail. * Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes (#7130). * Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output. * Fixed a bug where the podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068). * Fixed a bug where podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100). * Fixed a bug where the --publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062). * Fixed a bug where incorrect arguments to podman images --format could cause Podman to segfault. * Fixed a bug where podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153). * Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of podman stats --format=json. * Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified (#7078). * Fixed a bug where the CgroupVersion field in responses from the compat Info endpoint was prefixed by "v" (instead of just being "1" or "2", as is documented). - Suggest katacontainers instead of recommending it. It's not enabled by default, so it's just bloat Update to v2.0.3 * Fix handling of entrypoint * log API: add context to allow for cancelling * fix API: Create container with an invalid configuration * Remove all instances of named return "err" from Libpod * Fix: Correct connection counters for hijacked connections * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics * Remove hijacked connections from active connections list * version/info: format: allow more json variants * Correctly print STDOUT on non-terminal remote exec * Fix container and pod create commands for remote create * Mask out /sys/dev to prevent information leak from the host * Ensure sig-proxy default is propagated in start * Add SystemdMode to inspect for containers * When determining systemd mode, use full command * Fix lint * Populate remaining unused fields in `pod inspect` * Include infra container information in `pod inspect` * play-kube: add suport for "IfNotPresent" pull type * docs: user namespace can't be shared in pods * Fix "Error: unrecognized protocol \"TCP\" in port mapping" * Error on rootless mac and ip addresses * Fix & add notes regarding problematic language in codebase * abi: set default umask and rlimits * Used reference package with errors for parsing tag * fix: system df error when an image has no name * Fix Generate API title/description * Add noop function disable-content-trust * fix play kube doesn't override dockerfile ENTRYPOINT * Support default profile for apparmor * Bump github.com/containers/common to v0.14.6 * events endpoint: backwards compat to old type * events endpoint: fix panic and race condition * Switch references from libpod.conf to containers.conf * podman.service: set type to simple * podman.service: set doc to podman-system-service * podman.service: use default registries.conf * podman.service: use default killmode * podman.service: remove stop timeout * systemd: symlink user->system * vendor golang.org/x/text at v0.3.3 * Fix a bug where --pids-limit was parsed incorrectly * search: allow wildcards * [CI:DOCS]Do not copy policy.json into gating image * Fix systemd pid 1 test * Cirrus: Rotate keys post repo. rename * The libpod.conf(5) man page got removed and all references are now pointing towards containers.conf(5), which will be part of the libcontainers-common package. Update to podman v2.0.2 * fix race condition in `libpod.GetEvents(...)` * Fix bug where `podman mount` didn't error as rootless * remove podman system connection * Fix imports to ensure v2 is used with libpod * Update release notes for v2.0.2 * specgen: fix order for setting rlimits * Ensure umask is set appropriately for 'system service' * generate systemd: improve pod-flags filter * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil * Fixes --remote flag issues * Pids-limit should only be set if the user set it * Set console mode for windows * Allow empty host port in --publish flag * Add a note on the APIs supported by `system service` * fix: Don't override entrypoint if it's `nil` * Set TMPDIR to /var/tmp by default if not set * test: add tests for --user and volumes * container: move volume chown after spec generation * libpod: volume copyup honors namespace mappings * Fix `system service` panic from early hangup in events * stop podman service in e2e tests * Print errors from individual containers in pods * auto-update: clarify systemd-unit requirements * podman ps truncate the command * move go module to v2 * Vendor containers/common v0.14.4 * Bump to imagebuilder v1.1.6 on v2 branch * Account for non-default port number in image name - Changes since v2.0.1 * Update release notes with further v2.0.1 changes * Fix inspect to display multiple label: changes * Set syslog for exit commands on log-level=debug * Friendly amendment for pr 6751 * podman run/create: support all transports * systemd generate: allow manual restart of container units in pods * Revert sending --remote flag to containers * Print port mappings in `ps` for ctrs sharing network * vendor github.com/containers/common at v0.14.3 * Update release notes for v2.0.1 * utils: drop default mapping when running uid!=0 * Set stop signal to 15 when not explicitly set * podman untag: error if tag doesn't exist * Reformat inspect network settings * APIv2: Return `StatusCreated` from volume creation * APIv2:fix: Remove `/json` from compat network EPs * Fix ssh-agent support * libpod: specify mappings to the storage * APIv2:doc: Fix swagger doc to refer to volumes * Add podman network to bash command completions * Fix typo in manpage for `podman auto update`. * Add JSON output field for ps * V2 podman system connection * image load: no args required * Re-add PODMAN_USERNS environment variable * Fix conflicts between privileged and other flags * Bump required go version to 1.13 * Add explicit command to alpine container in test case. * Use POLL_DURATION for timer * Stop following logs using timers * "pod" was being truncated to "po" in the names of the generated systemd unit files. * rootless_linux: improve error message * Fix podman build handling of --http-proxy flag * correct the absolute path of `rm` executable * Makefile: allow customizable GO_BUILD * Cirrus: Change DEST_BRANCH to v2.0 Update to podman v2.0.0 * The `podman generate systemd` command now supports the `--new` flag when used with pods, allowing portable services for pods to be created. * The `podman play kube` command now supports running Kubernetes Deployment YAML. * The `podman exec` command now supports the `--detach` flag to run commands in the container in the background. * The `-p` flag to `podman run` and `podman create` now supports forwarding ports to IPv6 addresses. * The `podman run`, `podman create` and `podman pod create` command now support a `--replace` flag to remove and replace any existing container (or, for `pod create`, pod) with the same name * The `--restart-policy` flag to `podman run` and `podman create` now supports the `unless-stopped` restart policy. * The `--log-driver` flag to `podman run` and `podman create` now supports the `none` driver, which does not log the container's output. * The `--mount` flag to `podman run` and `podman create` now accepts `readonly` option as an alias to `ro`. * The `podman generate systemd` command now supports the `--container-prefix`, `--pod-prefix`, and `--separator` arguments to control the name of generated unit files. * The `podman network ls` command now supports the `--filter` flag to filter results. * The `podman auto-update` command now supports specifying an authfile to use when pulling new images on a per-container basis using the `io.containers.autoupdate.authfile` label. * Fixed a bug where the `podman exec` command would log to journald when run in containers loggined to journald ([#6555](https://github.com/containers/libpod/issues/6555)). * Fixed a bug where the `podman auto-update` command would not preserve the OS and architecture of the original image when pulling a replacement ([#6613](https://github.com/containers/libpod/issues/6613)). * Fixed a bug where the `podman cp` command could create an extra `merged` directory when copying into an existing directory ([#6596](https://github.com/containers/libpod/issues/6596)). * Fixed a bug where the `podman pod stats` command would crash on pods run with `--network=host` ([#5652](https://github.com/containers/libpod/issues/5652)). * Fixed a bug where containers logs written to journald did not include the name of the container. * Fixed a bug where the `podman network inspect` and `podman network rm` commands did not properly handle non-default CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)). * Fixed a bug where Podman did not properly remove containers when using the Kata containers OCI runtime. * Fixed a bug where `podman inspect` would sometimes incorrectly report the network mode of containers started with `--net=none`. * Podman is now better able to deal with cases where `conmon` is killed before the container it is monitoring. Update to podman v1.9.3: * Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets were not properly mounted into containers * Fixed a bug where builds run over Varlink would hang * Fixed a bug where podman save would fail when the target image was specified by digest * Fixed a bug where rootless containers with ports forwarded to them could panic and dump core due to a concurrency issue (#6018) * Fixed a bug where rootless Podman could race when opening the rootless user namespace, resulting in commands failing to run * Fixed a bug where HTTP proxy environment variables forwarded into the container by the --http-proxy flag could not be overridden by --env or --env-file * Fixed a bug where rootless Podman was setting resource limits on cgroups v2 systems that were not using systemd-managed cgroups (and thus did not support resource limits), resulting in containers failing to start Update podman to v1.9.1: * Bugfixes - Fixed a bug where healthchecks could become nonfunctional if container log paths were manually set with --log-path and multiple container logs were placed in the same directory - Fixed a bug where rootless Podman could, when using an older libpod.conf, print numerous warning messages about an invalid CGroup manager config - Fixed a bug where rootless Podman would sometimes fail to close the rootless user namespace when joining it Update podman to v1.9.0: * Features - Experimental support has been added for podman run --userns=auto, which automatically allocates a unique UID and GID range for the new container's user namespace - The podman play kube command now has a --network flag to place the created pod in one or more CNI networks - The podman commit command now supports an --iidfile flag to write the ID of the committed image to a file - Initial support for the new containers.conf configuration file has been added. containers.conf allows for much more detailed configuration of some Podman functionality * Changes - There has been a major cleanup of the podman info command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2 - All uses of the --timeout flag have been switched to prefer the alternative --time. The --timeout flag will continue to work, but man pages and --help will use the --time flag instead * Bugfixes - Fixed a bug where some volume mounts from the host would sometimes not properly determine the flags they should use when mounting - Fixed a bug where Podman was not propagating $PATH to Conmon and the OCI runtime, causing issues for some OCI runtimes that required it - Fixed a bug where rootless Podman would print error messages about missing support for systemd cgroups when run in a container with no cgroup support - Fixed a bug where podman play kube would not properly handle container-only port mappings (#5610) - Fixed a bug where the podman container prune command was not pruning containers in the created and configured states - Fixed a bug where Podman was not properly removing CNI IP address allocations after a reboot (#5433) - Fixed a bug where Podman was not properly applying the default Seccomp profile when --security-opt was not given at the command line * HTTP API - Many Libpod API endpoints have been added, including Changes, Checkpoint, Init, and Restore - Resolved issues where the podman system service command would time out and exit while there were still active connections - Stability overall has greatly improved as we prepare the API for a beta release soon with Podman 2.0 * Misc - The default infra image for pods has been upgraded to k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the architecture metadata for non-AMD64 images - The slirp4netns networking utility in rootless Podman now uses Seccomp filtering where available for improved security - Updated Buildah to v1.14.8 - Updated containers/storage to v1.18.2 - Updated containers/image to v5.4.3 - Updated containers/common to v0.8.1 - Add "systemd" BUILDFLAGS to build with support for journald logging (bsc#1162432) Update podman to v1.8.2: * Features - Initial support for automatically updating containers managed via Systemd unit files has been merged. This allows containers to automatically upgrade if a newer version of their image becomes available * Bugfixes - Fixed a bug where unit files generated by podman generate systemd --new would not force containers to detach, causing the unit to time out when trying to start - Fixed a bug where podman system reset could delete important system directories if run as rootless on installations created by older Podman (#4831) - Fixed a bug where image built by podman build would not properly set the OS and Architecture they were built with (#5503) - Fixed a bug where attached podman run with --sig-proxy enabled (the default), when built with Go 1.14, would repeatedly send signal 23 to the process in the container and could generate errors when the container stopped (#5483) - Fixed a bug where rootless podman run commands could hang when forwarding ports - Fixed a bug where rootless Podman would not work when /proc was mounted with the hidepid option set - Fixed a bug where the podman system service command would use large amounts of CPU when --timeout was set to 0 (#5531) * HTTP API - Initial support for Libpod endpoints related to creating and operating on image manifest lists has been added - The Libpod Healthcheck and Events API endpoints are now supported - The Swagger endpoint can now handle cases where no Swagger documentation has been generated Update podman to v1.8.1: * Features - Many networking-related flags have been added to podman pod create to enable customization of pod networks, including --add-host, --dns, --dns-opt, --dns-search, --ip, --mac-address, --network, and --no-hosts - The podman ps --format=json command now includes the ID of the image containers were created with - The podman run and podman create commands now feature an --rmi flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/containers/libpod/issues/4628)) - The podman create and podman run commands now support the --device-cgroup-rule flag (#4876) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below - The podman create and podman run commands now feature a --no-healthcheck flag to disable healthchecks for a container (#5299) - Containers now recognize the io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities used - YAML produced by the podman generate kube command now includes SELinux configuration passed into the container via --security-opt label=... (#4950) * Bugfixes - Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container - Fixed a bug where Podman containers with user namespaces in CNI networks with the DNS plugin enabled would not have the DNS plugin's nameserver added to their resolv.conf ([#5256](https://github.com/containers/libpod/issues/5256)) - Fixed a bug where trailing / characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/5219)) - Fixed a bug where the label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087) - Fixed a bug where the podman login and podman logout commands required the registry to log into be specified (#5146) - Fixed a bug where detached rootless Podman containers could not forward ports (#5167) - Fixed a bug where rootless Podman could fail to run if the pause process had died - Fixed a bug where Podman ignored labels that were specified with only a key and no value (#3854) - Fixed a bug where Podman would fail to create named volumes when the backing filesystem did not support SELinux labelling (#5200) - Fixed a bug where --detach-keys="" would not disable detaching from a container (#5166) - Fixed a bug where the podman ps command was too aggressive when filtering containers and would force --all on in too many situations - Fixed a bug where the podman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174) - Fixed a bug where the Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issues/5110)) - Fixed a bug where rootless Podman containers with ports forwarded could hang when started (#5182) - Fixed a bug where podman pull could fail to parse registry names including port numbers - Fixed a bug where Podman would incorrectly attempt to validate image OS and architecture when starting containers - Fixed a bug where Bash completion for podman build -f would not list available files that could be built (#3878) - Fixed a bug where podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148) - Fixed a bug where podman logs --tail could take large amounts of memory when the log file for a container was large (#5131) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using firewalld - Fixed a bug where the podman inspect command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) - Fixed a bug where the --uts flag to podman create and podman run would only allow specifying containers by full ID (#5289) - Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors - Fixed a bug where the podman port command was incorrectly interpreting additional arguments as container names, instead of port numbers - Fixed a bug where units created by podman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130) - Fixed a bug where exec sessions in containers which did not specify a user would not inherit supplemental groups added to the container via --group-add - Fixed a bug where Podman would not respect the $TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) ([#5411](https://github.com/containers/libpod/issues/5411)) * HTTP API - Initial support for secure connections to servers via SSH tunneling has been added - Initial support for the libpod create and logs endpoints for containers has been added - Added a /swagger/ endpoint to serve API documentation - The json endpoint for containers has received many fixes - Filtering images and containers has been greatly improved, with many bugs fixed and documentation improved - Image creation endpoints (commit, pull, etc) have seen many fixes - Server timeout has been fixed so that long operations will no longer trigger the timeout and shut the server down - The stats endpoint for containers has seen major fixes and now provides accurate output - Handling the HTTP 304 status code has been fixed for all endpoints - Many fixes have been made to API documentation to ensure it matches the code * Misc - The Created field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name shou ld still work - The CreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still work - The before filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter - Using the --password flag to podman login now warns that passwords are being passed in plaintext - Some common cases where Podman would deadlock have been fixed to warn the user that podman system renumber must be run to resolve the deadlock - Configure br_netfilter for podman automatically (bsc#1165738) The trigger is only excuted when updating podman-cni-config while the command was running conmon was update to v2.0.20 (bsc#1175821) - journald: fix logging container name - container logging: Implement none driver - "off", "null" or "none" all work. - ctrl: warn if we fail to unlink - Drop fsync calls - Reap PIDs before running exit command - Fix log path parsing - Add --sync option to prevent conmon from double forking - Add --no-sync-log option to instruct conmon to not sync the logs of the containers upon shutting down. This feature fixes a regression where we unconditionally dropped the log sync. It is possible the container logs could be corrupted on a sudden power-off. If you need container logs to remain in consistent state after a sudden shutdown, please update from v2.0.19 to v2.0.20 - Update to v2.0.17: - Add option to delay execution of exit command - Update to v2.0.16: - tty: flush pending data when fd is ready - Enable support for journald logging (bsc#1162432) - Update to v2.0.15: - store status while waiting for pid - Update to v2.0.14: - drop usage of splice(2) - avoid hanging on stdin - stdio: sometimes quit main loop after io is done - ignore sigpipe - Update to v2.0.12 - oom: fix potential race between verification steps - Update to v2.0.11 - log: reject --log-tag with k8s-file - chmod std files pipes - adjust score to -1000 to prevent conmon from ever being OOM killed - container OOM: verify cgroup hasn't been cleaned up before reporting OOM - journal logging: write to /dev/null instead of -1 fuse-overlayfs was updated to 1.1.2 (bsc#1175821): - fix memory leak when creating whiteout files. - fix lookup for overflow uid when it is different than the overflow gid. - use openat2(2) when available. - accept "ro" as mount option. - fix set mtime for a symlink. - fix some issues reported by static analysis. - fix potential infinite loop on a short read. - fix creating a directory if the destination already exists in the upper layer. - report correctly the number of links for a directory also for subsequent stat calls - stop looking up the ino in the lower layers if the file could not be opened - make sure the destination is deleted before doing a rename(2). It prevents a left over directory to cause delete to fail with EEXIST. - honor --debug. libcontainers-common was updated to fix: - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Added containers/common tarball for containers.conf(5) man page - Install containers.conf default configuration in /usr/share/containers - libpod repository on github got renamed to podman - Update to image 5.5.1 - Add documentation for credHelpera - Add defaults for using the rootless policy path - Update libpod/podman to 2.0.3 - docs: user namespace can't be shared in pods - Switch references from libpod.conf to containers.conf - Allow empty host port in --publish flag - update document login see config.json as valid - Update storage to 1.20.2 - Add back skip_mount_home - Remove remaining difference between SLE and openSUSE package and ship the some mounts.conf default configuration on both platforms. As the sources for the mount point do not exist on openSUSE by default this config will basically have no effect on openSUSE. (jsc#SLE-12122, bsc#1175821) - Update to image 5.4.4 - Remove registries.conf VERSION 2 references from man page - Intial authfile man page - Add $HOME/.config/containers/certs.d to perHostCertDirPath - Add $HOME/.config/containers/registries.conf to config path - registries.conf.d: add stances for the registries.conf - update to libpod 1.9.3 - userns: support --userns=auto - Switch to using --time as opposed to --timeout to better match Docker - Add support for specifying CNI networks in podman play kube - man pages: fix inconsistencies - Update to storage 1.19.1 - userns: add support for auto - store: change the default user to containers - config: honor XDG_CONFIG_HOME - Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again. It never ended up in SLES and a different way to fix the underlying problem is being worked on. - Add registry.opensuse.org as default registry [bsc#1171578] - Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts. This for making container-suseconnect working in the public cloud on-demand images. It needs that file for being able to verify the server certificates of the RMT servers hosted in the public cloud. (https://github.com/SUSE/container-suseconnect/issues/41) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2020-2731=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-2731=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2731=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2731=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): conmon-2.0.20-3.6.1 conmon-debuginfo-2.0.20-3.6.1 fuse-overlayfs-1.1.2-3.9.1 fuse-overlayfs-debuginfo-1.1.2-3.9.1 fuse-overlayfs-debugsource-1.1.2-3.9.1 podman-2.0.6-4.25.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (noarch): podman-cni-config-2.0.6-4.25.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): conmon-2.0.20-3.6.1 conmon-debuginfo-2.0.20-3.6.1 fuse-overlayfs-1.1.2-3.9.1 fuse-overlayfs-debuginfo-1.1.2-3.9.1 fuse-overlayfs-debugsource-1.1.2-3.9.1 podman-2.0.6-4.25.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (noarch): podman-cni-config-2.0.6-4.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libcontainers-common-20200727-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libcontainers-common-20200727-3.12.1 References: https://www.suse.com/security/cve/CVE-2020-1726.html https://bugzilla.suse.com/1162432 https://bugzilla.suse.com/1164090 https://bugzilla.suse.com/1165738 https://bugzilla.suse.com/1171578 https://bugzilla.suse.com/1174075 https://bugzilla.suse.com/1175821 https://bugzilla.suse.com/1175957 From sle-updates at lists.suse.com Thu Sep 24 07:14:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 15:14:27 +0200 (CEST) Subject: SUSE-SU-2020:2733-1: moderate: Security update for bcm43xx-firmware Message-ID: <20200924131427.AF3C9FCE2@maintenance.suse.de> SUSE Security Update: Security update for bcm43xx-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2733-1 Rating: moderate References: #1169094 #1176631 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for bcm43xx-firmware fixes the following issues: - Update bluetooth firmware to address Sweyntooth and Spectra issues (bsc#1176631): - brcmfmac driver loads file depending on compatible. Rename files correspondingly. (bsc#1169094) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2733=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): bcm43xx-firmware-20180314-15.3.1 References: https://bugzilla.suse.com/1169094 https://bugzilla.suse.com/1176631 From sle-updates at lists.suse.com Thu Sep 24 07:16:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 15:16:21 +0200 (CEST) Subject: SUSE-RU-2020:2732-1: moderate: Recommended update for yast2-add-on Message-ID: <20200924131621.70D40FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-add-on ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2732-1 Rating: moderate References: #1172477 #1174562 #1175374 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-add-on fixes the following issues: - Do not skip the Full medium add-on selection when a driver update disk (DUD) is used (bsc#1174562) - 4.2.17 - Fixed regression in the add-on repository names in AutoYaST installation (bsc#1175374, related to bsc#1172477) - 4.2.16 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2732=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2020-2732=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-add-on-4.2.17-3.3.2 - SUSE Linux Enterprise Installer 15-SP2 (noarch): yast2-add-on-4.2.17-3.3.2 References: https://bugzilla.suse.com/1172477 https://bugzilla.suse.com/1174562 https://bugzilla.suse.com/1175374 From sle-updates at lists.suse.com Thu Sep 24 10:15:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 18:15:17 +0200 (CEST) Subject: SUSE-RU-2020:2736-1: moderate: Recommended update for yast2-network Message-ID: <20200924161517.152A3FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2736-1 Rating: moderate References: #1176313 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-network fixes the following issues: - Fix connection hostname initialization (bsc#1175579) - Infer the vlan_id from the interface file name when the attribute is not declared explicitly (bsc#1176575) - When proposing the virtualization network configuration, force a read of the current configuration in case that it is not present (bsc#1176313) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2736=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-network-4.2.78-3.20.1 References: https://bugzilla.suse.com/1176313 From sle-updates at lists.suse.com Thu Sep 24 10:16:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 18:16:09 +0200 (CEST) Subject: SUSE-RU-2020:2739-1: moderate: Recommended update for gnote Message-ID: <20200924161609.92474FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnote ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2739-1 Rating: moderate References: #1075342 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnote fixes the following issues: - Fix for newly enabled plugin "Export to HTML" as it is not responding by selection. (bsc#1075342) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2739=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): gnote-lang-3.34.2-3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): gnome-shell-search-provider-gnote-3.34.2-3.3.1 gnote-3.34.2-3.3.1 gnote-debuginfo-3.34.2-3.3.1 gnote-debugsource-3.34.2-3.3.1 References: https://bugzilla.suse.com/1075342 From sle-updates at lists.suse.com Thu Sep 24 10:17:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 18:17:04 +0200 (CEST) Subject: SUSE-RU-2020:2735-1: moderate: Recommended update for systemd-rpm-macros Message-ID: <20200924161704.DF740FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2735-1 Rating: moderate References: #1173034 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd-rpm-macros fixes the following issues: - Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2735=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2735=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-rpm-macros-4-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): systemd-rpm-macros-4-7.3.1 References: https://bugzilla.suse.com/1173034 From sle-updates at lists.suse.com Thu Sep 24 10:20:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 18:20:21 +0200 (CEST) Subject: SUSE-RU-2020:2738-1: Recommended update for mariadb Message-ID: <20200924162021.57628FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2738-1 Rating: low References: Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for mariadb fixes the following issue: - Enable checking of hostnames from SubjectAlternativeNames. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2738=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2738=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2738=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libmysqlclient18-10.0.40.4-29.47.1 libmysqlclient18-debuginfo-10.0.40.4-29.47.1 - SUSE OpenStack Cloud 8 (x86_64): libmysqlclient18-10.0.40.4-29.47.1 libmysqlclient18-debuginfo-10.0.40.4-29.47.1 - HPE Helion Openstack 8 (x86_64): libmysqlclient18-10.0.40.4-29.47.1 libmysqlclient18-debuginfo-10.0.40.4-29.47.1 References: From sle-updates at lists.suse.com Thu Sep 24 10:21:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 18:21:06 +0200 (CEST) Subject: SUSE-RU-2020:2737-1: moderate: Recommended update for gnote Message-ID: <20200924162106.477F3FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnote ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2737-1 Rating: moderate References: #1075342 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnote fixes the following issues: - Fix for newly enabled plugin "Export to HTML" as it is not responding by selection. (bsc#1075342) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2737=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): gnote-lang-3.26.0-5.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): gnome-shell-search-provider-gnote-3.26.0-5.3.1 gnote-3.26.0-5.3.1 gnote-debuginfo-3.26.0-5.3.1 gnote-debugsource-3.26.0-5.3.1 References: https://bugzilla.suse.com/1075342 From sle-updates at lists.suse.com Thu Sep 24 13:13:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 21:13:43 +0200 (CEST) Subject: SUSE-SU-2020:2741-1: important: Security update for libqt5-qtbase Message-ID: <20200924191343.8A0CBFCEB@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2741-1 Rating: important References: #1172515 #1176315 Cross-References: CVE-2020-17507 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2741=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2741=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libQt5OpenGLExtensions-devel-static-5.9.7-13.8.1 libQt5Sql5-mysql-5.9.7-13.8.1 libQt5Sql5-mysql-debuginfo-5.9.7-13.8.1 libQt5Sql5-postgresql-5.9.7-13.8.1 libQt5Sql5-postgresql-debuginfo-5.9.7-13.8.1 libQt5Sql5-unixODBC-5.9.7-13.8.1 libQt5Sql5-unixODBC-debuginfo-5.9.7-13.8.1 libqt5-qtbase-debugsource-5.9.7-13.8.1 libqt5-qtbase-platformtheme-gtk3-5.9.7-13.8.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.9.7-13.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libQt5Concurrent-devel-5.9.7-13.8.1 libQt5Concurrent5-5.9.7-13.8.1 libQt5Concurrent5-debuginfo-5.9.7-13.8.1 libQt5Core-devel-5.9.7-13.8.1 libQt5Core5-5.9.7-13.8.1 libQt5Core5-debuginfo-5.9.7-13.8.1 libQt5DBus-devel-5.9.7-13.8.1 libQt5DBus-devel-debuginfo-5.9.7-13.8.1 libQt5DBus5-5.9.7-13.8.1 libQt5DBus5-debuginfo-5.9.7-13.8.1 libQt5Gui-devel-5.9.7-13.8.1 libQt5Gui5-5.9.7-13.8.1 libQt5Gui5-debuginfo-5.9.7-13.8.1 libQt5KmsSupport-devel-static-5.9.7-13.8.1 libQt5Network-devel-5.9.7-13.8.1 libQt5Network5-5.9.7-13.8.1 libQt5Network5-debuginfo-5.9.7-13.8.1 libQt5OpenGL-devel-5.9.7-13.8.1 libQt5OpenGL5-5.9.7-13.8.1 libQt5OpenGL5-debuginfo-5.9.7-13.8.1 libQt5PlatformHeaders-devel-5.9.7-13.8.1 libQt5PlatformSupport-devel-static-5.9.7-13.8.1 libQt5PrintSupport-devel-5.9.7-13.8.1 libQt5PrintSupport5-5.9.7-13.8.1 libQt5PrintSupport5-debuginfo-5.9.7-13.8.1 libQt5Sql-devel-5.9.7-13.8.1 libQt5Sql5-5.9.7-13.8.1 libQt5Sql5-debuginfo-5.9.7-13.8.1 libQt5Sql5-sqlite-5.9.7-13.8.1 libQt5Sql5-sqlite-debuginfo-5.9.7-13.8.1 libQt5Test-devel-5.9.7-13.8.1 libQt5Test5-5.9.7-13.8.1 libQt5Test5-debuginfo-5.9.7-13.8.1 libQt5Widgets-devel-5.9.7-13.8.1 libQt5Widgets5-5.9.7-13.8.1 libQt5Widgets5-debuginfo-5.9.7-13.8.1 libQt5Xml-devel-5.9.7-13.8.1 libQt5Xml5-5.9.7-13.8.1 libQt5Xml5-debuginfo-5.9.7-13.8.1 libqt5-qtbase-common-devel-5.9.7-13.8.1 libqt5-qtbase-common-devel-debuginfo-5.9.7-13.8.1 libqt5-qtbase-debugsource-5.9.7-13.8.1 libqt5-qtbase-devel-5.9.7-13.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libQt5Core-private-headers-devel-5.9.7-13.8.1 libQt5DBus-private-headers-devel-5.9.7-13.8.1 libQt5Gui-private-headers-devel-5.9.7-13.8.1 libQt5KmsSupport-private-headers-devel-5.9.7-13.8.1 libQt5Network-private-headers-devel-5.9.7-13.8.1 libQt5OpenGL-private-headers-devel-5.9.7-13.8.1 libQt5PlatformSupport-private-headers-devel-5.9.7-13.8.1 libQt5PrintSupport-private-headers-devel-5.9.7-13.8.1 libQt5Sql-private-headers-devel-5.9.7-13.8.1 libQt5Test-private-headers-devel-5.9.7-13.8.1 libQt5Widgets-private-headers-devel-5.9.7-13.8.1 libqt5-qtbase-private-headers-devel-5.9.7-13.8.1 References: https://www.suse.com/security/cve/CVE-2020-17507.html https://bugzilla.suse.com/1172515 https://bugzilla.suse.com/1176315 From sle-updates at lists.suse.com Thu Sep 24 13:14:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 21:14:40 +0200 (CEST) Subject: SUSE-SU-2020:2742-1: important: Security update for libqt5-qtbase Message-ID: <20200924191440.A1DA3FCEB@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2742-1 Rating: important References: #1172515 #1176315 Cross-References: CVE-2020-17507 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Fixed various issues discovered by fuzzing: - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515): Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2742=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2742=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libQt5OpenGLExtensions-devel-static-5.12.7-4.6.1 libQt5Sql5-mysql-5.12.7-4.6.1 libQt5Sql5-mysql-debuginfo-5.12.7-4.6.1 libQt5Sql5-postgresql-5.12.7-4.6.1 libQt5Sql5-postgresql-debuginfo-5.12.7-4.6.1 libQt5Sql5-unixODBC-5.12.7-4.6.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-4.6.1 libqt5-qtbase-debugsource-5.12.7-4.6.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-4.6.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libQt5Concurrent-devel-5.12.7-4.6.1 libQt5Concurrent5-5.12.7-4.6.1 libQt5Concurrent5-debuginfo-5.12.7-4.6.1 libQt5Core-devel-5.12.7-4.6.1 libQt5Core5-5.12.7-4.6.1 libQt5Core5-debuginfo-5.12.7-4.6.1 libQt5DBus-devel-5.12.7-4.6.1 libQt5DBus-devel-debuginfo-5.12.7-4.6.1 libQt5DBus5-5.12.7-4.6.1 libQt5DBus5-debuginfo-5.12.7-4.6.1 libQt5Gui-devel-5.12.7-4.6.1 libQt5Gui5-5.12.7-4.6.1 libQt5Gui5-debuginfo-5.12.7-4.6.1 libQt5KmsSupport-devel-static-5.12.7-4.6.1 libQt5Network-devel-5.12.7-4.6.1 libQt5Network5-5.12.7-4.6.1 libQt5Network5-debuginfo-5.12.7-4.6.1 libQt5OpenGL-devel-5.12.7-4.6.1 libQt5OpenGL5-5.12.7-4.6.1 libQt5OpenGL5-debuginfo-5.12.7-4.6.1 libQt5PlatformHeaders-devel-5.12.7-4.6.1 libQt5PlatformSupport-devel-static-5.12.7-4.6.1 libQt5PrintSupport-devel-5.12.7-4.6.1 libQt5PrintSupport5-5.12.7-4.6.1 libQt5PrintSupport5-debuginfo-5.12.7-4.6.1 libQt5Sql-devel-5.12.7-4.6.1 libQt5Sql5-5.12.7-4.6.1 libQt5Sql5-debuginfo-5.12.7-4.6.1 libQt5Sql5-sqlite-5.12.7-4.6.1 libQt5Sql5-sqlite-debuginfo-5.12.7-4.6.1 libQt5Test-devel-5.12.7-4.6.1 libQt5Test5-5.12.7-4.6.1 libQt5Test5-debuginfo-5.12.7-4.6.1 libQt5Widgets-devel-5.12.7-4.6.1 libQt5Widgets5-5.12.7-4.6.1 libQt5Widgets5-debuginfo-5.12.7-4.6.1 libQt5Xml-devel-5.12.7-4.6.1 libQt5Xml5-5.12.7-4.6.1 libQt5Xml5-debuginfo-5.12.7-4.6.1 libqt5-qtbase-common-devel-5.12.7-4.6.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-4.6.1 libqt5-qtbase-debugsource-5.12.7-4.6.1 libqt5-qtbase-devel-5.12.7-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libQt5Core-private-headers-devel-5.12.7-4.6.1 libQt5DBus-private-headers-devel-5.12.7-4.6.1 libQt5Gui-private-headers-devel-5.12.7-4.6.1 libQt5KmsSupport-private-headers-devel-5.12.7-4.6.1 libQt5Network-private-headers-devel-5.12.7-4.6.1 libQt5OpenGL-private-headers-devel-5.12.7-4.6.1 libQt5PlatformSupport-private-headers-devel-5.12.7-4.6.1 libQt5PrintSupport-private-headers-devel-5.12.7-4.6.1 libQt5Sql-private-headers-devel-5.12.7-4.6.1 libQt5Test-private-headers-devel-5.12.7-4.6.1 libQt5Widgets-private-headers-devel-5.12.7-4.6.1 libqt5-qtbase-private-headers-devel-5.12.7-4.6.1 References: https://www.suse.com/security/cve/CVE-2020-17507.html https://bugzilla.suse.com/1172515 https://bugzilla.suse.com/1176315 From sle-updates at lists.suse.com Thu Sep 24 13:15:40 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 21:15:40 +0200 (CEST) Subject: SUSE-SU-2020:2744-1: moderate: Security update for tiff Message-ID: <20200924191540.E49E8FCEB@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2744-1 Rating: moderate References: #1146608 Cross-References: CVE-2019-14973 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tiff fixes the following issues: - CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2744=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2744=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2744=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2744=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2744=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2744=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-5.30.28 tiff-debuginfo-4.0.9-5.30.28 tiff-debugsource-4.0.9-5.30.28 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-5.30.28 tiff-debuginfo-4.0.9-5.30.28 tiff-debugsource-4.0.9-5.30.28 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): libtiff5-32bit-4.0.9-5.30.28 libtiff5-32bit-debuginfo-4.0.9-5.30.28 tiff-debugsource-4.0.9-5.30.28 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (x86_64): libtiff5-32bit-4.0.9-5.30.28 libtiff5-32bit-debuginfo-4.0.9-5.30.28 tiff-debugsource-4.0.9-5.30.28 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-5.30.28 libtiff5-4.0.9-5.30.28 libtiff5-debuginfo-4.0.9-5.30.28 tiff-debuginfo-4.0.9-5.30.28 tiff-debugsource-4.0.9-5.30.28 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-5.30.28 libtiff5-4.0.9-5.30.28 libtiff5-debuginfo-4.0.9-5.30.28 tiff-debuginfo-4.0.9-5.30.28 tiff-debugsource-4.0.9-5.30.28 References: https://www.suse.com/security/cve/CVE-2019-14973.html https://bugzilla.suse.com/1146608 From sle-updates at lists.suse.com Thu Sep 24 13:16:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 24 Sep 2020 21:16:34 +0200 (CEST) Subject: SUSE-SU-2020:2743-1: important: Security update for qemu Message-ID: <20200924191634.855FEFCEB@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2743-1 Rating: important References: #1172384 #1174386 #1174641 #1175441 Cross-References: CVE-2020-13361 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for qemu fixes the following issues: - CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation (bsc#1172384). - CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441). - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641). - CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386). - Fix OOB access in ROM loading Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2743=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): qemu-3.1.1.1-45.1 qemu-audio-alsa-3.1.1.1-45.1 qemu-audio-alsa-debuginfo-3.1.1.1-45.1 qemu-audio-oss-3.1.1.1-45.1 qemu-audio-oss-debuginfo-3.1.1.1-45.1 qemu-audio-pa-3.1.1.1-45.1 qemu-audio-pa-debuginfo-3.1.1.1-45.1 qemu-audio-sdl-3.1.1.1-45.1 qemu-audio-sdl-debuginfo-3.1.1.1-45.1 qemu-block-curl-3.1.1.1-45.1 qemu-block-curl-debuginfo-3.1.1.1-45.1 qemu-block-iscsi-3.1.1.1-45.1 qemu-block-iscsi-debuginfo-3.1.1.1-45.1 qemu-block-ssh-3.1.1.1-45.1 qemu-block-ssh-debuginfo-3.1.1.1-45.1 qemu-debugsource-3.1.1.1-45.1 qemu-guest-agent-3.1.1.1-45.1 qemu-guest-agent-debuginfo-3.1.1.1-45.1 qemu-lang-3.1.1.1-45.1 qemu-tools-3.1.1.1-45.1 qemu-tools-debuginfo-3.1.1.1-45.1 qemu-ui-curses-3.1.1.1-45.1 qemu-ui-curses-debuginfo-3.1.1.1-45.1 qemu-ui-gtk-3.1.1.1-45.1 qemu-ui-gtk-debuginfo-3.1.1.1-45.1 qemu-ui-sdl-3.1.1.1-45.1 qemu-ui-sdl-debuginfo-3.1.1.1-45.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): qemu-block-rbd-3.1.1.1-45.1 qemu-block-rbd-debuginfo-3.1.1.1-45.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): qemu-kvm-3.1.1.1-45.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): qemu-arm-3.1.1.1-45.1 qemu-arm-debuginfo-3.1.1.1-45.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): qemu-ppc-3.1.1.1-45.1 qemu-ppc-debuginfo-3.1.1.1-45.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): qemu-ipxe-1.0.0+-45.1 qemu-seabios-1.12.0-45.1 qemu-sgabios-8-45.1 qemu-vgabios-1.12.0-45.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): qemu-x86-3.1.1.1-45.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): qemu-s390-3.1.1.1-45.1 qemu-s390-debuginfo-3.1.1.1-45.1 References: https://www.suse.com/security/cve/CVE-2020-13361.html https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-15863.html https://www.suse.com/security/cve/CVE-2020-16092.html https://bugzilla.suse.com/1172384 https://bugzilla.suse.com/1174386 https://bugzilla.suse.com/1174641 https://bugzilla.suse.com/1175441 From sle-updates at lists.suse.com Fri Sep 25 01:13:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2020 09:13:50 +0200 (CEST) Subject: SUSE-RU-2020:2745-1: moderate: Recommended update for crmsh Message-ID: <20200925071350.5DC67FCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2745-1 Rating: moderate References: #1148873 #1176441 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fixed an issue when 'hb_report' does not collect data from archived logs. (bsc#1148873, bsc#1176441) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2745=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.2.0+git.1599810948.3db12a7a-5.18.1 crmsh-scripts-4.2.0+git.1599810948.3db12a7a-5.18.1 References: https://bugzilla.suse.com/1148873 https://bugzilla.suse.com/1176441 From sle-updates at lists.suse.com Fri Sep 25 04:14:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2020 12:14:17 +0200 (CEST) Subject: SUSE-RU-2020:2746-1: moderate: Recommended update for crmsh Message-ID: <20200925101417.3C2B2FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2746-1 Rating: moderate References: #1148873 #1176441 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fixed an issue when 'hb_report' does not collect data from archived logs. (bsc#1148873, bsc#1176441) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2746=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.1.0+git.1599810975.2a10dedb-3.34.1 crmsh-scripts-4.1.0+git.1599810975.2a10dedb-3.34.1 References: https://bugzilla.suse.com/1148873 https://bugzilla.suse.com/1176441 From sle-updates at lists.suse.com Fri Sep 25 07:13:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2020 15:13:35 +0200 (CEST) Subject: SUSE-SU-2020:2750-1: moderate: Security update for ImageMagick Message-ID: <20200925131335.61857FCEB@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2750-1 Rating: moderate References: #1047054 Cross-References: CVE-2017-11527 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2017-11527: Fixed a denial of service inReadDPXImage() (bsc#1047054). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2750=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2750=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2750=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): ImageMagick-6.8.8.1-71.144.8 ImageMagick-debuginfo-6.8.8.1-71.144.8 ImageMagick-debugsource-6.8.8.1-71.144.8 libMagick++-6_Q16-3-6.8.8.1-71.144.8 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.144.8 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.144.8 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.144.8 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.144.8 ImageMagick-config-6-SUSE-6.8.8.1-71.144.8 ImageMagick-config-6-upstream-6.8.8.1-71.144.8 ImageMagick-debuginfo-6.8.8.1-71.144.8 ImageMagick-debugsource-6.8.8.1-71.144.8 ImageMagick-devel-6.8.8.1-71.144.8 libMagick++-6_Q16-3-6.8.8.1-71.144.8 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.144.8 libMagick++-devel-6.8.8.1-71.144.8 perl-PerlMagick-6.8.8.1-71.144.8 perl-PerlMagick-debuginfo-6.8.8.1-71.144.8 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.144.8 ImageMagick-config-6-upstream-6.8.8.1-71.144.8 ImageMagick-debuginfo-6.8.8.1-71.144.8 ImageMagick-debugsource-6.8.8.1-71.144.8 libMagickCore-6_Q16-1-6.8.8.1-71.144.8 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.144.8 libMagickWand-6_Q16-1-6.8.8.1-71.144.8 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.144.8 References: https://www.suse.com/security/cve/CVE-2017-11527.html https://bugzilla.suse.com/1047054 From sle-updates at lists.suse.com Fri Sep 25 07:18:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2020 15:18:46 +0200 (CEST) Subject: SUSE-SU-2020:2747-1: important: Security update for MozillaFirefox Message-ID: <20200925131846.787EFFCEB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2747-1 Rating: important References: #1167976 #1173986 #1174420 #1176756 Cross-References: CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2747=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.3.0-3.108.1 MozillaFirefox-debuginfo-78.3.0-3.108.1 MozillaFirefox-debugsource-78.3.0-3.108.1 MozillaFirefox-translations-common-78.3.0-3.108.1 MozillaFirefox-translations-other-78.3.0-3.108.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.3.0-3.108.1 References: https://www.suse.com/security/cve/CVE-2020-15673.html https://www.suse.com/security/cve/CVE-2020-15676.html https://www.suse.com/security/cve/CVE-2020-15677.html https://www.suse.com/security/cve/CVE-2020-15678.html https://bugzilla.suse.com/1167976 https://bugzilla.suse.com/1173986 https://bugzilla.suse.com/1174420 https://bugzilla.suse.com/1176756 From sle-updates at lists.suse.com Fri Sep 25 07:24:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2020 15:24:16 +0200 (CEST) Subject: SUSE-SU-2020:2749-1: important: Security update for MozillaFirefox Message-ID: <20200925132416.A9FDDFCFD@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2749-1 Rating: important References: #1167976 #1173986 #1173991 #1174284 #1174420 #1175686 #1176756 Cross-References: CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) - Firefox was updated to 78.2.0 ESR (bsc#1175686, MFSA 2020-38) - CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege - CVE-2020-15664: Attacker-induced prompt for extension installation - CVE-2020-15670: Fixed memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fixed broken translation-loading (bsc#1173991) - allow addon sideloading - mark signatures for langpacks non-mandatory - do not autodisable user profile scopes - Google API key is not usable for geolocation service any more Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2749=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.3.0-8.6.1 MozillaFirefox-debuginfo-78.3.0-8.6.1 MozillaFirefox-debugsource-78.3.0-8.6.1 MozillaFirefox-translations-common-78.3.0-8.6.1 MozillaFirefox-translations-other-78.3.0-8.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.3.0-8.6.1 References: https://www.suse.com/security/cve/CVE-2020-15663.html https://www.suse.com/security/cve/CVE-2020-15664.html https://www.suse.com/security/cve/CVE-2020-15670.html https://www.suse.com/security/cve/CVE-2020-15673.html https://www.suse.com/security/cve/CVE-2020-15676.html https://www.suse.com/security/cve/CVE-2020-15677.html https://www.suse.com/security/cve/CVE-2020-15678.html https://bugzilla.suse.com/1167976 https://bugzilla.suse.com/1173986 https://bugzilla.suse.com/1173991 https://bugzilla.suse.com/1174284 https://bugzilla.suse.com/1174420 https://bugzilla.suse.com/1175686 https://bugzilla.suse.com/1176756 From sle-updates at lists.suse.com Fri Sep 25 07:26:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2020 15:26:30 +0200 (CEST) Subject: SUSE-SU-2020:2748-1: important: Security update for libqt5-qtbase Message-ID: <20200925132630.D244EFCFD@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2748-1 Rating: important References: #1172515 #1176315 Cross-References: CVE-2020-17507 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2748=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2748=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2748=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2748=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libQt5Concurrent-devel-5.9.4-8.24.1 libQt5Concurrent5-5.9.4-8.24.1 libQt5Concurrent5-debuginfo-5.9.4-8.24.1 libQt5Core-devel-5.9.4-8.24.1 libQt5Core5-5.9.4-8.24.1 libQt5Core5-debuginfo-5.9.4-8.24.1 libQt5DBus-devel-5.9.4-8.24.1 libQt5DBus-devel-debuginfo-5.9.4-8.24.1 libQt5DBus5-5.9.4-8.24.1 libQt5DBus5-debuginfo-5.9.4-8.24.1 libQt5Gui-devel-5.9.4-8.24.1 libQt5Gui5-5.9.4-8.24.1 libQt5Gui5-debuginfo-5.9.4-8.24.1 libQt5KmsSupport-devel-static-5.9.4-8.24.1 libQt5Network-devel-5.9.4-8.24.1 libQt5Network5-5.9.4-8.24.1 libQt5Network5-debuginfo-5.9.4-8.24.1 libQt5OpenGL-devel-5.9.4-8.24.1 libQt5OpenGL5-5.9.4-8.24.1 libQt5OpenGL5-debuginfo-5.9.4-8.24.1 libQt5PlatformHeaders-devel-5.9.4-8.24.1 libQt5PlatformSupport-devel-static-5.9.4-8.24.1 libQt5PrintSupport-devel-5.9.4-8.24.1 libQt5PrintSupport5-5.9.4-8.24.1 libQt5PrintSupport5-debuginfo-5.9.4-8.24.1 libQt5Sql-devel-5.9.4-8.24.1 libQt5Sql5-5.9.4-8.24.1 libQt5Sql5-debuginfo-5.9.4-8.24.1 libQt5Sql5-sqlite-5.9.4-8.24.1 libQt5Sql5-sqlite-debuginfo-5.9.4-8.24.1 libQt5Test-devel-5.9.4-8.24.1 libQt5Test5-5.9.4-8.24.1 libQt5Test5-debuginfo-5.9.4-8.24.1 libQt5Widgets-devel-5.9.4-8.24.1 libQt5Widgets5-5.9.4-8.24.1 libQt5Widgets5-debuginfo-5.9.4-8.24.1 libQt5Xml-devel-5.9.4-8.24.1 libQt5Xml5-5.9.4-8.24.1 libQt5Xml5-debuginfo-5.9.4-8.24.1 libqt5-qtbase-common-devel-5.9.4-8.24.1 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.24.1 libqt5-qtbase-debugsource-5.9.4-8.24.1 libqt5-qtbase-devel-5.9.4-8.24.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libQt5Core-private-headers-devel-5.9.4-8.24.1 libQt5DBus-private-headers-devel-5.9.4-8.24.1 libQt5Gui-private-headers-devel-5.9.4-8.24.1 libQt5KmsSupport-private-headers-devel-5.9.4-8.24.1 libQt5Network-private-headers-devel-5.9.4-8.24.1 libQt5OpenGL-private-headers-devel-5.9.4-8.24.1 libQt5PlatformSupport-private-headers-devel-5.9.4-8.24.1 libQt5PrintSupport-private-headers-devel-5.9.4-8.24.1 libQt5Sql-private-headers-devel-5.9.4-8.24.1 libQt5Test-private-headers-devel-5.9.4-8.24.1 libQt5Widgets-private-headers-devel-5.9.4-8.24.1 libqt5-qtbase-private-headers-devel-5.9.4-8.24.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libQt5Concurrent-devel-5.9.4-8.24.1 libQt5Concurrent5-5.9.4-8.24.1 libQt5Concurrent5-debuginfo-5.9.4-8.24.1 libQt5Core-devel-5.9.4-8.24.1 libQt5Core5-5.9.4-8.24.1 libQt5Core5-debuginfo-5.9.4-8.24.1 libQt5DBus-devel-5.9.4-8.24.1 libQt5DBus-devel-debuginfo-5.9.4-8.24.1 libQt5DBus5-5.9.4-8.24.1 libQt5DBus5-debuginfo-5.9.4-8.24.1 libQt5Gui-devel-5.9.4-8.24.1 libQt5Gui5-5.9.4-8.24.1 libQt5Gui5-debuginfo-5.9.4-8.24.1 libQt5KmsSupport-devel-static-5.9.4-8.24.1 libQt5Network-devel-5.9.4-8.24.1 libQt5Network5-5.9.4-8.24.1 libQt5Network5-debuginfo-5.9.4-8.24.1 libQt5OpenGL-devel-5.9.4-8.24.1 libQt5OpenGL5-5.9.4-8.24.1 libQt5OpenGL5-debuginfo-5.9.4-8.24.1 libQt5PlatformHeaders-devel-5.9.4-8.24.1 libQt5PlatformSupport-devel-static-5.9.4-8.24.1 libQt5PrintSupport-devel-5.9.4-8.24.1 libQt5PrintSupport5-5.9.4-8.24.1 libQt5PrintSupport5-debuginfo-5.9.4-8.24.1 libQt5Sql-devel-5.9.4-8.24.1 libQt5Sql5-5.9.4-8.24.1 libQt5Sql5-debuginfo-5.9.4-8.24.1 libQt5Sql5-sqlite-5.9.4-8.24.1 libQt5Sql5-sqlite-debuginfo-5.9.4-8.24.1 libQt5Test-devel-5.9.4-8.24.1 libQt5Test5-5.9.4-8.24.1 libQt5Test5-debuginfo-5.9.4-8.24.1 libQt5Widgets-devel-5.9.4-8.24.1 libQt5Widgets5-5.9.4-8.24.1 libQt5Widgets5-debuginfo-5.9.4-8.24.1 libQt5Xml-devel-5.9.4-8.24.1 libQt5Xml5-5.9.4-8.24.1 libQt5Xml5-debuginfo-5.9.4-8.24.1 libqt5-qtbase-common-devel-5.9.4-8.24.1 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.24.1 libqt5-qtbase-debugsource-5.9.4-8.24.1 libqt5-qtbase-devel-5.9.4-8.24.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libQt5Core-private-headers-devel-5.9.4-8.24.1 libQt5DBus-private-headers-devel-5.9.4-8.24.1 libQt5Gui-private-headers-devel-5.9.4-8.24.1 libQt5KmsSupport-private-headers-devel-5.9.4-8.24.1 libQt5Network-private-headers-devel-5.9.4-8.24.1 libQt5OpenGL-private-headers-devel-5.9.4-8.24.1 libQt5PlatformSupport-private-headers-devel-5.9.4-8.24.1 libQt5PrintSupport-private-headers-devel-5.9.4-8.24.1 libQt5Sql-private-headers-devel-5.9.4-8.24.1 libQt5Test-private-headers-devel-5.9.4-8.24.1 libQt5Widgets-private-headers-devel-5.9.4-8.24.1 libqt5-qtbase-private-headers-devel-5.9.4-8.24.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libQt5Concurrent-devel-5.9.4-8.24.1 libQt5Concurrent5-5.9.4-8.24.1 libQt5Concurrent5-debuginfo-5.9.4-8.24.1 libQt5Core-devel-5.9.4-8.24.1 libQt5Core5-5.9.4-8.24.1 libQt5Core5-debuginfo-5.9.4-8.24.1 libQt5DBus-devel-5.9.4-8.24.1 libQt5DBus-devel-debuginfo-5.9.4-8.24.1 libQt5DBus5-5.9.4-8.24.1 libQt5DBus5-debuginfo-5.9.4-8.24.1 libQt5Gui-devel-5.9.4-8.24.1 libQt5Gui5-5.9.4-8.24.1 libQt5Gui5-debuginfo-5.9.4-8.24.1 libQt5KmsSupport-devel-static-5.9.4-8.24.1 libQt5Network-devel-5.9.4-8.24.1 libQt5Network5-5.9.4-8.24.1 libQt5Network5-debuginfo-5.9.4-8.24.1 libQt5OpenGL-devel-5.9.4-8.24.1 libQt5OpenGL5-5.9.4-8.24.1 libQt5OpenGL5-debuginfo-5.9.4-8.24.1 libQt5PlatformHeaders-devel-5.9.4-8.24.1 libQt5PlatformSupport-devel-static-5.9.4-8.24.1 libQt5PrintSupport-devel-5.9.4-8.24.1 libQt5PrintSupport5-5.9.4-8.24.1 libQt5PrintSupport5-debuginfo-5.9.4-8.24.1 libQt5Sql-devel-5.9.4-8.24.1 libQt5Sql5-5.9.4-8.24.1 libQt5Sql5-debuginfo-5.9.4-8.24.1 libQt5Sql5-sqlite-5.9.4-8.24.1 libQt5Sql5-sqlite-debuginfo-5.9.4-8.24.1 libQt5Test-devel-5.9.4-8.24.1 libQt5Test5-5.9.4-8.24.1 libQt5Test5-debuginfo-5.9.4-8.24.1 libQt5Widgets-devel-5.9.4-8.24.1 libQt5Widgets5-5.9.4-8.24.1 libQt5Widgets5-debuginfo-5.9.4-8.24.1 libQt5Xml-devel-5.9.4-8.24.1 libQt5Xml5-5.9.4-8.24.1 libQt5Xml5-debuginfo-5.9.4-8.24.1 libqt5-qtbase-common-devel-5.9.4-8.24.1 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.24.1 libqt5-qtbase-debugsource-5.9.4-8.24.1 libqt5-qtbase-devel-5.9.4-8.24.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libQt5Core-private-headers-devel-5.9.4-8.24.1 libQt5DBus-private-headers-devel-5.9.4-8.24.1 libQt5Gui-private-headers-devel-5.9.4-8.24.1 libQt5KmsSupport-private-headers-devel-5.9.4-8.24.1 libQt5Network-private-headers-devel-5.9.4-8.24.1 libQt5OpenGL-private-headers-devel-5.9.4-8.24.1 libQt5PlatformSupport-private-headers-devel-5.9.4-8.24.1 libQt5PrintSupport-private-headers-devel-5.9.4-8.24.1 libQt5Sql-private-headers-devel-5.9.4-8.24.1 libQt5Test-private-headers-devel-5.9.4-8.24.1 libQt5Widgets-private-headers-devel-5.9.4-8.24.1 libqt5-qtbase-private-headers-devel-5.9.4-8.24.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libQt5Concurrent-devel-5.9.4-8.24.1 libQt5Concurrent5-5.9.4-8.24.1 libQt5Concurrent5-debuginfo-5.9.4-8.24.1 libQt5Core-devel-5.9.4-8.24.1 libQt5Core5-5.9.4-8.24.1 libQt5Core5-debuginfo-5.9.4-8.24.1 libQt5DBus-devel-5.9.4-8.24.1 libQt5DBus-devel-debuginfo-5.9.4-8.24.1 libQt5DBus5-5.9.4-8.24.1 libQt5DBus5-debuginfo-5.9.4-8.24.1 libQt5Gui-devel-5.9.4-8.24.1 libQt5Gui5-5.9.4-8.24.1 libQt5Gui5-debuginfo-5.9.4-8.24.1 libQt5KmsSupport-devel-static-5.9.4-8.24.1 libQt5Network-devel-5.9.4-8.24.1 libQt5Network5-5.9.4-8.24.1 libQt5Network5-debuginfo-5.9.4-8.24.1 libQt5OpenGL-devel-5.9.4-8.24.1 libQt5OpenGL5-5.9.4-8.24.1 libQt5OpenGL5-debuginfo-5.9.4-8.24.1 libQt5PlatformHeaders-devel-5.9.4-8.24.1 libQt5PlatformSupport-devel-static-5.9.4-8.24.1 libQt5PrintSupport-devel-5.9.4-8.24.1 libQt5PrintSupport5-5.9.4-8.24.1 libQt5PrintSupport5-debuginfo-5.9.4-8.24.1 libQt5Sql-devel-5.9.4-8.24.1 libQt5Sql5-5.9.4-8.24.1 libQt5Sql5-debuginfo-5.9.4-8.24.1 libQt5Sql5-sqlite-5.9.4-8.24.1 libQt5Sql5-sqlite-debuginfo-5.9.4-8.24.1 libQt5Test-devel-5.9.4-8.24.1 libQt5Test5-5.9.4-8.24.1 libQt5Test5-debuginfo-5.9.4-8.24.1 libQt5Widgets-devel-5.9.4-8.24.1 libQt5Widgets5-5.9.4-8.24.1 libQt5Widgets5-debuginfo-5.9.4-8.24.1 libQt5Xml-devel-5.9.4-8.24.1 libQt5Xml5-5.9.4-8.24.1 libQt5Xml5-debuginfo-5.9.4-8.24.1 libqt5-qtbase-common-devel-5.9.4-8.24.1 libqt5-qtbase-common-devel-debuginfo-5.9.4-8.24.1 libqt5-qtbase-debugsource-5.9.4-8.24.1 libqt5-qtbase-devel-5.9.4-8.24.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libQt5Core-private-headers-devel-5.9.4-8.24.1 libQt5DBus-private-headers-devel-5.9.4-8.24.1 libQt5Gui-private-headers-devel-5.9.4-8.24.1 libQt5KmsSupport-private-headers-devel-5.9.4-8.24.1 libQt5Network-private-headers-devel-5.9.4-8.24.1 libQt5OpenGL-private-headers-devel-5.9.4-8.24.1 libQt5PlatformSupport-private-headers-devel-5.9.4-8.24.1 libQt5PrintSupport-private-headers-devel-5.9.4-8.24.1 libQt5Sql-private-headers-devel-5.9.4-8.24.1 libQt5Test-private-headers-devel-5.9.4-8.24.1 libQt5Widgets-private-headers-devel-5.9.4-8.24.1 libqt5-qtbase-private-headers-devel-5.9.4-8.24.1 References: https://www.suse.com/security/cve/CVE-2020-17507.html https://bugzilla.suse.com/1172515 https://bugzilla.suse.com/1176315 From sle-updates at lists.suse.com Fri Sep 25 10:14:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 25 Sep 2020 18:14:00 +0200 (CEST) Subject: SUSE-SU-2020:2751-1: important: Security update for libqt5-qtbase Message-ID: <20200925161400.35855FCEB@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2751-1 Rating: important References: #1172515 #1176315 Cross-References: CVE-2020-17507 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2751=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2751=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2751=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2751=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2751=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2751=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2751=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2751=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2751=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2751=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2751=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2751=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2751=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 - SUSE OpenStack Cloud 9 (x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 - SUSE OpenStack Cloud 8 (x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libQt5Bootstrap-devel-static-5.6.2-6.25.1 libQt5Concurrent-devel-5.6.2-6.25.1 libQt5Core-devel-5.6.2-6.25.1 libQt5DBus-devel-5.6.2-6.25.1 libQt5DBus-devel-debuginfo-5.6.2-6.25.1 libQt5Gui-devel-5.6.2-6.25.1 libQt5Network-devel-5.6.2-6.25.1 libQt5OpenGL-devel-5.6.2-6.25.1 libQt5OpenGLExtensions-devel-static-5.6.2-6.25.1 libQt5PlatformHeaders-devel-5.6.2-6.25.1 libQt5PlatformSupport-devel-static-5.6.2-6.25.1 libQt5PrintSupport-devel-5.6.2-6.25.1 libQt5Sql-devel-5.6.2-6.25.1 libQt5Test-devel-5.6.2-6.25.1 libQt5Widgets-devel-5.6.2-6.25.1 libQt5Xml-devel-5.6.2-6.25.1 libqt5-qtbase-common-devel-5.6.2-6.25.1 libqt5-qtbase-common-devel-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 libqt5-qtbase-devel-5.6.2-6.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): libQt5Core-private-headers-devel-5.6.2-6.25.1 libQt5DBus-private-headers-devel-5.6.2-6.25.1 libQt5Gui-private-headers-devel-5.6.2-6.25.1 libQt5Network-private-headers-devel-5.6.2-6.25.1 libQt5OpenGL-private-headers-devel-5.6.2-6.25.1 libQt5PlatformSupport-private-headers-devel-5.6.2-6.25.1 libQt5PrintSupport-private-headers-devel-5.6.2-6.25.1 libQt5Sql-private-headers-devel-5.6.2-6.25.1 libQt5Test-private-headers-devel-5.6.2-6.25.1 libQt5Widgets-private-headers-devel-5.6.2-6.25.1 libqt5-qtbase-private-headers-devel-5.6.2-6.25.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 - HPE Helion Openstack 8 (x86_64): libQt5Concurrent5-5.6.2-6.25.1 libQt5Concurrent5-debuginfo-5.6.2-6.25.1 libQt5Core5-5.6.2-6.25.1 libQt5Core5-debuginfo-5.6.2-6.25.1 libQt5DBus5-5.6.2-6.25.1 libQt5DBus5-debuginfo-5.6.2-6.25.1 libQt5Gui5-5.6.2-6.25.1 libQt5Gui5-debuginfo-5.6.2-6.25.1 libQt5Network5-5.6.2-6.25.1 libQt5Network5-debuginfo-5.6.2-6.25.1 libQt5OpenGL5-5.6.2-6.25.1 libQt5OpenGL5-debuginfo-5.6.2-6.25.1 libQt5PrintSupport5-5.6.2-6.25.1 libQt5PrintSupport5-debuginfo-5.6.2-6.25.1 libQt5Sql5-5.6.2-6.25.1 libQt5Sql5-debuginfo-5.6.2-6.25.1 libQt5Sql5-mysql-5.6.2-6.25.1 libQt5Sql5-mysql-debuginfo-5.6.2-6.25.1 libQt5Sql5-postgresql-5.6.2-6.25.1 libQt5Sql5-postgresql-debuginfo-5.6.2-6.25.1 libQt5Sql5-sqlite-5.6.2-6.25.1 libQt5Sql5-sqlite-debuginfo-5.6.2-6.25.1 libQt5Sql5-unixODBC-5.6.2-6.25.1 libQt5Sql5-unixODBC-debuginfo-5.6.2-6.25.1 libQt5Test5-5.6.2-6.25.1 libQt5Test5-debuginfo-5.6.2-6.25.1 libQt5Widgets5-5.6.2-6.25.1 libQt5Widgets5-debuginfo-5.6.2-6.25.1 libQt5Xml5-5.6.2-6.25.1 libQt5Xml5-debuginfo-5.6.2-6.25.1 libqt5-qtbase-debugsource-5.6.2-6.25.1 References: https://www.suse.com/security/cve/CVE-2020-17507.html https://bugzilla.suse.com/1172515 https://bugzilla.suse.com/1176315 From sle-updates at lists.suse.com Fri Sep 25 16:15:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Sep 2020 00:15:05 +0200 (CEST) Subject: SUSE-RU-2020:2753-1: moderate: Recommended update for drbd Message-ID: <20200925221505.75D5BFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2753-1 Rating: moderate References: #1174783 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issues: - Fixed an issue when the I/O of 'drbd' volumes stops the NFS/drbd cluster. (bsc#1174783) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2753=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): drbd-9.0.16+git.ab9777df-8.14.1 drbd-debugsource-9.0.16+git.ab9777df-8.14.1 drbd-kmp-default-9.0.16+git.ab9777df_k4.12.14_197.56-8.14.1 drbd-kmp-default-debuginfo-9.0.16+git.ab9777df_k4.12.14_197.56-8.14.1 References: https://bugzilla.suse.com/1174783 From sle-updates at lists.suse.com Fri Sep 25 16:16:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Sep 2020 00:16:55 +0200 (CEST) Subject: SUSE-RU-2020:2754-1: moderate: Recommended update for drbd-utils Message-ID: <20200925221655.339BFFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2754-1 Rating: moderate References: #1176065 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd-utils fixes the following issues: - Fixed an issue when 'drbd-fencing' could not determine the master id of 'drbd' resource. (bsc#1176065) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2754=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): drbd-utils-9.6.0-6.9.1 drbd-utils-debuginfo-9.6.0-6.9.1 drbd-utils-debugsource-9.6.0-6.9.1 References: https://bugzilla.suse.com/1176065 From sle-updates at lists.suse.com Fri Sep 25 16:18:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Sep 2020 00:18:38 +0200 (CEST) Subject: SUSE-RU-2020:2757-1: moderate: Recommended update for nfs-utils Message-ID: <20200925221838.D0574FCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2757-1 Rating: moderate References: #1173104 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nfs-utils fixes the following issue: - Some scripts are requiring Python2 while it is not installed by default and they can work with Python3. (bsc#1173104) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2757=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2757=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.10.1 nfs-client-debuginfo-2.1.1-10.10.1 nfs-doc-2.1.1-10.10.1 nfs-kernel-server-2.1.1-10.10.1 nfs-kernel-server-debuginfo-2.1.1-10.10.1 nfs-utils-debuginfo-2.1.1-10.10.1 nfs-utils-debugsource-2.1.1-10.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.10.1 nfs-client-debuginfo-2.1.1-10.10.1 nfs-doc-2.1.1-10.10.1 nfs-kernel-server-2.1.1-10.10.1 nfs-kernel-server-debuginfo-2.1.1-10.10.1 nfs-utils-debuginfo-2.1.1-10.10.1 nfs-utils-debugsource-2.1.1-10.10.1 References: https://bugzilla.suse.com/1173104 From sle-updates at lists.suse.com Fri Sep 25 16:20:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Sep 2020 00:20:54 +0200 (CEST) Subject: SUSE-OU-2020:2758-1: Optional update for pyzy Message-ID: <20200925222054.ED279FD04@maintenance.suse.de> SUSE Optional Update: Optional update for pyzy ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2758-1 Rating: low References: Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that has 0 optional fixes can now be installed. Description: This update for pyzy doesn't fix any user visible issues, but improves the building of the package from its source. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2758=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2758=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libpyzy-1_0-0-1.0git20120805-3.5.5 libpyzy-1_0-0-debuginfo-1.0git20120805-3.5.5 pyzy-debugsource-1.0git20120805-3.5.5 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): pyzy-db-android-1.0git20120805-3.5.5 pyzy-db-open-phrase-1.0git20120805-3.5.5 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libpyzy-1_0-0-1.0git20120805-3.5.5 libpyzy-1_0-0-debuginfo-1.0git20120805-3.5.5 pyzy-debugsource-1.0git20120805-3.5.5 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): pyzy-db-android-1.0git20120805-3.5.5 pyzy-db-open-phrase-1.0git20120805-3.5.5 References: From sle-updates at lists.suse.com Fri Sep 25 16:21:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Sep 2020 00:21:42 +0200 (CEST) Subject: SUSE-RU-2020:2755-1: moderate: Recommended update for pacemaker, sbd Message-ID: <20200925222142.AE36CFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker, sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2755-1 Rating: moderate References: #1108393 #1140065 #1143064 #1148236 #1150429 #1154881 #1155290 #1160410 #1168771 #1171372 #1174915 #963674 ECO-1611 SLE-12243 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has 12 recommended fixes and contains two features can now be installed. Description: This update for pacemaker, sbd fixes the following issues: Changes in pacemaker: - fencer: Avoid possible use-of-NULL when parsing metadata. (bsc#1171372) - libstonithd: Make the assert message from stonith__device_parameter_flags() more clear. (bsc#1171372) - libstonithd: Respect `pcmk_host_argument=none` on `validate`. (bsc#1171372) - libstonithd: Add `port` or `plug` parameter according to metadata on `validate` if no `pcmk_host_argument` specified. (bsc#1171372) - Pacemaker Explained: update the default value and the description of `pcmk_host_argument`. (bsc#1171372) - fencer: Add `port` or `plug` parameter according to metadata for RHCS-style fence-agents. (bsc#1171372) - libstonithd: Add function to check supported parameters according to the metadata of a fence agent. (bsc#1171372) - stonith_admin: --delay is an optional option for --fence/--unfence/--reboot commands (jsc#ECO-1611, jsc#SLE-12243) - controller: Avoid possible use-of-NULL on logging fencing message. (jsc#ECO-1611, jsc#SLE-12243) - cts: Add `plug` parameter for fence_dummy agent. (bsc#1171372) - libstonithd: `plug` parameter of RHCS-style fence-agents is shown as non-required in the metadata. (bsc#1171372) - libstonithd: `action` parameter of RHCS-style fence-agents is shown as non-required in the metadata. (bsc#1171372) - libstonithd: Functionize fudging metadata of RHCS-style agent to make specific parameter non-required. (bsc#1171372) - libcrmcluster: Use uint64_t type for corosync ringid (membership id) when updating node state. (bsc#1168771) - fencer: Update cpg_topology_delay test to also verify pcmk_delay_base is added. (jsc#ECO-1611, jsc#SLE-12243) - controller: Requested priority fencing delay defaults to 0. (jsc#ECO-1611, jsc#SLE-12243) - stonith_admin: Set --delay option defaults to 0. (jsc#ECO-1611, jsc#SLE-12243) - fencer: Any delays from pcmk_delay_base/max are added to requested fencing delay. (jsc#ECO-1611, jsc#SLE-12243) - scheduler: Do not differentiate the case where all the nodes have equal priority. (jsc#ECO-1611, jsc#SLE-12243) - scheduler: Set priority-fencing-delay defaults to 0 meaning disabled. (jsc#ECO-1611, jsc#SLE-12243) - Pacemaker Explained: Document priority-fencing-delay cluster option. (jsc#ECO-1611, jsc#SLE-12243) - fencer: Add cpg_topology_delay test to verify enforced fencing delay with fencing topology. (jsc#ECO-1611, jsc#SLE-12243) - fencer: Handle any enforced fencing delay. (jsc#ECO-1611, jsc#SLE-12243) - stonith_admin: Add --delay option to support enforced fencing delay. (jsc#ECO-1611, jsc#SLE-12243) - controller: Request fencing with any enforced priority fencing delay. (jsc#ECO-1611, jsc#SLE-12243) - libstonithd: Introduce fence_with_delay() operation. (jsc#ECO-1611, jsc#SLE-12243) - scheduler: Add regression test for priority-fencing-delay. (jsc#ECO-1611, jsc#SLE-12243) - scheduler: Implement priority-fencing-delay. (jsc#ECO-1611, jsc#SLE-12243) - scheduler: Add priority-fencing-delay cluster option. (jsc#ECO-1611, jsc#SLE-12243) - attrd: Properly declare global variables as extern in header. (bsc#1160410) - fencer: Do not require API registration for list and status commands. (bsc#1148236) - fencer: Improve error checking and log messages for API action requests. (bsc#1148236) - scheduler: Make sure cluster-wide maintenance-mode=true overrides per-resource settings (bsc#1154881) - cts-cli: Simplify and fix regexp to catch crm_time_as_string's output. (bsc#1155290) - cts-cli: Use extended regular expressions. (bsc#1155290) - cts-cli: Add tests for more crm_resource options. (bsc#1155290) - tools: Clear all prefer constraints when performing a move. (bsc#1155290) - tools: Fix moving a resource with a lifetime constraint. (bsc#1155290) Changes in sbd: - sbd-inquisitor: Refuse to start if any of the configured device names is invalid. (bsc#1174915) - scheduling: Complete overhaul. (bsc#1143064) - Doc: Add environment section to man-page. - agent: Correctly compare string values when calculating timeout. (bsc#1148236) - regressions.sh: Relaxed timeouts for tests under load. - tests: Add regression-tests using preload-library. - tests: Added preload-library for reboot interception. - sbd-inquisitor: Use crashdump timeout. - Build: switch back to serial test-harness. - Doc: mention crashdump message in usage note. - defaults: Make 15s timeout default for s390 consistently. - cmdline: Just use SBD_DEVICE if no devs from cmdline. - sbd.8.pod and -h help text add -vvv description. - sbd-md: Add a warning log if failed to open/read device on startup. (bsc#1150429) - agent: Log detailed errors for monitor failures. (bsc#1148236) - sbd-md: list/dump failures go to stderrL (bsc#1148236) - Avoid deprecated names for g_main-loop-functions. - sbd-pacemaker: Check for shutdown attribute on every cib-diff. - sbd-cluster: Periodically check corosync-daemon liveness. - sbd-pacemaker: Assume graceful exit if leftovers are unmanged. - sbd-common: Query rt-budget > 0 otherwise try moving to root-slice. (bsc#1143064) - systemd: Make pacemaker & dlm wait for sbd-start to complete. (bsc#1108393) - Fix node name parameter in manpage. (bsc#963674) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2755=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpacemaker3-1.1.19+20181105.ccd6b5b10-3.19.1 libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.19.1 pacemaker-1.1.19+20181105.ccd6b5b10-3.19.1 pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.19.1 pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.19.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.19.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.19.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.19.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.19.1 pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.19.1 pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.19.1 sbd-1.4.1+20200807.883c2f8-3.11.1 sbd-debuginfo-1.4.1+20200807.883c2f8-3.11.1 sbd-debugsource-1.4.1+20200807.883c2f8-3.11.1 References: https://bugzilla.suse.com/1108393 https://bugzilla.suse.com/1140065 https://bugzilla.suse.com/1143064 https://bugzilla.suse.com/1148236 https://bugzilla.suse.com/1150429 https://bugzilla.suse.com/1154881 https://bugzilla.suse.com/1155290 https://bugzilla.suse.com/1160410 https://bugzilla.suse.com/1168771 https://bugzilla.suse.com/1171372 https://bugzilla.suse.com/1174915 https://bugzilla.suse.com/963674 From sle-updates at lists.suse.com Fri Sep 25 16:23:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Sep 2020 00:23:50 +0200 (CEST) Subject: SUSE-RU-2020:2756-1: moderate: Recommended update for sbd Message-ID: <20200925222350.4CBCCFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for sbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2756-1 Rating: moderate References: #1108393 #1143064 #1148236 #1174915 #963674 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for sbd fixes the following issues: - sbd-inquisitor: Refuse to start if any of the configured device names is invalid. (bsc#1174915) - scheduling: Complete overhaul. (bsc#1143064) - doc: Add environment section to man-page. - agent: Correctly compare string values when calculating timeout. (bsc#1148236) - regressions.sh: Relaxed timeouts for tests under load. - systemd: Make pacemaker & dlm wait for sbd-start to complete. (bsc#1108393) - Fix node name parameter in manpage. (bsc#963674) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2756=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): sbd-1.4.1+20200807.883c2f8-3.6.1 sbd-debuginfo-1.4.1+20200807.883c2f8-3.6.1 sbd-debugsource-1.4.1+20200807.883c2f8-3.6.1 References: https://bugzilla.suse.com/1108393 https://bugzilla.suse.com/1143064 https://bugzilla.suse.com/1148236 https://bugzilla.suse.com/1174915 https://bugzilla.suse.com/963674 From sle-updates at lists.suse.com Sat Sep 26 07:13:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 26 Sep 2020 15:13:36 +0200 (CEST) Subject: SUSE-SU-2020:2759-1: important: Security update for MozillaFirefox Message-ID: <20200926131336.E4BACFCEB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2759-1 Rating: important References: #1167976 #1173986 #1174420 #1176756 Cross-References: CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2759=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2759=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2759=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2759=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2759=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2759=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2759=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2759=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2759=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2759=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2759=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2759=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2759=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2759=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2759=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2759=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2759=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.3.0-112.22.1 MozillaFirefox-debuginfo-78.3.0-112.22.1 MozillaFirefox-debugsource-78.3.0-112.22.1 MozillaFirefox-devel-78.3.0-112.22.1 MozillaFirefox-translations-common-78.3.0-112.22.1 References: https://www.suse.com/security/cve/CVE-2020-15673.html https://www.suse.com/security/cve/CVE-2020-15676.html https://www.suse.com/security/cve/CVE-2020-15677.html https://www.suse.com/security/cve/CVE-2020-15678.html https://bugzilla.suse.com/1167976 https://bugzilla.suse.com/1173986 https://bugzilla.suse.com/1174420 https://bugzilla.suse.com/1176756 From sle-updates at lists.suse.com Mon Sep 28 07:14:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Sep 2020 15:14:18 +0200 (CEST) Subject: SUSE-SU-2020:2761-1: moderate: Security update for go1.14 Message-ID: <20200928131418.5C701FCFD@maintenance.suse.de> SUSE Security Update: Security update for go1.14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2761-1 Rating: moderate References: #1164903 #1176031 Cross-References: CVE-2020-24553 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for go1.14 fixes the following issues: - go1.14.9 (released 2020-09-09) includes fixes to the compiler, linker, runtime, documentation, and the net/http and testing packages. Refs bsc#1164903 go1.14 release tracking * go#41192 net/http/fcgi: race detected during execution of TestResponseWriterSniffsContentType test * go#41016 net/http: Transport.CancelRequest no longer cancels in-flight request * go#40973 net/http: RoundTrip unexpectedly changes Request * go#40968 runtime: checkptr incorrectly -race flagging when using &^ arithmetic * go#40938 cmd/compile: R12 can be clobbered for write barrier call on PPC64 * go#40848 testing: "=== PAUSE" lines do not change the test name for the next log line * go#40797 cmd/compile: inline marker targets not reachable after assembly on arm * go#40766 cmd/compile: inline marker targets not reachable after assembly on ppc64x * go#40501 cmd/compile: for range loop reading past slice end * go#40411 runtime: Windows service lifecycle events behave incorrectly when called within a golang environment * go#40398 runtime: fatal error: checkdead: runnable g * go#40192 runtime: pageAlloc.searchAddr may point to unmapped memory in discontiguous heaps, violating its invariant * go#39955 cmd/link: incorrect GC bitmap when global's type is in another shared object * go#39690 cmd/compile: s390x floating point <-> integer conversions clobbering the condition code * go#39279 net/http: Re-connect with upgraded HTTP2 connection fails to send Request.body * go#38904 doc: include fix for #34437 in Go 1.14 release notes - go1.14.8 (released 2020-09-01) includes security fixes to the net/http/cgi and net/http/fcgi packages. CVE-2020-24553 Refs bsc#1164903 go1.14 release tracking * bsc#1176031 CVE-2020-24553 * go#41164 net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2761=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2761=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.14-1.14.9-1.18.1 go1.14-doc-1.14.9-1.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): go1.14-1.14.9-1.18.1 go1.14-doc-1.14.9-1.18.1 References: https://www.suse.com/security/cve/CVE-2020-24553.html https://bugzilla.suse.com/1164903 https://bugzilla.suse.com/1176031 From sle-updates at lists.suse.com Mon Sep 28 07:18:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Sep 2020 15:18:57 +0200 (CEST) Subject: SUSE-RU-2020:2763-1: moderate: Recommended update for python3-susepubliccloudinfo Message-ID: <20200928131857.B9466FCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-susepubliccloudinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2763-1 Rating: moderate References: #1176102 #1176103 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-susepubliccloudinfo contains the following fixes: - Update to version 1.2.2 (bsc#1176102, bsc#1176103) + Support query for providers/frameworks, regions, and image states Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2763=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python3-susepubliccloudinfo-1.2.2-1.10.1 References: https://bugzilla.suse.com/1176102 https://bugzilla.suse.com/1176103 From sle-updates at lists.suse.com Mon Sep 28 07:21:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Sep 2020 15:21:27 +0200 (CEST) Subject: SUSE-SU-2020:2760-1: important: Security update for libqt5-qtbase Message-ID: <20200928132127.DB57AFCFD@maintenance.suse.de> SUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2760-1 Rating: important References: #1172515 #1176315 Cross-References: CVE-2020-17507 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2760=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2760=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2760=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2760=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libQt5Concurrent5-5.6.1-17.16.1 libQt5Concurrent5-debuginfo-5.6.1-17.16.1 libQt5Core5-5.6.1-17.16.1 libQt5Core5-debuginfo-5.6.1-17.16.1 libQt5DBus5-5.6.1-17.16.1 libQt5DBus5-debuginfo-5.6.1-17.16.1 libQt5Gui5-5.6.1-17.16.1 libQt5Gui5-debuginfo-5.6.1-17.16.1 libQt5Network5-5.6.1-17.16.1 libQt5Network5-debuginfo-5.6.1-17.16.1 libQt5OpenGL5-5.6.1-17.16.1 libQt5OpenGL5-debuginfo-5.6.1-17.16.1 libQt5PrintSupport5-5.6.1-17.16.1 libQt5PrintSupport5-debuginfo-5.6.1-17.16.1 libQt5Sql5-5.6.1-17.16.1 libQt5Sql5-debuginfo-5.6.1-17.16.1 libQt5Sql5-mysql-5.6.1-17.16.1 libQt5Sql5-mysql-debuginfo-5.6.1-17.16.1 libQt5Sql5-postgresql-5.6.1-17.16.1 libQt5Sql5-postgresql-debuginfo-5.6.1-17.16.1 libQt5Sql5-sqlite-5.6.1-17.16.1 libQt5Sql5-sqlite-debuginfo-5.6.1-17.16.1 libQt5Sql5-unixODBC-5.6.1-17.16.1 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.16.1 libQt5Test5-5.6.1-17.16.1 libQt5Test5-debuginfo-5.6.1-17.16.1 libQt5Widgets5-5.6.1-17.16.1 libQt5Widgets5-debuginfo-5.6.1-17.16.1 libQt5Xml5-5.6.1-17.16.1 libQt5Xml5-debuginfo-5.6.1-17.16.1 libqt5-qtbase-debugsource-5.6.1-17.16.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libQt5Concurrent5-5.6.1-17.16.1 libQt5Concurrent5-debuginfo-5.6.1-17.16.1 libQt5Core5-5.6.1-17.16.1 libQt5Core5-debuginfo-5.6.1-17.16.1 libQt5DBus5-5.6.1-17.16.1 libQt5DBus5-debuginfo-5.6.1-17.16.1 libQt5Gui5-5.6.1-17.16.1 libQt5Gui5-debuginfo-5.6.1-17.16.1 libQt5Network5-5.6.1-17.16.1 libQt5Network5-debuginfo-5.6.1-17.16.1 libQt5OpenGL5-5.6.1-17.16.1 libQt5OpenGL5-debuginfo-5.6.1-17.16.1 libQt5PrintSupport5-5.6.1-17.16.1 libQt5PrintSupport5-debuginfo-5.6.1-17.16.1 libQt5Sql5-5.6.1-17.16.1 libQt5Sql5-debuginfo-5.6.1-17.16.1 libQt5Sql5-mysql-5.6.1-17.16.1 libQt5Sql5-mysql-debuginfo-5.6.1-17.16.1 libQt5Sql5-postgresql-5.6.1-17.16.1 libQt5Sql5-postgresql-debuginfo-5.6.1-17.16.1 libQt5Sql5-sqlite-5.6.1-17.16.1 libQt5Sql5-sqlite-debuginfo-5.6.1-17.16.1 libQt5Sql5-unixODBC-5.6.1-17.16.1 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.16.1 libQt5Test5-5.6.1-17.16.1 libQt5Test5-debuginfo-5.6.1-17.16.1 libQt5Widgets5-5.6.1-17.16.1 libQt5Widgets5-debuginfo-5.6.1-17.16.1 libQt5Xml5-5.6.1-17.16.1 libQt5Xml5-debuginfo-5.6.1-17.16.1 libqt5-qtbase-debugsource-5.6.1-17.16.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libQt5Concurrent5-5.6.1-17.16.1 libQt5Concurrent5-debuginfo-5.6.1-17.16.1 libQt5Core5-5.6.1-17.16.1 libQt5Core5-debuginfo-5.6.1-17.16.1 libQt5DBus5-5.6.1-17.16.1 libQt5DBus5-debuginfo-5.6.1-17.16.1 libQt5Gui5-5.6.1-17.16.1 libQt5Gui5-debuginfo-5.6.1-17.16.1 libQt5Network5-5.6.1-17.16.1 libQt5Network5-debuginfo-5.6.1-17.16.1 libQt5OpenGL5-5.6.1-17.16.1 libQt5OpenGL5-debuginfo-5.6.1-17.16.1 libQt5PrintSupport5-5.6.1-17.16.1 libQt5PrintSupport5-debuginfo-5.6.1-17.16.1 libQt5Sql5-5.6.1-17.16.1 libQt5Sql5-debuginfo-5.6.1-17.16.1 libQt5Sql5-mysql-5.6.1-17.16.1 libQt5Sql5-mysql-debuginfo-5.6.1-17.16.1 libQt5Sql5-postgresql-5.6.1-17.16.1 libQt5Sql5-postgresql-debuginfo-5.6.1-17.16.1 libQt5Sql5-sqlite-5.6.1-17.16.1 libQt5Sql5-sqlite-debuginfo-5.6.1-17.16.1 libQt5Sql5-unixODBC-5.6.1-17.16.1 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.16.1 libQt5Test5-5.6.1-17.16.1 libQt5Test5-debuginfo-5.6.1-17.16.1 libQt5Widgets5-5.6.1-17.16.1 libQt5Widgets5-debuginfo-5.6.1-17.16.1 libQt5Xml5-5.6.1-17.16.1 libQt5Xml5-debuginfo-5.6.1-17.16.1 libqt5-qtbase-debugsource-5.6.1-17.16.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libQt5Concurrent5-5.6.1-17.16.1 libQt5Concurrent5-debuginfo-5.6.1-17.16.1 libQt5Core5-5.6.1-17.16.1 libQt5Core5-debuginfo-5.6.1-17.16.1 libQt5DBus5-5.6.1-17.16.1 libQt5DBus5-debuginfo-5.6.1-17.16.1 libQt5Gui5-5.6.1-17.16.1 libQt5Gui5-debuginfo-5.6.1-17.16.1 libQt5Network5-5.6.1-17.16.1 libQt5Network5-debuginfo-5.6.1-17.16.1 libQt5OpenGL5-5.6.1-17.16.1 libQt5OpenGL5-debuginfo-5.6.1-17.16.1 libQt5PrintSupport5-5.6.1-17.16.1 libQt5PrintSupport5-debuginfo-5.6.1-17.16.1 libQt5Sql5-5.6.1-17.16.1 libQt5Sql5-debuginfo-5.6.1-17.16.1 libQt5Sql5-mysql-5.6.1-17.16.1 libQt5Sql5-mysql-debuginfo-5.6.1-17.16.1 libQt5Sql5-postgresql-5.6.1-17.16.1 libQt5Sql5-postgresql-debuginfo-5.6.1-17.16.1 libQt5Sql5-sqlite-5.6.1-17.16.1 libQt5Sql5-sqlite-debuginfo-5.6.1-17.16.1 libQt5Sql5-unixODBC-5.6.1-17.16.1 libQt5Sql5-unixODBC-debuginfo-5.6.1-17.16.1 libQt5Test5-5.6.1-17.16.1 libQt5Test5-debuginfo-5.6.1-17.16.1 libQt5Widgets5-5.6.1-17.16.1 libQt5Widgets5-debuginfo-5.6.1-17.16.1 libQt5Xml5-5.6.1-17.16.1 libQt5Xml5-debuginfo-5.6.1-17.16.1 libqt5-qtbase-debugsource-5.6.1-17.16.1 References: https://www.suse.com/security/cve/CVE-2020-17507.html https://bugzilla.suse.com/1172515 https://bugzilla.suse.com/1176315 From sle-updates at lists.suse.com Mon Sep 28 07:23:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Sep 2020 15:23:24 +0200 (CEST) Subject: SUSE-RU-2020:2764-1: moderate: Recommended update for yast2-security Message-ID: <20200928132324.DC7ADFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-security ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2764-1 Rating: moderate References: #1174619 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-security fixes the following issue: Update from version 4.2.12 to version 4.2.13 for setting the cracklib dictionary path correctly. (bsc#1174619) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2764=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-security-4.2.13-3.3.1 References: https://bugzilla.suse.com/1174619 From sle-updates at lists.suse.com Mon Sep 28 13:13:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Sep 2020 21:13:25 +0200 (CEST) Subject: SUSE-SU-2020:2768-1: critical: Security update for dpdk Message-ID: <20200928191325.7291BFCEB@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2768-1 Rating: critical References: #1176590 Cross-References: CVE-2020-14374 CVE-2020-14375 CVE-2020-14376 CVE-2020-14377 CVE-2020-14378 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for dpdk fixes the following issues: - dpdk was updated to 18.11.9. For a list of fixes check: - CVE-2020-14374,CVE-2020-14375,CVE-2020-14376,CVE-2020-14377,CVE-2020-14378: Fixed multiple issues where a malicious guest could harm the host using vhost crypto, including executing code in host (VM Escape), reading host application memory space to guest and causing partially denial of service in the host(bsc#1176590). For a list of fixes check: https://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html#fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2768=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2768=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le x86_64): dpdk-debuginfo-18.11.9-3.15.1 dpdk-debugsource-18.11.9-3.15.1 dpdk-devel-18.11.9-3.15.1 dpdk-devel-debuginfo-18.11.9-3.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64): dpdk-thunderx-debuginfo-18.11.9-3.15.1 dpdk-thunderx-debugsource-18.11.9-3.15.1 dpdk-thunderx-devel-18.11.9-3.15.1 dpdk-thunderx-devel-debuginfo-18.11.9-3.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64): dpdk-18.11.9-3.15.1 dpdk-debuginfo-18.11.9-3.15.1 dpdk-debugsource-18.11.9-3.15.1 dpdk-tools-18.11.9-3.15.1 dpdk-tools-debuginfo-18.11.9-3.15.1 libdpdk-18_11-18.11.9-3.15.1 libdpdk-18_11-debuginfo-18.11.9-3.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): dpdk-thunderx-18.11.9-3.15.1 dpdk-thunderx-debuginfo-18.11.9-3.15.1 dpdk-thunderx-debugsource-18.11.9-3.15.1 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_122.37-3.15.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): dpdk-kmp-default-18.11.9_k4.12.14_122.37-3.15.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_122.37-3.15.1 References: https://www.suse.com/security/cve/CVE-2020-14374.html https://www.suse.com/security/cve/CVE-2020-14375.html https://www.suse.com/security/cve/CVE-2020-14376.html https://www.suse.com/security/cve/CVE-2020-14377.html https://www.suse.com/security/cve/CVE-2020-14378.html https://bugzilla.suse.com/1176590 From sle-updates at lists.suse.com Mon Sep 28 13:14:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Sep 2020 21:14:14 +0200 (CEST) Subject: SUSE-SU-2020:2769-1: critical: Security update for dpdk Message-ID: <20200928191414.CF87CFCEB@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2769-1 Rating: critical References: #1176590 Cross-References: CVE-2020-14374 CVE-2020-14375 CVE-2020-14376 CVE-2020-14377 CVE-2020-14378 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for dpdk fixes the following issues: - dpdk was updated to 18.11.9. For a list of fixes check: - CVE-2020-14374,CVE-2020-14375,CVE-2020-14376,CVE-2020-14377,CVE-2020-14378: Fixed multiple issues where a malicious guest could harm the host using vhost crypto, including executing code in host (VM Escape), reading host application memory space to guest and causing partially denial of service in the host(bsc#1176590). For a list of fixes check: https://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html#fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2769=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le x86_64): dpdk-18.11.9-4.12.1 dpdk-debuginfo-18.11.9-4.12.1 dpdk-debugsource-18.11.9-4.12.1 dpdk-devel-18.11.9-4.12.1 dpdk-devel-debuginfo-18.11.9-4.12.1 dpdk-kmp-default-18.11.9_k4.12.14_197.56-4.12.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_197.56-4.12.1 dpdk-tools-18.11.9-4.12.1 dpdk-tools-debuginfo-18.11.9-4.12.1 libdpdk-18_11-18.11.9-4.12.1 libdpdk-18_11-debuginfo-18.11.9-4.12.1 References: https://www.suse.com/security/cve/CVE-2020-14374.html https://www.suse.com/security/cve/CVE-2020-14375.html https://www.suse.com/security/cve/CVE-2020-14376.html https://www.suse.com/security/cve/CVE-2020-14377.html https://www.suse.com/security/cve/CVE-2020-14378.html https://bugzilla.suse.com/1176590 From sle-updates at lists.suse.com Mon Sep 28 13:15:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Sep 2020 21:15:03 +0200 (CEST) Subject: SUSE-SU-2020:2767-1: critical: Security update for dpdk Message-ID: <20200928191503.D0E9AFCEB@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2767-1 Rating: critical References: #1176590 Cross-References: CVE-2020-14374 CVE-2020-14375 CVE-2020-14376 CVE-2020-14377 CVE-2020-14378 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for dpdk fixes the following issues: - dpdk was updated to 18.11.9. For a list of fixes check: - CVE-2020-14374,CVE-2020-14375,CVE-2020-14376,CVE-2020-14377,CVE-2020-14378: Fixed multiple issues where a malicious guest could harm the host using vhost crypto, including executing code in host (VM Escape), reading host application memory space to guest and causing partially denial of service in the host(bsc#1176590). For a list of fixes check: https://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html#fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2767=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2767=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2767=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2767=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dpdk-18.11.9-3.25.1 dpdk-debuginfo-18.11.9-3.25.1 dpdk-debugsource-18.11.9-3.25.1 dpdk-devel-18.11.9-3.25.1 dpdk-devel-debuginfo-18.11.9-3.25.1 dpdk-kmp-default-18.11.9_k4.12.14_150.58-3.25.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150.58-3.25.1 dpdk-tools-18.11.9-3.25.1 dpdk-tools-debuginfo-18.11.9-3.25.1 libdpdk-18_11-18.11.9-3.25.1 libdpdk-18_11-debuginfo-18.11.9-3.25.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): dpdk-18.11.9-3.25.1 dpdk-debuginfo-18.11.9-3.25.1 dpdk-debugsource-18.11.9-3.25.1 dpdk-devel-18.11.9-3.25.1 dpdk-devel-debuginfo-18.11.9-3.25.1 dpdk-kmp-default-18.11.9_k4.12.14_150.58-3.25.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150.58-3.25.1 dpdk-thunderx-18.11.9-3.25.1 dpdk-thunderx-debuginfo-18.11.9-3.25.1 dpdk-thunderx-debugsource-18.11.9-3.25.1 dpdk-thunderx-devel-18.11.9-3.25.1 dpdk-thunderx-devel-debuginfo-18.11.9-3.25.1 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150.58-3.25.1 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150.58-3.25.1 dpdk-tools-18.11.9-3.25.1 dpdk-tools-debuginfo-18.11.9-3.25.1 libdpdk-18_11-18.11.9-3.25.1 libdpdk-18_11-debuginfo-18.11.9-3.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dpdk-18.11.9-3.25.1 dpdk-debuginfo-18.11.9-3.25.1 dpdk-debugsource-18.11.9-3.25.1 dpdk-devel-18.11.9-3.25.1 dpdk-devel-debuginfo-18.11.9-3.25.1 dpdk-kmp-default-18.11.9_k4.12.14_150.58-3.25.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150.58-3.25.1 dpdk-tools-18.11.9-3.25.1 dpdk-tools-debuginfo-18.11.9-3.25.1 libdpdk-18_11-18.11.9-3.25.1 libdpdk-18_11-debuginfo-18.11.9-3.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): dpdk-thunderx-18.11.9-3.25.1 dpdk-thunderx-debuginfo-18.11.9-3.25.1 dpdk-thunderx-debugsource-18.11.9-3.25.1 dpdk-thunderx-devel-18.11.9-3.25.1 dpdk-thunderx-devel-debuginfo-18.11.9-3.25.1 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150.58-3.25.1 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150.58-3.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dpdk-18.11.9-3.25.1 dpdk-debuginfo-18.11.9-3.25.1 dpdk-debugsource-18.11.9-3.25.1 dpdk-devel-18.11.9-3.25.1 dpdk-devel-debuginfo-18.11.9-3.25.1 dpdk-kmp-default-18.11.9_k4.12.14_150.58-3.25.1 dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150.58-3.25.1 dpdk-tools-18.11.9-3.25.1 dpdk-tools-debuginfo-18.11.9-3.25.1 libdpdk-18_11-18.11.9-3.25.1 libdpdk-18_11-debuginfo-18.11.9-3.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): dpdk-thunderx-18.11.9-3.25.1 dpdk-thunderx-debuginfo-18.11.9-3.25.1 dpdk-thunderx-debugsource-18.11.9-3.25.1 dpdk-thunderx-devel-18.11.9-3.25.1 dpdk-thunderx-devel-debuginfo-18.11.9-3.25.1 dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150.58-3.25.1 dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150.58-3.25.1 References: https://www.suse.com/security/cve/CVE-2020-14374.html https://www.suse.com/security/cve/CVE-2020-14375.html https://www.suse.com/security/cve/CVE-2020-14376.html https://www.suse.com/security/cve/CVE-2020-14377.html https://www.suse.com/security/cve/CVE-2020-14378.html https://bugzilla.suse.com/1176590 From sle-updates at lists.suse.com Mon Sep 28 13:15:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Sep 2020 21:15:55 +0200 (CEST) Subject: SUSE-SU-2020:2770-1: critical: Security update for dpdk Message-ID: <20200928191555.14128FCEB@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2770-1 Rating: critical References: #1176590 Cross-References: CVE-2020-14374 CVE-2020-14375 CVE-2020-14376 CVE-2020-14377 CVE-2020-14378 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for dpdk fixes the following issues: - dpdk was updated to 19.11.4 - CVE-2020-14374,CVE-2020-14375,CVE-2020-14376,CVE-2020-14377,CVE-2020-14378: Fixed multiple issues where a malicious guest could harm the host using vhost crypto, including executing code in host (VM Escape), reading host application memory space to guest and causing partially denial of service in the host(bsc#1176590). - For a list of fixes check: https://doc.dpdk.org/guides-19.11/rel_notes/release_19_11.html#id8 denial of service in the host (bsc#1176590). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2770=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2770=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le x86_64): dpdk-19.11.4-3.9.1 dpdk-debuginfo-19.11.4-3.9.1 dpdk-debugsource-19.11.4-3.9.1 dpdk-devel-19.11.4-3.9.1 dpdk-devel-debuginfo-19.11.4-3.9.1 dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1 dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_24.15-3.9.1 dpdk-tools-19.11.4-3.9.1 dpdk-tools-debuginfo-19.11.4-3.9.1 libdpdk-20_0-19.11.4-3.9.1 libdpdk-20_0-debuginfo-19.11.4-3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64): dpdk-thunderx-19.11.4-3.9.1 dpdk-thunderx-debuginfo-19.11.4-3.9.1 dpdk-thunderx-debugsource-19.11.4-3.9.1 dpdk-thunderx-devel-19.11.4-3.9.1 dpdk-thunderx-devel-debuginfo-19.11.4-3.9.1 dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1 dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_24.15-3.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libdpdk-20_0-19.11.4-3.9.1 libdpdk-20_0-debuginfo-19.11.4-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-14374.html https://www.suse.com/security/cve/CVE-2020-14375.html https://www.suse.com/security/cve/CVE-2020-14376.html https://www.suse.com/security/cve/CVE-2020-14377.html https://www.suse.com/security/cve/CVE-2020-14378.html https://bugzilla.suse.com/1176590 From sle-updates at lists.suse.com Mon Sep 28 13:17:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 28 Sep 2020 21:17:56 +0200 (CEST) Subject: SUSE-SU-2020:14502-1: important: Security update for MozillaFirefox Message-ID: <20200928191756.9DD5DFCEB@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14502-1 Rating: important References: #1167976 #1173986 #1175046 #1176756 Cross-References: CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) - Fixed problems with compiler builtins on SLE-11 (bsc#1175046) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14502=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14502=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-78.3.0-78.93.1 MozillaFirefox-translations-common-78.3.0-78.93.1 MozillaFirefox-translations-other-78.3.0-78.93.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-78.3.0-78.93.1 References: https://www.suse.com/security/cve/CVE-2020-15673.html https://www.suse.com/security/cve/CVE-2020-15676.html https://www.suse.com/security/cve/CVE-2020-15677.html https://www.suse.com/security/cve/CVE-2020-15678.html https://bugzilla.suse.com/1167976 https://bugzilla.suse.com/1173986 https://bugzilla.suse.com/1175046 https://bugzilla.suse.com/1176756 From sle-updates at lists.suse.com Tue Sep 29 04:14:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 12:14:58 +0200 (CEST) Subject: SUSE-RU-2020:2773-1: moderate: Recommended update for python3-susepubliccloudinfo Message-ID: <20200929101458.1683AFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-susepubliccloudinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2773-1 Rating: moderate References: #1176102 #1176103 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-susepubliccloudinfo contains the following fixes: - Update to version 1.2.2: (bsc#1176102, bsc#1176103) + Support query for providers/frameworks, regions, and image states. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2773=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2773=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-susepubliccloudinfo-1.2.2-3.12.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-susepubliccloudinfo-1.2.2-3.12.1 References: https://bugzilla.suse.com/1176102 https://bugzilla.suse.com/1176103 From sle-updates at lists.suse.com Tue Sep 29 04:16:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 12:16:09 +0200 (CEST) Subject: SUSE-RU-2020:2774-1: moderate: Recommended update for fftw3 Message-ID: <20200929101609.0752FFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for fftw3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2774-1 Rating: moderate References: #1174329 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fftw3 fixes the following issues: - Fixes an issues when a malformatted spec file caused issues during building 'openmpi'. (bsc#1174329) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2774=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2774=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2774=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2774=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): fftw3-debugsource-3.3.6-6.3.6 fftw3-devel-3.3.6-6.3.6 fftw3-devel-debuginfo-3.3.6-6.3.6 fftw3-mpi-devel-3.3.6-6.3.6 fftw3-openmp-devel-3.3.6-6.3.6 fftw3-threads-devel-3.3.6-6.3.6 libfftw3-3-3.3.6-6.3.6 libfftw3-3-debuginfo-3.3.6-6.3.6 libfftw3_mpi3-3.3.6-6.3.6 libfftw3_mpi3-debuginfo-3.3.6-6.3.6 libfftw3_omp3-3.3.6-6.3.6 libfftw3_omp3-debuginfo-3.3.6-6.3.6 libfftw3_threads3-3.3.6-6.3.6 libfftw3_threads3-debuginfo-3.3.6-6.3.6 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): fftw3-debugsource-3.3.6-6.3.6 fftw3-devel-3.3.6-6.3.6 fftw3-devel-debuginfo-3.3.6-6.3.6 fftw3-openmp-devel-3.3.6-6.3.6 fftw3-threads-devel-3.3.6-6.3.6 libfftw3-3-3.3.6-6.3.6 libfftw3-3-debuginfo-3.3.6-6.3.6 libfftw3_omp3-3.3.6-6.3.6 libfftw3_omp3-debuginfo-3.3.6-6.3.6 libfftw3_threads3-3.3.6-6.3.6 libfftw3_threads3-debuginfo-3.3.6-6.3.6 - SUSE Linux Enterprise Server 15-LTSS (aarch64): fftw3-mpi-devel-3.3.6-6.3.6 libfftw3_mpi3-3.3.6-6.3.6 libfftw3_mpi3-debuginfo-3.3.6-6.3.6 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): fftw3-debugsource-3.3.6-6.3.6 fftw3-devel-3.3.6-6.3.6 fftw3-devel-debuginfo-3.3.6-6.3.6 fftw3-gnu-hpc-devel-3.3.6-6.3.4 fftw3-gnu-mpich-hpc-devel-3.3.6-6.3.5 fftw3-gnu-mvapich2-hpc-devel-3.3.6-6.3.6 fftw3-gnu-openmpi2-hpc-devel-3.3.6-6.3.6 fftw3-openmp-devel-3.3.6-6.3.6 fftw3-threads-devel-3.3.6-6.3.6 fftw3_3_3_6-gnu-hpc-debuginfo-3.3.6-6.3.4 fftw3_3_3_6-gnu-hpc-debugsource-3.3.6-6.3.4 fftw3_3_3_6-gnu-hpc-devel-3.3.6-6.3.4 fftw3_3_3_6-gnu-hpc-devel-debuginfo-3.3.6-6.3.4 fftw3_3_3_6-gnu-hpc-devel-static-3.3.6-6.3.4 fftw3_3_3_6-gnu-mpich-hpc-debuginfo-3.3.6-6.3.5 fftw3_3_3_6-gnu-mpich-hpc-debugsource-3.3.6-6.3.5 fftw3_3_3_6-gnu-mpich-hpc-devel-3.3.6-6.3.5 fftw3_3_3_6-gnu-mpich-hpc-devel-debuginfo-3.3.6-6.3.5 fftw3_3_3_6-gnu-mpich-hpc-devel-static-3.3.6-6.3.5 fftw3_3_3_6-gnu-mvapich2-hpc-debuginfo-3.3.6-6.3.6 fftw3_3_3_6-gnu-mvapich2-hpc-debugsource-3.3.6-6.3.6 fftw3_3_3_6-gnu-mvapich2-hpc-devel-3.3.6-6.3.6 fftw3_3_3_6-gnu-mvapich2-hpc-devel-debuginfo-3.3.6-6.3.6 fftw3_3_3_6-gnu-mvapich2-hpc-devel-static-3.3.6-6.3.6 fftw3_3_3_6-gnu-openmpi2-hpc-debuginfo-3.3.6-6.3.6 fftw3_3_3_6-gnu-openmpi2-hpc-debugsource-3.3.6-6.3.6 fftw3_3_3_6-gnu-openmpi2-hpc-devel-3.3.6-6.3.6 fftw3_3_3_6-gnu-openmpi2-hpc-devel-debuginfo-3.3.6-6.3.6 fftw3_3_3_6-gnu-openmpi2-hpc-devel-static-3.3.6-6.3.6 libfftw3-3-3.3.6-6.3.6 libfftw3-3-debuginfo-3.3.6-6.3.6 libfftw3-gnu-hpc-3.3.6-6.3.4 libfftw3-gnu-mpich-hpc-3.3.6-6.3.5 libfftw3-gnu-mvapich2-hpc-3.3.6-6.3.6 libfftw3-gnu-openmpi2-hpc-3.3.6-6.3.6 libfftw3_3_3_6-gnu-hpc-3.3.6-6.3.4 libfftw3_3_3_6-gnu-hpc-debuginfo-3.3.6-6.3.4 libfftw3_3_3_6-gnu-mpich-hpc-3.3.6-6.3.5 libfftw3_3_3_6-gnu-mpich-hpc-debuginfo-3.3.6-6.3.5 libfftw3_3_3_6-gnu-mvapich2-hpc-3.3.6-6.3.6 libfftw3_3_3_6-gnu-mvapich2-hpc-debuginfo-3.3.6-6.3.6 libfftw3_3_3_6-gnu-openmpi2-hpc-3.3.6-6.3.6 libfftw3_3_3_6-gnu-openmpi2-hpc-debuginfo-3.3.6-6.3.6 libfftw3_omp3-3.3.6-6.3.6 libfftw3_omp3-debuginfo-3.3.6-6.3.6 libfftw3_threads3-3.3.6-6.3.6 libfftw3_threads3-debuginfo-3.3.6-6.3.6 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): fftw3-debugsource-3.3.6-6.3.6 fftw3-devel-3.3.6-6.3.6 fftw3-devel-debuginfo-3.3.6-6.3.6 fftw3-gnu-hpc-devel-3.3.6-6.3.4 fftw3-gnu-mpich-hpc-devel-3.3.6-6.3.5 fftw3-gnu-mvapich2-hpc-devel-3.3.6-6.3.6 fftw3-gnu-openmpi2-hpc-devel-3.3.6-6.3.6 fftw3-openmp-devel-3.3.6-6.3.6 fftw3-threads-devel-3.3.6-6.3.6 fftw3_3_3_6-gnu-hpc-debuginfo-3.3.6-6.3.4 fftw3_3_3_6-gnu-hpc-debugsource-3.3.6-6.3.4 fftw3_3_3_6-gnu-hpc-devel-3.3.6-6.3.4 fftw3_3_3_6-gnu-hpc-devel-debuginfo-3.3.6-6.3.4 fftw3_3_3_6-gnu-hpc-devel-static-3.3.6-6.3.4 fftw3_3_3_6-gnu-mpich-hpc-debuginfo-3.3.6-6.3.5 fftw3_3_3_6-gnu-mpich-hpc-debugsource-3.3.6-6.3.5 fftw3_3_3_6-gnu-mpich-hpc-devel-3.3.6-6.3.5 fftw3_3_3_6-gnu-mpich-hpc-devel-debuginfo-3.3.6-6.3.5 fftw3_3_3_6-gnu-mpich-hpc-devel-static-3.3.6-6.3.5 fftw3_3_3_6-gnu-mvapich2-hpc-debuginfo-3.3.6-6.3.6 fftw3_3_3_6-gnu-mvapich2-hpc-debugsource-3.3.6-6.3.6 fftw3_3_3_6-gnu-mvapich2-hpc-devel-3.3.6-6.3.6 fftw3_3_3_6-gnu-mvapich2-hpc-devel-debuginfo-3.3.6-6.3.6 fftw3_3_3_6-gnu-mvapich2-hpc-devel-static-3.3.6-6.3.6 fftw3_3_3_6-gnu-openmpi2-hpc-debuginfo-3.3.6-6.3.6 fftw3_3_3_6-gnu-openmpi2-hpc-debugsource-3.3.6-6.3.6 fftw3_3_3_6-gnu-openmpi2-hpc-devel-3.3.6-6.3.6 fftw3_3_3_6-gnu-openmpi2-hpc-devel-debuginfo-3.3.6-6.3.6 fftw3_3_3_6-gnu-openmpi2-hpc-devel-static-3.3.6-6.3.6 libfftw3-3-3.3.6-6.3.6 libfftw3-3-debuginfo-3.3.6-6.3.6 libfftw3-gnu-hpc-3.3.6-6.3.4 libfftw3-gnu-mpich-hpc-3.3.6-6.3.5 libfftw3-gnu-mvapich2-hpc-3.3.6-6.3.6 libfftw3-gnu-openmpi2-hpc-3.3.6-6.3.6 libfftw3_3_3_6-gnu-hpc-3.3.6-6.3.4 libfftw3_3_3_6-gnu-hpc-debuginfo-3.3.6-6.3.4 libfftw3_3_3_6-gnu-mpich-hpc-3.3.6-6.3.5 libfftw3_3_3_6-gnu-mpich-hpc-debuginfo-3.3.6-6.3.5 libfftw3_3_3_6-gnu-mvapich2-hpc-3.3.6-6.3.6 libfftw3_3_3_6-gnu-mvapich2-hpc-debuginfo-3.3.6-6.3.6 libfftw3_3_3_6-gnu-openmpi2-hpc-3.3.6-6.3.6 libfftw3_3_3_6-gnu-openmpi2-hpc-debuginfo-3.3.6-6.3.6 libfftw3_omp3-3.3.6-6.3.6 libfftw3_omp3-debuginfo-3.3.6-6.3.6 libfftw3_threads3-3.3.6-6.3.6 libfftw3_threads3-debuginfo-3.3.6-6.3.6 References: https://bugzilla.suse.com/1174329 From sle-updates at lists.suse.com Tue Sep 29 04:17:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 12:17:10 +0200 (CEST) Subject: SUSE-RU-2020:2775-1: moderate: Recommended update for fftw3 Message-ID: <20200929101710.2A89BFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for fftw3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2775-1 Rating: moderate References: #1174329 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fftw3 fixes the following issues: - Fixes an issues when a malformatted spec file caused issues during building 'openmpi'. (bsc#1174329) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2020-2775=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): fftw3-gnu-mvapich2-hpc-devel-3.3.6-6.10.1 fftw3-gnu-openmpi1-hpc-devel-3.3.6-6.10.1 fftw3_3_3_6-gnu-mvapich2-hpc-debugsource-3.3.6-6.10.1 fftw3_3_3_6-gnu-mvapich2-hpc-devel-3.3.6-6.10.1 fftw3_3_3_6-gnu-mvapich2-hpc-devel-debuginfo-3.3.6-6.10.1 fftw3_3_3_6-gnu-mvapich2-hpc-devel-static-3.3.6-6.10.1 fftw3_3_3_6-gnu-openmpi1-hpc-debugsource-3.3.6-6.10.1 fftw3_3_3_6-gnu-openmpi1-hpc-devel-3.3.6-6.10.1 fftw3_3_3_6-gnu-openmpi1-hpc-devel-debuginfo-3.3.6-6.10.1 fftw3_3_3_6-gnu-openmpi1-hpc-devel-static-3.3.6-6.10.1 libfftw3-gnu-mvapich2-hpc-3.3.6-6.10.1 libfftw3-gnu-openmpi1-hpc-3.3.6-6.10.1 libfftw3_3_3_6-gnu-mvapich2-hpc-3.3.6-6.10.1 libfftw3_3_3_6-gnu-mvapich2-hpc-debuginfo-3.3.6-6.10.1 libfftw3_3_3_6-gnu-openmpi1-hpc-3.3.6-6.10.1 libfftw3_3_3_6-gnu-openmpi1-hpc-debuginfo-3.3.6-6.10.1 - SUSE Linux Enterprise Module for HPC 12 (x86_64): fftw3-gnu-hpc-devel-3.3.6-6.10.1 fftw3_3_3_6-gnu-hpc-debugsource-3.3.6-6.10.1 fftw3_3_3_6-gnu-hpc-devel-3.3.6-6.10.1 fftw3_3_3_6-gnu-hpc-devel-debuginfo-3.3.6-6.10.1 fftw3_3_3_6-gnu-hpc-devel-static-3.3.6-6.10.1 libfftw3-gnu-hpc-3.3.6-6.10.1 libfftw3_3_3_6-gnu-hpc-3.3.6-6.10.1 libfftw3_3_3_6-gnu-hpc-debuginfo-3.3.6-6.10.1 References: https://bugzilla.suse.com/1174329 From sle-updates at lists.suse.com Tue Sep 29 07:14:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 15:14:27 +0200 (CEST) Subject: SUSE-SU-2020:2776-1: moderate: Security update for go1.15 Message-ID: <20200929131427.26236FCFD@maintenance.suse.de> SUSE Security Update: Security update for go1.15 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2776-1 Rating: moderate References: #1170826 #1175132 #1176031 ECO-1484 Cross-References: CVE-2020-24553 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has two fixes is now available. Description: go1.15 (released 2020-08-11) Go 1.15 is a major release of Go. go1.15.x minor releases will be provided through August 2021. https://github.com/golang/go/wiki/Go-Release-Cycle Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * See release notes https://golang.org/doc/go1.15. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * Module support in the go command is ready for production use, and we encourage all users to migrate to Go modules for dependency management. * Module cache: The location of the module cache may now be set with the GOMODCACHE environment variable. The default value of GOMODCACHE is GOPATH[0]/pkg/mod, the location of the module cache before this change. * Compiler flag parsing: Various flag parsing issues in go test and go vet have been fixed. Notably, flags specified in GOFLAGS are handled more consistently, and the -outputdir flag now interprets relative paths relative to the working directory of the go command (rather than the working directory of each individual test). * The GOPROXY environment variable now supports skipping proxies that return errors. Proxy URLs may now be separated with either commas (,) or pipe characters (|). If a proxy URL is followed by a comma, the go command will only try the next proxy in the list after a 404 or 410 HTTP response. If a proxy URL is followed by a pipe character, the go command will try the next proxy in the list after any error. Note that the default value of GOPROXY remains https://proxy.golang.org,direct, which does not fall back to direct in case of errors. * On a Unix system, if the kill command or kill system call is used to send a SIGSEGV, SIGBUS, or SIGFPE signal to a Go program, and if the signal is not being handled via os/signal.Notify, the Go program will now reliably crash with a stack trace. In earlier releases the behavior was unpredictable. * Allocation of small objects now performs much better at high core counts, and has lower worst-case latency. * Go 1.15 reduces typical binary sizes by around 5% compared to Go 1.14 by eliminating certain types of GC metadata and more aggressively eliminating unused type metadata. * The toolchain now mitigates Intel CPU erratum SKX102 on GOARCH=amd64 by aligning functions to 32 byte boundaries and padding jump instructions. While this padding increases binary sizes, this is more than made up for by the binary size improvements mentioned above. * Go 1.15 adds a -spectre flag to both the compiler and the assembler, to allow enabling Spectre mitigations. These should almost never be needed and are provided mainly as a "defense in depth" mechanism. See the Spectre Go wiki page for details. * The compiler now rejects //go: compiler directives that have no meaning for the declaration they are applied to with a "misplaced compiler directive" error. Such misapplied directives were broken before, but were silently ignored by the compiler. * Substantial improvements to the Go linker, which reduce linker resource usage (both time and memory) and improve code robustness/maintainability. Linking is 20% faster and requires 30% less memory on average. These changes are part of a multi-release project to modernize the Go linker, meaning that there will be additional linker improvements expected in future releases. * The linker now defaults to internal linking mode for -buildmode=pie on linux/amd64 and linux/arm64, so these configurations no longer require a C linker. * There has been progress in improving the stability and performance of the 64-bit RISC-V port on Linux (GOOS=linux, GOARCH=riscv64). It also now supports asynchronous preemption. * crypto/x509: The deprecated, legacy behavior of treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is now disabled by default. It can be temporarily re-enabled by adding the value x509ignoreCN=0 to the GODEBUG environment variable. Note that if the CommonName is an invalid host name, it's always ignored, regardless of GODEBUG settings. Invalid names include those with any characters other than letters, digits, hyphens and underscores, and those with empty labels or trailing dots. * crypto/x509: go1.15 applications with an AWS DB instance that was created or updated to the rds-ca-2019 certificate prior to July 28, 2020, you must update the certificate again. If you created your DB instance or updated its certificate after July 28, 2020, no action is required. For more information, see go#39568 This update ships go1.15.2 (released 2020-09-09) includes fixes to the compiler, runtime, documentation, the go command, and the net/mail, os, sync, and testing packages. * go#41193 net/http/fcgi: race detected during execution of TestResponseWriterSniffsContentType test * go#41178 doc: include fix for #34437 in Go 1.14 release notes * go#41034 testing: Cleanup races with Logf and Errorf * go#41011 sync: sync.Map keys will never be garbage collected * go#40934 runtime: checkptr incorrectly -race flagging when using &^ arithmetic * go#40900 internal/poll: CopyFileRange returns EPERM on CircleCI Docker Host running 4.10.0-40-generic * go#40868 cmd/compile: R12 can be clobbered for write barrier call on PPC64 * go#40849 testing: "=== PAUSE" lines do not change the test name for the next log line * go#40845 runtime: Panic if newstack at runtime.acquireLockRank * go#40805 cmd/test2json: tests that panic are marked as passing * go#40804 net/mail: change in behavior of ParseAddressList("") in 1.15 * go#40802 cmd/go: in 1.15: change in "go test" argument parsing * go#40798 cmd/compile: inline marker targets not reachable after assembly on arm * go#40772 cmd/compile: compiler crashes in ssa: isNonNegative bad type * go#40767 cmd/compile: inline marker targets not reachable after assembly on ppc64x * go#40739 internal/poll: CopyFileRange returns ENOTSUP on Linux 3.10.0 kernel on NFS mount * go#40412 runtime: Windows service lifecycle events behave incorrectly when called within a golang environment go1.15.1 (released 2020-09-01) includes security fixes to the net/http/cgi and net/http/fcgi packages. * bsc#1176031 CVE-2020-24553: go net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified * go#41165 net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2776=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2776=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.15-1.15.2-1.3.1 go1.15-doc-1.15.2-1.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): go1.15-1.15.2-1.3.1 go1.15-doc-1.15.2-1.3.1 References: https://www.suse.com/security/cve/CVE-2020-24553.html https://bugzilla.suse.com/1170826 https://bugzilla.suse.com/1175132 https://bugzilla.suse.com/1176031 From sle-updates at lists.suse.com Tue Sep 29 07:15:35 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 15:15:35 +0200 (CEST) Subject: SUSE-RU-2020:2782-1: important: Recommended update for systemd-rpm-macros Message-ID: <20200929131535.4C353FCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2782-1 Rating: important References: #1176932 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd-rpm-macros fixes the following issues: - Backport missing macros of directory paths from upstream + %_environmentdir + %_modulesloaddir + %_modprobedir - Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the empty string. (bsc#1176932) Otherwise sequences like the following code: if [ ... ]; then %_restart_on_update_never fi would result in the following incorrect shell syntax: if [ ... ]; then fi Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2782=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2782=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-rpm-macros-4.1-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): systemd-rpm-macros-4.1-7.6.1 References: https://bugzilla.suse.com/1176932 From sle-updates at lists.suse.com Tue Sep 29 07:17:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 15:17:44 +0200 (CEST) Subject: SUSE-RU-2020:2783-1: moderate: Recommended update for ndctl Message-ID: <20200929131744.A7643FCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for ndctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2783-1 Rating: moderate References: #1109940 #1137903 #1165509 #1167861 #1175851 SLE-13321 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has 5 recommended fixes and contains one feature can now be installed. Description: This update for ndctl fixes the following issues: - Suppress ENXIO when processing all namespaces. (jsc#SLE-13321, bsc#1175851, bsc#1109940) - ndctl/namespace: Skip zero namespaces when processing all namespaces. (bsc#1167861, bsc#1165509, bsc#1109940) - remove the service add/del for ndctl-monitor, since these functionalities are not available in v61. (bsc#1137903) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2783=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2783=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2783=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2783=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libndctl6-61.2-3.3.1 libndctl6-debuginfo-61.2-3.3.1 ndctl-61.2-3.3.1 ndctl-debuginfo-61.2-3.3.1 ndctl-debugsource-61.2-3.3.1 - SUSE OpenStack Cloud 9 (x86_64): libndctl6-61.2-3.3.1 libndctl6-debuginfo-61.2-3.3.1 ndctl-61.2-3.3.1 ndctl-debuginfo-61.2-3.3.1 ndctl-debugsource-61.2-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libndctl6-61.2-3.3.1 libndctl6-debuginfo-61.2-3.3.1 ndctl-61.2-3.3.1 ndctl-debuginfo-61.2-3.3.1 ndctl-debugsource-61.2-3.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): libndctl6-61.2-3.3.1 libndctl6-debuginfo-61.2-3.3.1 ndctl-61.2-3.3.1 ndctl-debuginfo-61.2-3.3.1 ndctl-debugsource-61.2-3.3.1 References: https://bugzilla.suse.com/1109940 https://bugzilla.suse.com/1137903 https://bugzilla.suse.com/1165509 https://bugzilla.suse.com/1167861 https://bugzilla.suse.com/1175851 From sle-updates at lists.suse.com Tue Sep 29 07:19:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 15:19:08 +0200 (CEST) Subject: SUSE-RU-2020:2779-1: moderate: Recommended update for rsyslog Message-ID: <20200929131908.B7CF5FCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2779-1 Rating: moderate References: #1173433 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2779=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2779=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.39.0-4.3.1 rsyslog-debugsource-8.39.0-4.3.1 rsyslog-module-gssapi-8.39.0-4.3.1 rsyslog-module-gssapi-debuginfo-8.39.0-4.3.1 rsyslog-module-gtls-8.39.0-4.3.1 rsyslog-module-gtls-debuginfo-8.39.0-4.3.1 rsyslog-module-mysql-8.39.0-4.3.1 rsyslog-module-mysql-debuginfo-8.39.0-4.3.1 rsyslog-module-pgsql-8.39.0-4.3.1 rsyslog-module-pgsql-debuginfo-8.39.0-4.3.1 rsyslog-module-relp-8.39.0-4.3.1 rsyslog-module-relp-debuginfo-8.39.0-4.3.1 rsyslog-module-snmp-8.39.0-4.3.1 rsyslog-module-snmp-debuginfo-8.39.0-4.3.1 rsyslog-module-udpspoof-8.39.0-4.3.1 rsyslog-module-udpspoof-debuginfo-8.39.0-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): rsyslog-8.39.0-4.3.1 rsyslog-debuginfo-8.39.0-4.3.1 rsyslog-debugsource-8.39.0-4.3.1 References: https://bugzilla.suse.com/1173433 From sle-updates at lists.suse.com Tue Sep 29 07:20:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 15:20:57 +0200 (CEST) Subject: SUSE-RU-2020:2780-1: moderate: Recommended update for rsyslog Message-ID: <20200929132057.41AAEFCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2780-1 Rating: moderate References: #1173433 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2780=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2780=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.33.1-3.28.1 rsyslog-debugsource-8.33.1-3.28.1 rsyslog-module-gssapi-8.33.1-3.28.1 rsyslog-module-gssapi-debuginfo-8.33.1-3.28.1 rsyslog-module-gtls-8.33.1-3.28.1 rsyslog-module-gtls-debuginfo-8.33.1-3.28.1 rsyslog-module-mmnormalize-8.33.1-3.28.1 rsyslog-module-mmnormalize-debuginfo-8.33.1-3.28.1 rsyslog-module-mysql-8.33.1-3.28.1 rsyslog-module-mysql-debuginfo-8.33.1-3.28.1 rsyslog-module-pgsql-8.33.1-3.28.1 rsyslog-module-pgsql-debuginfo-8.33.1-3.28.1 rsyslog-module-relp-8.33.1-3.28.1 rsyslog-module-relp-debuginfo-8.33.1-3.28.1 rsyslog-module-snmp-8.33.1-3.28.1 rsyslog-module-snmp-debuginfo-8.33.1-3.28.1 rsyslog-module-udpspoof-8.33.1-3.28.1 rsyslog-module-udpspoof-debuginfo-8.33.1-3.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): rsyslog-8.33.1-3.28.1 rsyslog-debuginfo-8.33.1-3.28.1 rsyslog-debugsource-8.33.1-3.28.1 References: https://bugzilla.suse.com/1173433 From sle-updates at lists.suse.com Tue Sep 29 07:21:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 15:21:50 +0200 (CEST) Subject: SUSE-RU-2020:2778-1: moderate: Recommended update for rsyslog Message-ID: <20200929132150.D8FF0FCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2778-1 Rating: moderate References: #1173433 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Fix the URL for bug reporting. (bsc#1173433) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2778=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): rsyslog-8.24.0-3.42.1 rsyslog-debuginfo-8.24.0-3.42.1 rsyslog-debugsource-8.24.0-3.42.1 rsyslog-diag-tools-8.24.0-3.42.1 rsyslog-diag-tools-debuginfo-8.24.0-3.42.1 rsyslog-doc-8.24.0-3.42.1 rsyslog-module-gssapi-8.24.0-3.42.1 rsyslog-module-gssapi-debuginfo-8.24.0-3.42.1 rsyslog-module-gtls-8.24.0-3.42.1 rsyslog-module-gtls-debuginfo-8.24.0-3.42.1 rsyslog-module-mmnormalize-8.24.0-3.42.1 rsyslog-module-mmnormalize-debuginfo-8.24.0-3.42.1 rsyslog-module-mysql-8.24.0-3.42.1 rsyslog-module-mysql-debuginfo-8.24.0-3.42.1 rsyslog-module-pgsql-8.24.0-3.42.1 rsyslog-module-pgsql-debuginfo-8.24.0-3.42.1 rsyslog-module-relp-8.24.0-3.42.1 rsyslog-module-relp-debuginfo-8.24.0-3.42.1 rsyslog-module-snmp-8.24.0-3.42.1 rsyslog-module-snmp-debuginfo-8.24.0-3.42.1 rsyslog-module-udpspoof-8.24.0-3.42.1 rsyslog-module-udpspoof-debuginfo-8.24.0-3.42.1 References: https://bugzilla.suse.com/1173433 From sle-updates at lists.suse.com Tue Sep 29 07:22:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 15:22:48 +0200 (CEST) Subject: SUSE-RU-2020:2781-1: moderate: Recommended update for openssh Message-ID: <20200929132248.18122FCFD@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2781-1 Rating: moderate References: #1173799 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - This uses OpenSSL's RAND_bytes() directly instead of the internal ChaCha20-based implementation to obtain random bytes for Ed25519 curve computations. This is required for FIPS compliance. (bsc#1173799). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2781=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2781=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2781=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-8.1p1-5.3.1 openssh-debugsource-8.1p1-5.3.1 openssh-fips-8.1p1-5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-8.1p1-5.3.1 openssh-askpass-gnome-debuginfo-8.1p1-5.3.1 openssh-askpass-gnome-debugsource-8.1p1-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): openssh-8.1p1-5.3.1 openssh-debuginfo-8.1p1-5.3.1 openssh-debugsource-8.1p1-5.3.1 openssh-helpers-8.1p1-5.3.1 openssh-helpers-debuginfo-8.1p1-5.3.1 References: https://bugzilla.suse.com/1173799 From sle-updates at lists.suse.com Tue Sep 29 10:14:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:14:20 +0200 (CEST) Subject: SUSE-SU-2020:2784-1: moderate: Security update for python-pip Message-ID: <20200929161420.3E8A1FCEB@maintenance.suse.de> SUSE Security Update: Security update for python-pip ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2784-1 Rating: moderate References: #1176262 SOC-11388 Cross-References: CVE-2019-20916 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in _download_http_url (bsc#1176262) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2784=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2784=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2784=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2784=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2784=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2784=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2784=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2784=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): python2-pip-10.0.1-3.3.1 python3-pip-10.0.1-3.3.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): python2-pip-10.0.1-3.3.1 python3-pip-10.0.1-3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-pip-10.0.1-3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (noarch): python2-pip-10.0.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-pip-10.0.1-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-pip-10.0.1-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python2-pip-10.0.1-3.3.1 python3-pip-10.0.1-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python2-pip-10.0.1-3.3.1 python3-pip-10.0.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 From sle-updates at lists.suse.com Tue Sep 29 10:15:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:15:16 +0200 (CEST) Subject: SUSE-SU-2020:2789-1: important: Security update for xen Message-ID: <20200929161516.39466FCEB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2789-1 Rating: important References: #1176343 #1176344 #1176345 #1176346 #1176347 #1176348 #1176349 #1176350 Cross-References: CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2789=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2789=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2789=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_16-3.41.1 xen-debugsource-4.10.4_16-3.41.1 xen-devel-4.10.4_16-3.41.1 xen-libs-4.10.4_16-3.41.1 xen-libs-debuginfo-4.10.4_16-3.41.1 xen-tools-4.10.4_16-3.41.1 xen-tools-debuginfo-4.10.4_16-3.41.1 xen-tools-domU-4.10.4_16-3.41.1 xen-tools-domU-debuginfo-4.10.4_16-3.41.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_16-3.41.1 xen-debugsource-4.10.4_16-3.41.1 xen-devel-4.10.4_16-3.41.1 xen-libs-4.10.4_16-3.41.1 xen-libs-debuginfo-4.10.4_16-3.41.1 xen-tools-4.10.4_16-3.41.1 xen-tools-debuginfo-4.10.4_16-3.41.1 xen-tools-domU-4.10.4_16-3.41.1 xen-tools-domU-debuginfo-4.10.4_16-3.41.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_16-3.41.1 xen-debugsource-4.10.4_16-3.41.1 xen-devel-4.10.4_16-3.41.1 xen-libs-4.10.4_16-3.41.1 xen-libs-debuginfo-4.10.4_16-3.41.1 xen-tools-4.10.4_16-3.41.1 xen-tools-debuginfo-4.10.4_16-3.41.1 xen-tools-domU-4.10.4_16-3.41.1 xen-tools-domU-debuginfo-4.10.4_16-3.41.1 References: https://www.suse.com/security/cve/CVE-2020-25595.html https://www.suse.com/security/cve/CVE-2020-25596.html https://www.suse.com/security/cve/CVE-2020-25597.html https://www.suse.com/security/cve/CVE-2020-25599.html https://www.suse.com/security/cve/CVE-2020-25600.html https://www.suse.com/security/cve/CVE-2020-25601.html https://www.suse.com/security/cve/CVE-2020-25603.html https://www.suse.com/security/cve/CVE-2020-25604.html https://bugzilla.suse.com/1176343 https://bugzilla.suse.com/1176344 https://bugzilla.suse.com/1176345 https://bugzilla.suse.com/1176346 https://bugzilla.suse.com/1176347 https://bugzilla.suse.com/1176348 https://bugzilla.suse.com/1176349 https://bugzilla.suse.com/1176350 From sle-updates at lists.suse.com Tue Sep 29 10:16:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:16:51 +0200 (CEST) Subject: SUSE-RU-2020:2794-1: moderate: Recommended update for hyper-v Message-ID: <20200929161651.940D6FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for hyper-v ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2794-1 Rating: moderate References: #1116957 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hyper-v fixes the following issues: - Fixes an issue when hyper-v services not running after booting from SLES12SP3 ISO. (bsc#1116957) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2794=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): hyper-v-8-9.6.1 hyper-v-debuginfo-8-9.6.1 hyper-v-debugsource-8-9.6.1 References: https://bugzilla.suse.com/1116957 From sle-updates at lists.suse.com Tue Sep 29 10:17:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:17:42 +0200 (CEST) Subject: SUSE-SU-2020:2786-1: important: Security update for xen Message-ID: <20200929161742.0C56DFCEB@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2786-1 Rating: important References: #1027519 #1175534 #1176339 #1176343 #1176344 #1176345 #1176346 #1176347 #1176348 #1176349 #1176350 Cross-References: CVE-2020-14364 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - Various bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2786=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2786=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2786=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2786=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_08-2.36.1 xen-debugsource-4.11.4_08-2.36.1 xen-doc-html-4.11.4_08-2.36.1 xen-libs-32bit-4.11.4_08-2.36.1 xen-libs-4.11.4_08-2.36.1 xen-libs-debuginfo-32bit-4.11.4_08-2.36.1 xen-libs-debuginfo-4.11.4_08-2.36.1 xen-tools-4.11.4_08-2.36.1 xen-tools-debuginfo-4.11.4_08-2.36.1 xen-tools-domU-4.11.4_08-2.36.1 xen-tools-domU-debuginfo-4.11.4_08-2.36.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_08-2.36.1 xen-debugsource-4.11.4_08-2.36.1 xen-doc-html-4.11.4_08-2.36.1 xen-libs-32bit-4.11.4_08-2.36.1 xen-libs-4.11.4_08-2.36.1 xen-libs-debuginfo-32bit-4.11.4_08-2.36.1 xen-libs-debuginfo-4.11.4_08-2.36.1 xen-tools-4.11.4_08-2.36.1 xen-tools-debuginfo-4.11.4_08-2.36.1 xen-tools-domU-4.11.4_08-2.36.1 xen-tools-domU-debuginfo-4.11.4_08-2.36.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_08-2.36.1 xen-debugsource-4.11.4_08-2.36.1 xen-doc-html-4.11.4_08-2.36.1 xen-libs-32bit-4.11.4_08-2.36.1 xen-libs-4.11.4_08-2.36.1 xen-libs-debuginfo-32bit-4.11.4_08-2.36.1 xen-libs-debuginfo-4.11.4_08-2.36.1 xen-tools-4.11.4_08-2.36.1 xen-tools-debuginfo-4.11.4_08-2.36.1 xen-tools-domU-4.11.4_08-2.36.1 xen-tools-domU-debuginfo-4.11.4_08-2.36.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_08-2.36.1 xen-debugsource-4.11.4_08-2.36.1 xen-doc-html-4.11.4_08-2.36.1 xen-libs-32bit-4.11.4_08-2.36.1 xen-libs-4.11.4_08-2.36.1 xen-libs-debuginfo-32bit-4.11.4_08-2.36.1 xen-libs-debuginfo-4.11.4_08-2.36.1 xen-tools-4.11.4_08-2.36.1 xen-tools-debuginfo-4.11.4_08-2.36.1 xen-tools-domU-4.11.4_08-2.36.1 xen-tools-domU-debuginfo-4.11.4_08-2.36.1 References: https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-25595.html https://www.suse.com/security/cve/CVE-2020-25596.html https://www.suse.com/security/cve/CVE-2020-25597.html https://www.suse.com/security/cve/CVE-2020-25599.html https://www.suse.com/security/cve/CVE-2020-25600.html https://www.suse.com/security/cve/CVE-2020-25601.html https://www.suse.com/security/cve/CVE-2020-25602.html https://www.suse.com/security/cve/CVE-2020-25603.html https://www.suse.com/security/cve/CVE-2020-25604.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1175534 https://bugzilla.suse.com/1176339 https://bugzilla.suse.com/1176343 https://bugzilla.suse.com/1176344 https://bugzilla.suse.com/1176345 https://bugzilla.suse.com/1176346 https://bugzilla.suse.com/1176347 https://bugzilla.suse.com/1176348 https://bugzilla.suse.com/1176349 https://bugzilla.suse.com/1176350 From sle-updates at lists.suse.com Tue Sep 29 10:19:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:19:36 +0200 (CEST) Subject: SUSE-RU-2020:2613-1: moderate: Recommended update for certification-sles-eal4, installation-images, patterns-certification, system-role-common-criteria Message-ID: <20200929161936.E40DEFCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for certification-sles-eal4, installation-images, patterns-certification, system-role-common-criteria ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2613-1 Rating: moderate References: #1172898 #1176112 ECO-2528 SLE-12227 SLE-12905 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes and contains three features can now be installed. Description: This update for certification-sles-eal4, installation-images, patterns-certification, system-role-common-criteria fixes the following issues: This updates provided various packages required for Common Criteria certification. certification-sles-eal4: - This package contains setup scripts that are used after installation of a common criteria system role. patterns-certification: - This package contains the packages to be installed. system-role-common-criteria: - This system role is used in the installer to be select and enable the Common Critera installation role. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2613=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): certification-sles-eal4-15.2+git20200922.43f45dd-5.9.1 patterns-certification-common-criteria-15-5.4.1 system-role-common-criteria-15.2.0-5.4.1 References: https://bugzilla.suse.com/1172898 https://bugzilla.suse.com/1176112 From sle-updates at lists.suse.com Tue Sep 29 10:20:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:20:33 +0200 (CEST) Subject: SUSE-RU-2020:2795-1: moderate: Recommended update for hyper-v Message-ID: <20200929162033.1AEB8FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for hyper-v ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2795-1 Rating: moderate References: #1116957 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hyper-v fixes the following issues: - Fixes an issue when hyper-v services not running after booting from SLES12SP3 ISO. (bsc#1116957) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2795=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): hyper-v-8-6.6.3 hyper-v-debuginfo-8-6.6.3 hyper-v-debugsource-8-6.6.3 References: https://bugzilla.suse.com/1116957 From sle-updates at lists.suse.com Tue Sep 29 10:21:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:21:22 +0200 (CEST) Subject: SUSE-SU-2020:2791-1: important: Security update for xen Message-ID: <20200929162122.09C84FCE2@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2791-1 Rating: important References: #1027519 #1176339 #1176341 #1176343 #1176344 #1176345 #1176346 #1176347 #1176348 #1176349 #1176350 Cross-References: CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25598 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - Various other fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2791=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2791=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): xen-4.13.1_08-3.10.1 xen-debugsource-4.13.1_08-3.10.1 xen-devel-4.13.1_08-3.10.1 xen-tools-4.13.1_08-3.10.1 xen-tools-debuginfo-4.13.1_08-3.10.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.1_08-3.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): xen-debugsource-4.13.1_08-3.10.1 xen-libs-4.13.1_08-3.10.1 xen-libs-debuginfo-4.13.1_08-3.10.1 xen-tools-domU-4.13.1_08-3.10.1 xen-tools-domU-debuginfo-4.13.1_08-3.10.1 References: https://www.suse.com/security/cve/CVE-2020-25595.html https://www.suse.com/security/cve/CVE-2020-25596.html https://www.suse.com/security/cve/CVE-2020-25597.html https://www.suse.com/security/cve/CVE-2020-25598.html https://www.suse.com/security/cve/CVE-2020-25599.html https://www.suse.com/security/cve/CVE-2020-25600.html https://www.suse.com/security/cve/CVE-2020-25601.html https://www.suse.com/security/cve/CVE-2020-25602.html https://www.suse.com/security/cve/CVE-2020-25603.html https://www.suse.com/security/cve/CVE-2020-25604.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1176339 https://bugzilla.suse.com/1176341 https://bugzilla.suse.com/1176343 https://bugzilla.suse.com/1176344 https://bugzilla.suse.com/1176345 https://bugzilla.suse.com/1176346 https://bugzilla.suse.com/1176347 https://bugzilla.suse.com/1176348 https://bugzilla.suse.com/1176349 https://bugzilla.suse.com/1176350 From sle-updates at lists.suse.com Tue Sep 29 10:24:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:24:01 +0200 (CEST) Subject: SUSE-SU-2020:2792-1: moderate: Security update for bcm43xx-firmware Message-ID: <20200929162401.EA027FCE2@maintenance.suse.de> SUSE Security Update: Security update for bcm43xx-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2792-1 Rating: moderate References: #1176631 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for bcm43xx-firmware fixes the following issues: - Update bluetooth firmware to address Sweyntooth and Spectra issues (bsc#1176631): Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2792=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): bcm43xx-firmware-20180314-8.3.1 References: https://bugzilla.suse.com/1176631 From sle-updates at lists.suse.com Tue Sep 29 10:24:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:24:51 +0200 (CEST) Subject: SUSE-SU-2020:2787-1: important: Security update for xen Message-ID: <20200929162451.0C9B2FCE2@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2787-1 Rating: important References: #1175534 #1176343 #1176344 #1176345 #1176346 #1176347 #1176348 #1176349 #1176350 Cross-References: CVE-2020-14364 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - Various bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2787=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2787=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2787=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2787=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2787=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2787=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2787=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_12-3.74.1 xen-debugsource-4.9.4_12-3.74.1 xen-doc-html-4.9.4_12-3.74.1 xen-libs-32bit-4.9.4_12-3.74.1 xen-libs-4.9.4_12-3.74.1 xen-libs-debuginfo-32bit-4.9.4_12-3.74.1 xen-libs-debuginfo-4.9.4_12-3.74.1 xen-tools-4.9.4_12-3.74.1 xen-tools-debuginfo-4.9.4_12-3.74.1 xen-tools-domU-4.9.4_12-3.74.1 xen-tools-domU-debuginfo-4.9.4_12-3.74.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_12-3.74.1 xen-debugsource-4.9.4_12-3.74.1 xen-doc-html-4.9.4_12-3.74.1 xen-libs-32bit-4.9.4_12-3.74.1 xen-libs-4.9.4_12-3.74.1 xen-libs-debuginfo-32bit-4.9.4_12-3.74.1 xen-libs-debuginfo-4.9.4_12-3.74.1 xen-tools-4.9.4_12-3.74.1 xen-tools-debuginfo-4.9.4_12-3.74.1 xen-tools-domU-4.9.4_12-3.74.1 xen-tools-domU-debuginfo-4.9.4_12-3.74.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_12-3.74.1 xen-debugsource-4.9.4_12-3.74.1 xen-doc-html-4.9.4_12-3.74.1 xen-libs-32bit-4.9.4_12-3.74.1 xen-libs-4.9.4_12-3.74.1 xen-libs-debuginfo-32bit-4.9.4_12-3.74.1 xen-libs-debuginfo-4.9.4_12-3.74.1 xen-tools-4.9.4_12-3.74.1 xen-tools-debuginfo-4.9.4_12-3.74.1 xen-tools-domU-4.9.4_12-3.74.1 xen-tools-domU-debuginfo-4.9.4_12-3.74.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_12-3.74.1 xen-debugsource-4.9.4_12-3.74.1 xen-doc-html-4.9.4_12-3.74.1 xen-libs-32bit-4.9.4_12-3.74.1 xen-libs-4.9.4_12-3.74.1 xen-libs-debuginfo-32bit-4.9.4_12-3.74.1 xen-libs-debuginfo-4.9.4_12-3.74.1 xen-tools-4.9.4_12-3.74.1 xen-tools-debuginfo-4.9.4_12-3.74.1 xen-tools-domU-4.9.4_12-3.74.1 xen-tools-domU-debuginfo-4.9.4_12-3.74.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_12-3.74.1 xen-debugsource-4.9.4_12-3.74.1 xen-doc-html-4.9.4_12-3.74.1 xen-libs-32bit-4.9.4_12-3.74.1 xen-libs-4.9.4_12-3.74.1 xen-libs-debuginfo-32bit-4.9.4_12-3.74.1 xen-libs-debuginfo-4.9.4_12-3.74.1 xen-tools-4.9.4_12-3.74.1 xen-tools-debuginfo-4.9.4_12-3.74.1 xen-tools-domU-4.9.4_12-3.74.1 xen-tools-domU-debuginfo-4.9.4_12-3.74.1 - SUSE Enterprise Storage 5 (x86_64): xen-4.9.4_12-3.74.1 xen-debugsource-4.9.4_12-3.74.1 xen-doc-html-4.9.4_12-3.74.1 xen-libs-32bit-4.9.4_12-3.74.1 xen-libs-4.9.4_12-3.74.1 xen-libs-debuginfo-32bit-4.9.4_12-3.74.1 xen-libs-debuginfo-4.9.4_12-3.74.1 xen-tools-4.9.4_12-3.74.1 xen-tools-debuginfo-4.9.4_12-3.74.1 xen-tools-domU-4.9.4_12-3.74.1 xen-tools-domU-debuginfo-4.9.4_12-3.74.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_12-3.74.1 xen-debugsource-4.9.4_12-3.74.1 xen-doc-html-4.9.4_12-3.74.1 xen-libs-32bit-4.9.4_12-3.74.1 xen-libs-4.9.4_12-3.74.1 xen-libs-debuginfo-32bit-4.9.4_12-3.74.1 xen-libs-debuginfo-4.9.4_12-3.74.1 xen-tools-4.9.4_12-3.74.1 xen-tools-debuginfo-4.9.4_12-3.74.1 xen-tools-domU-4.9.4_12-3.74.1 xen-tools-domU-debuginfo-4.9.4_12-3.74.1 References: https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-25595.html https://www.suse.com/security/cve/CVE-2020-25596.html https://www.suse.com/security/cve/CVE-2020-25597.html https://www.suse.com/security/cve/CVE-2020-25599.html https://www.suse.com/security/cve/CVE-2020-25600.html https://www.suse.com/security/cve/CVE-2020-25601.html https://www.suse.com/security/cve/CVE-2020-25603.html https://www.suse.com/security/cve/CVE-2020-25604.html https://bugzilla.suse.com/1175534 https://bugzilla.suse.com/1176343 https://bugzilla.suse.com/1176344 https://bugzilla.suse.com/1176345 https://bugzilla.suse.com/1176346 https://bugzilla.suse.com/1176347 https://bugzilla.suse.com/1176348 https://bugzilla.suse.com/1176349 https://bugzilla.suse.com/1176350 From sle-updates at lists.suse.com Tue Sep 29 10:26:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:26:34 +0200 (CEST) Subject: SUSE-SU-2020:2785-1: moderate: Security update for pdns Message-ID: <20200929162634.87162FCE2@maintenance.suse.de> SUSE Security Update: Security update for pdns ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2785-1 Rating: moderate References: #1176535 SOC-11392 Cross-References: CVE-2020-17482 Affected Products: SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for pdns fixes the following issues: - CVE-2020-17482: Fixed an issue where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory (bsc#1176535). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2785=1 Package List: - SUSE OpenStack Cloud 9 (x86_64): pdns-4.1.8-3.6.1 pdns-backend-mysql-4.1.8-3.6.1 pdns-backend-mysql-debuginfo-4.1.8-3.6.1 pdns-debuginfo-4.1.8-3.6.1 pdns-debugsource-4.1.8-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-17482.html https://bugzilla.suse.com/1176535 From sle-updates at lists.suse.com Tue Sep 29 10:27:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:27:24 +0200 (CEST) Subject: SUSE-SU-2020:2790-1: important: Security update for xen Message-ID: <20200929162724.09D41FCE2@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2790-1 Rating: important References: #1027519 #1176339 #1176341 #1176343 #1176344 #1176345 #1176346 #1176347 #1176348 #1176349 #1176350 Cross-References: CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25598 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - Various bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2790=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2790=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (x86_64): xen-4.12.3_08-3.28.1 xen-debugsource-4.12.3_08-3.28.1 xen-devel-4.12.3_08-3.28.1 xen-tools-4.12.3_08-3.28.1 xen-tools-debuginfo-4.12.3_08-3.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): xen-debugsource-4.12.3_08-3.28.1 xen-libs-4.12.3_08-3.28.1 xen-libs-debuginfo-4.12.3_08-3.28.1 xen-tools-domU-4.12.3_08-3.28.1 xen-tools-domU-debuginfo-4.12.3_08-3.28.1 References: https://www.suse.com/security/cve/CVE-2020-25595.html https://www.suse.com/security/cve/CVE-2020-25596.html https://www.suse.com/security/cve/CVE-2020-25597.html https://www.suse.com/security/cve/CVE-2020-25598.html https://www.suse.com/security/cve/CVE-2020-25599.html https://www.suse.com/security/cve/CVE-2020-25600.html https://www.suse.com/security/cve/CVE-2020-25601.html https://www.suse.com/security/cve/CVE-2020-25602.html https://www.suse.com/security/cve/CVE-2020-25603.html https://www.suse.com/security/cve/CVE-2020-25604.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1176339 https://bugzilla.suse.com/1176341 https://bugzilla.suse.com/1176343 https://bugzilla.suse.com/1176344 https://bugzilla.suse.com/1176345 https://bugzilla.suse.com/1176346 https://bugzilla.suse.com/1176347 https://bugzilla.suse.com/1176348 https://bugzilla.suse.com/1176349 https://bugzilla.suse.com/1176350 From sle-updates at lists.suse.com Tue Sep 29 10:29:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:29:23 +0200 (CEST) Subject: SUSE-RU-2020:2793-1: moderate: Recommended update for hyper-v Message-ID: <20200929162923.E5502FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for hyper-v ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2793-1 Rating: moderate References: #1116957 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hyper-v fixes the following issues: - Fixes an issue when hyper-v services not running after booting from SLES12SP3 ISO. (bsc#1116957) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2793=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2793=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2793=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2793=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2793=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2793=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2793=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2793=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2793=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2793=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2793=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): hyper-v-8-24.1 hyper-v-debuginfo-8-24.1 hyper-v-debugsource-8-24.1 - SUSE OpenStack Cloud 8 (x86_64): hyper-v-8-24.1 hyper-v-debuginfo-8-24.1 hyper-v-debugsource-8-24.1 - SUSE OpenStack Cloud 7 (x86_64): hyper-v-8-24.1 hyper-v-debuginfo-8-24.1 hyper-v-debugsource-8-24.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): hyper-v-8-24.1 hyper-v-debuginfo-8-24.1 hyper-v-debugsource-8-24.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): hyper-v-8-24.1 hyper-v-debuginfo-8-24.1 hyper-v-debugsource-8-24.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): hyper-v-8-24.1 hyper-v-debuginfo-8-24.1 hyper-v-debugsource-8-24.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): hyper-v-8-24.1 hyper-v-debuginfo-8-24.1 hyper-v-debugsource-8-24.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): hyper-v-8-24.1 hyper-v-debuginfo-8-24.1 hyper-v-debugsource-8-24.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): hyper-v-8-24.1 hyper-v-debuginfo-8-24.1 hyper-v-debugsource-8-24.1 - SUSE Enterprise Storage 5 (x86_64): hyper-v-8-24.1 hyper-v-debuginfo-8-24.1 hyper-v-debugsource-8-24.1 - HPE Helion Openstack 8 (x86_64): hyper-v-8-24.1 hyper-v-debuginfo-8-24.1 hyper-v-debugsource-8-24.1 References: https://bugzilla.suse.com/1116957 From sle-updates at lists.suse.com Tue Sep 29 10:30:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:30:16 +0200 (CEST) Subject: SUSE-RU-2020:2796-1: moderate: Recommended update for hyper-v Message-ID: <20200929163016.31140FCE2@maintenance.suse.de> SUSE Recommended Update: Recommended update for hyper-v ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2796-1 Rating: moderate References: #1116957 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hyper-v fixes the following issues: - Fixes an issue when hyper-v services not running after booting from SLES12SP3 ISO. (bsc#1116957) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2796=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): hyper-v-8-14.6.1 hyper-v-debuginfo-8-14.6.1 hyper-v-debugsource-8-14.6.1 References: https://bugzilla.suse.com/1116957 From sle-updates at lists.suse.com Tue Sep 29 10:31:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 18:31:09 +0200 (CEST) Subject: SUSE-SU-2020:2788-1: important: Security update for xen Message-ID: <20200929163109.7938FFCE2@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2788-1 Rating: important References: #1027519 #1175534 #1176339 #1176341 #1176343 #1176344 #1176345 #1176346 #1176347 #1176348 #1176349 #1176350 Cross-References: CVE-2020-14364 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25598 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - Various bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2788=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2788=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.3_08-3.24.1 xen-devel-4.12.3_08-3.24.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.3_08-3.24.1 xen-debugsource-4.12.3_08-3.24.1 xen-doc-html-4.12.3_08-3.24.1 xen-libs-32bit-4.12.3_08-3.24.1 xen-libs-4.12.3_08-3.24.1 xen-libs-debuginfo-32bit-4.12.3_08-3.24.1 xen-libs-debuginfo-4.12.3_08-3.24.1 xen-tools-4.12.3_08-3.24.1 xen-tools-debuginfo-4.12.3_08-3.24.1 xen-tools-domU-4.12.3_08-3.24.1 xen-tools-domU-debuginfo-4.12.3_08-3.24.1 References: https://www.suse.com/security/cve/CVE-2020-14364.html https://www.suse.com/security/cve/CVE-2020-25595.html https://www.suse.com/security/cve/CVE-2020-25596.html https://www.suse.com/security/cve/CVE-2020-25597.html https://www.suse.com/security/cve/CVE-2020-25598.html https://www.suse.com/security/cve/CVE-2020-25599.html https://www.suse.com/security/cve/CVE-2020-25600.html https://www.suse.com/security/cve/CVE-2020-25601.html https://www.suse.com/security/cve/CVE-2020-25602.html https://www.suse.com/security/cve/CVE-2020-25603.html https://www.suse.com/security/cve/CVE-2020-25604.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1175534 https://bugzilla.suse.com/1176339 https://bugzilla.suse.com/1176341 https://bugzilla.suse.com/1176343 https://bugzilla.suse.com/1176344 https://bugzilla.suse.com/1176345 https://bugzilla.suse.com/1176346 https://bugzilla.suse.com/1176347 https://bugzilla.suse.com/1176348 https://bugzilla.suse.com/1176349 https://bugzilla.suse.com/1176350 From sle-updates at lists.suse.com Tue Sep 29 13:13:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 29 Sep 2020 21:13:33 +0200 (CEST) Subject: SUSE-OU-2020:2797-1: moderate: Optional update for adding Grafana dashboards to SLES for SAP Message-ID: <20200929191333.0468BFCEB@maintenance.suse.de> SUSE Optional Update: Optional update for adding Grafana dashboards to SLES for SAP ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2797-1 Rating: moderate References: ECO-2430 SLE-10545 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has 0 optional fixes and contains two features can now be installed. Description: This update adds grafana-ha-cluster-dashboards, grafana-sap-hana-dashboards, grafana-sap-netweaver-dashboards, grafana-sap-providers to SLES for SAP (jsc#ECO-2430, jsc#SLE-10545) grafana-ha-cluster-dashboards (jsc#ECO-2430, jsc#SLE-10545): - Release 1.0.3 * don't use require Grafana, use recommends * fix permissions accordingly * fix minor typo on dashboard spec file * update title and description * fixed datasource variable initialization * minor Grafana 7 compatibility fixes grafana-sap-hana-dashboards (jsc#ECO-2430, jsc#SLE-10545): - Release 1.0.2 * Remove useless macro and fix typo in the meanwhile * Remove "detail" word from file names for simplicity * Update title and description grafana-sap-netweaver-dashboards (jsc#ECO-2430, jsc#SLE-10545): - Release 1.0.2 * Remove useless macro and fix typo in the meanwhile * Update schema to Grafana 7 * Update title and description grafana-sap-providers: - Version 1.1 (jsc#ECO-2430, jsc#SLE-10545): * use recommends instead of requires on Grafana (jsc#SLE-10545) * change attributes on provisioning dir, otherwise grafana fails to start * create Grafana user and groups to fix permissions Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-2797=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2797=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2797=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): grafana-ha-cluster-dashboards-1.0.3+git.1600360477.8b8f9ce-1.3.1 grafana-sap-hana-dashboards-1.0.2+git.1600361067.f7c00d1-1.3.1 grafana-sap-netweaver-dashboards-1.0.2+git.1600360936.17d0dbe-1.3.1 grafana-sap-providers-1.1-1.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): grafana-ha-cluster-dashboards-1.0.3+git.1600360477.8b8f9ce-1.3.1 grafana-sap-hana-dashboards-1.0.2+git.1600361067.f7c00d1-1.3.1 grafana-sap-netweaver-dashboards-1.0.2+git.1600360936.17d0dbe-1.3.1 grafana-sap-providers-1.1-1.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): grafana-ha-cluster-dashboards-1.0.3+git.1600360477.8b8f9ce-1.3.1 grafana-sap-hana-dashboards-1.0.2+git.1600361067.f7c00d1-1.3.1 grafana-sap-netweaver-dashboards-1.0.2+git.1600360936.17d0dbe-1.3.1 grafana-sap-providers-1.1-1.3.1 References: From sle-updates at lists.suse.com Wed Sep 30 04:14:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2020 12:14:37 +0200 (CEST) Subject: SUSE-RU-2020:2799-1: moderate: Recommended update for gnome-tweaks Message-ID: <20200930101437.EF638FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-tweaks ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2799-1 Rating: moderate References: #1162080 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-tweaks fixes the following issues: - Fix for Gnome-tweaks as titlebar starts flickering when setting button placement to left. (bsc#1162080, glgo#GNOME/gnome-tweaks#245) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2799=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gnome-tweaks-3.34.0-3.3.1 gnome-tweaks-lang-3.34.0-3.3.1 References: https://bugzilla.suse.com/1162080 From sle-updates at lists.suse.com Wed Sep 30 04:16:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2020 12:16:21 +0200 (CEST) Subject: SUSE-RU-2020:2798-1: moderate: Recommended update for python-shaptools, salt-shaptools, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula Message-ID: <20200930101621.A68D8FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-shaptools, salt-shaptools, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2798-1 Rating: moderate References: #1174994 #1175709 SLE-4047 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for python-shaptools fixes the following issues: - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) - Fix issue when secondary registration fails after a successful 'SSFS' files copy process. Now the registration return code will be checked in the new call. (bsc#1175709) This update for salt-shaptools fixes the following issues: - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) This update for habootstrap-formula fixes the following issues: - Include the pillar example file in package. (bsc#1174994) - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) This update for saphanabootstrap-formula fixes the following issues: - Include the pillar example file in package. (bsc#1174994) - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) This update for sapnwbootstrap-formula fixes the following issues: - Include the pillar example file in package. (bsc#1174994) - Fix how HANA database is started and stopped to work in multi host environment. sapcontrol commands are used instead of HDB now. (jsc#SLE-4047) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2020-2798=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2020-2798=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): habootstrap-formula-0.3.9+git.1600700065.14360cc-1.6.1 python3-shaptools-0.3.10+git.1600699158.46fca28-1.6.1 salt-shaptools-0.3.10+git.1600699854.f5950bc-1.6.1 saphanabootstrap-formula-0.6.0+git.1600699862.f34e262-1.6.1 sapnwbootstrap-formula-0.5.1+git.1600700160.9b359fd-1.6.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): habootstrap-formula-0.3.9+git.1600700065.14360cc-1.6.1 python3-shaptools-0.3.10+git.1600699158.46fca28-1.6.1 salt-shaptools-0.3.10+git.1600699854.f5950bc-1.6.1 saphanabootstrap-formula-0.6.0+git.1600699862.f34e262-1.6.1 sapnwbootstrap-formula-0.5.1+git.1600700160.9b359fd-1.6.1 References: https://bugzilla.suse.com/1174994 https://bugzilla.suse.com/1175709 From sle-updates at lists.suse.com Wed Sep 30 07:14:11 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2020 15:14:11 +0200 (CEST) Subject: SUSE-RU-2020:2803-1: moderate: Recommended update for system-role-common-criteria Message-ID: <20200930131411.5747AFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for system-role-common-criteria ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2803-1 Rating: moderate References: #1176982 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for system-role-common-criteria fixes the following issues: - Enable FIPS mode (bsc#1176982) - Added a yast2 client for common criteria mode Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2803=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): system-role-common-criteria-15.2.1-5.7.1 References: https://bugzilla.suse.com/1176982 From sle-updates at lists.suse.com Wed Sep 30 07:15:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2020 15:15:00 +0200 (CEST) Subject: SUSE-RU-2020:2801-1: moderate: Recommended update for fwupd Message-ID: <20200930131500.6328EFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for fwupd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2801-1 Rating: moderate References: SLE-11766 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for fwupd fixes the following issues: - Fix the existing differences for 'efidir' for opensuse Leap and SLE. (jsc#SLE-11766) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2801=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): fwupd-1.2.11-5.5.1 fwupd-debuginfo-1.2.11-5.5.1 fwupd-debugsource-1.2.11-5.5.1 fwupd-devel-1.2.11-5.5.1 libfwupd2-1.2.11-5.5.1 libfwupd2-debuginfo-1.2.11-5.5.1 typelib-1_0-Fwupd-2_0-1.2.11-5.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): fwupd-lang-1.2.11-5.5.1 References: From sle-updates at lists.suse.com Wed Sep 30 07:16:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2020 15:16:33 +0200 (CEST) Subject: SUSE-RU-2020:2804-1: moderate: Recommended update for xiterm Message-ID: <20200930131633.B4C6BFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for xiterm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2804-1 Rating: moderate References: #1158271 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xiterm fixes the following issues: - Fix for not enabled application keypad mode. (bsc#1158271) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2804=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2804=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2804=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2804=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libiterm-devel-0.5.20040304-5.3.1 xiterm-debuginfo-0.5.20040304-5.3.1 xiterm-debugsource-0.5.20040304-5.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): libiterm-devel-0.5.20040304-5.3.1 xiterm-debuginfo-0.5.20040304-5.3.1 xiterm-debugsource-0.5.20040304-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): fbiterm-0.5.20040304-5.3.1 fbiterm-debuginfo-0.5.20040304-5.3.1 libiterm1-0.5.20040304-5.3.1 libiterm1-debuginfo-0.5.20040304-5.3.1 xiterm-debuginfo-0.5.20040304-5.3.1 xiterm-debugsource-0.5.20040304-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): fbiterm-0.5.20040304-5.3.1 fbiterm-debuginfo-0.5.20040304-5.3.1 libiterm1-0.5.20040304-5.3.1 libiterm1-debuginfo-0.5.20040304-5.3.1 xiterm-debuginfo-0.5.20040304-5.3.1 xiterm-debugsource-0.5.20040304-5.3.1 References: https://bugzilla.suse.com/1158271 From sle-updates at lists.suse.com Wed Sep 30 07:17:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2020 15:17:27 +0200 (CEST) Subject: SUSE-SU-2020:2800-1: critical: Security update for nodejs8 Message-ID: <20200930131727.C0CA3FCEB@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2800-1 Rating: critical References: #1166916 #1172442 #1172443 #1172686 #1172728 #1173937 Cross-References: CVE-2020-11080 CVE-2020-15095 CVE-2020-7598 CVE-2020-8174 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for nodejs8 fixes the following issues: - CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443). - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442). - CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916) - CVE-2020-15095: Fixed information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686). - Add Require for nodejs8 when intalling npm8 (bsc#1172728) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2800=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-10.3.1 nodejs8-debuginfo-8.17.0-10.3.1 nodejs8-debugsource-8.17.0-10.3.1 nodejs8-devel-8.17.0-10.3.1 npm8-8.17.0-10.3.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs8-docs-8.17.0-10.3.1 References: https://www.suse.com/security/cve/CVE-2020-11080.html https://www.suse.com/security/cve/CVE-2020-15095.html https://www.suse.com/security/cve/CVE-2020-7598.html https://www.suse.com/security/cve/CVE-2020-8174.html https://bugzilla.suse.com/1166916 https://bugzilla.suse.com/1172442 https://bugzilla.suse.com/1172443 https://bugzilla.suse.com/1172686 https://bugzilla.suse.com/1172728 https://bugzilla.suse.com/1173937 From sle-updates at lists.suse.com Wed Sep 30 07:18:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2020 15:18:54 +0200 (CEST) Subject: SUSE-RU-2020:2805-1: moderate: Recommended update for drbd-utils Message-ID: <20200930131854.3FFFEFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2805-1 Rating: moderate References: #1176065 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd-utils fixes the following issues: - Fixed an issue when 'drbd-fencing' could not determine the master id of 'drbd' resource. (bsc#1176065) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2805=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2805=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): drbd-utils-9.13.0-3.3.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): drbd-utils-9.13.0-3.3.1 drbd-utils-debuginfo-9.13.0-3.3.1 drbd-utils-debugsource-9.13.0-3.3.1 References: https://bugzilla.suse.com/1176065 From sle-updates at lists.suse.com Wed Sep 30 07:19:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2020 15:19:53 +0200 (CEST) Subject: SUSE-RU-2020:2802-1: moderate: Recommended update for mozilla-nss Message-ID: <20200930131953.90EEBFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2802-1 Rating: moderate References: #1174697 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mozilla-nss fixes the following issues: - Fixes an issue for Mozilla Firefox which has failed in fips mode (bsc#1174697) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2802=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2802=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2802=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2802=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2802=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2802=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2802=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2802=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2802=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2802=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2802=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2802=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2802=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2802=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2802=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2802=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2802=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE OpenStack Cloud 8 (x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 - SUSE Enterprise Storage 5 (x86_64): libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 - HPE Helion Openstack 8 (x86_64): libfreebl3-3.53.1-58.51.1 libfreebl3-32bit-3.53.1-58.51.1 libfreebl3-debuginfo-3.53.1-58.51.1 libfreebl3-debuginfo-32bit-3.53.1-58.51.1 libfreebl3-hmac-3.53.1-58.51.1 libfreebl3-hmac-32bit-3.53.1-58.51.1 libsoftokn3-3.53.1-58.51.1 libsoftokn3-32bit-3.53.1-58.51.1 libsoftokn3-debuginfo-3.53.1-58.51.1 libsoftokn3-debuginfo-32bit-3.53.1-58.51.1 libsoftokn3-hmac-3.53.1-58.51.1 libsoftokn3-hmac-32bit-3.53.1-58.51.1 mozilla-nss-3.53.1-58.51.1 mozilla-nss-32bit-3.53.1-58.51.1 mozilla-nss-certs-3.53.1-58.51.1 mozilla-nss-certs-32bit-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-3.53.1-58.51.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debuginfo-3.53.1-58.51.1 mozilla-nss-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-debugsource-3.53.1-58.51.1 mozilla-nss-devel-3.53.1-58.51.1 mozilla-nss-sysinit-3.53.1-58.51.1 mozilla-nss-sysinit-32bit-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.51.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.51.1 mozilla-nss-tools-3.53.1-58.51.1 mozilla-nss-tools-debuginfo-3.53.1-58.51.1 References: https://bugzilla.suse.com/1174697 From sle-updates at lists.suse.com Wed Sep 30 10:13:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2020 18:13:44 +0200 (CEST) Subject: SUSE-SU-2020:2806-1: moderate: Security update for tar Message-ID: <20200930161344.90EB1FCEB@maintenance.suse.de> SUSE Security Update: Security update for tar ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2806-1 Rating: moderate References: #1120610 #1130496 Cross-References: CVE-2018-20482 CVE-2019-9923 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2806=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): tar-1.27.1-15.6.3 tar-debuginfo-1.27.1-15.6.3 tar-debugsource-1.27.1-15.6.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): tar-lang-1.27.1-15.6.3 References: https://www.suse.com/security/cve/CVE-2018-20482.html https://www.suse.com/security/cve/CVE-2019-9923.html https://bugzilla.suse.com/1120610 https://bugzilla.suse.com/1130496 From sle-updates at lists.suse.com Wed Sep 30 10:14:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2020 18:14:41 +0200 (CEST) Subject: SUSE-RU-2020:2810-1: moderate: Recommended update for lvm2 Message-ID: <20200930161441.ADFA6FCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2810-1 Rating: moderate References: #1123327 #1172597 #1173503 #1175110 #998893 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Fixed an issue where the system hangs for 90 seconds before it actually shuts down (bsc#1172597) - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) - Fixed an issue when lvm produces a large number of luns with error message "Too many open files". (bsc#1173503) - Fixes an issue when LVM initialization failed during reboot. (bsc#998893) - Fixed a misplaced parameter in the lvm configuration. (bsc#1123327) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2810=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2810=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2810=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2810=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-devel-1.02.149-9.41.1 lvm2-debuginfo-2.02.180-9.41.1 lvm2-debugsource-2.02.180-9.41.1 lvm2-devel-2.02.180-9.41.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-9.41.1 device-mapper-debuginfo-1.02.149-9.41.1 lvm2-2.02.180-9.41.1 lvm2-debuginfo-2.02.180-9.41.1 lvm2-debugsource-2.02.180-9.41.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): device-mapper-32bit-1.02.149-9.41.1 device-mapper-debuginfo-32bit-1.02.149-9.41.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.41.1 lvm2-clvm-debuginfo-2.02.180-9.41.1 lvm2-cmirrord-2.02.180-9.41.1 lvm2-cmirrord-debuginfo-2.02.180-9.41.1 lvm2-debuginfo-2.02.180-9.41.1 lvm2-debugsource-2.02.180-9.41.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.41.1 lvm2-clvm-debuginfo-2.02.180-9.41.1 lvm2-cmirrord-2.02.180-9.41.1 lvm2-cmirrord-debuginfo-2.02.180-9.41.1 lvm2-debuginfo-2.02.180-9.41.1 lvm2-debugsource-2.02.180-9.41.1 References: https://bugzilla.suse.com/1123327 https://bugzilla.suse.com/1172597 https://bugzilla.suse.com/1173503 https://bugzilla.suse.com/1175110 https://bugzilla.suse.com/998893 From sle-updates at lists.suse.com Wed Sep 30 10:16:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 30 Sep 2020 18:16:06 +0200 (CEST) Subject: SUSE-SU-2020:2807-1: moderate: Security update for aspell Message-ID: <20200930161606.6495AFCEB@maintenance.suse.de> SUSE Security Update: Security update for aspell ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2807-1 Rating: moderate References: #1161982 Cross-References: CVE-2019-20433 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for aspell fixes the following security issue: - CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2807=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2807=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): aspell-debuginfo-0.60.6.1-18.8.2 aspell-debugsource-0.60.6.1-18.8.2 aspell-devel-0.60.6.1-18.8.2 libpspell15-0.60.6.1-18.8.2 libpspell15-debuginfo-0.60.6.1-18.8.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): aspell-0.60.6.1-18.8.2 aspell-debuginfo-0.60.6.1-18.8.2 aspell-debugsource-0.60.6.1-18.8.2 aspell-ispell-0.60.6.1-18.8.2 libaspell15-0.60.6.1-18.8.2 libaspell15-debuginfo-0.60.6.1-18.8.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libaspell15-32bit-0.60.6.1-18.8.2 libaspell15-debuginfo-32bit-0.60.6.1-18.8.2 References: https://www.suse.com/security/cve/CVE-2019-20433.html https://bugzilla.suse.com/1161982