From sle-updates at lists.suse.com Tue Sep 1 00:00:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:00:16 +0200 (CEST) Subject: SUSE-CU-2020:421-1: Recommended update of registry/harbor-db Message-ID: <20200901060016.7CF0AFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:421-1 Container Tags : registry/harbor-db:2.0.2 , registry/harbor-db:2.0.2-rev1 , registry/harbor-db:2.0.2-rev1-build3.3 Container Release : 3.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:00:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:00:34 +0200 (CEST) Subject: SUSE-CU-2020:422-1: Recommended update of registry/harbor-jobservice Message-ID: <20200901060034.E56EEFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:422-1 Container Tags : registry/harbor-jobservice:2.0.2 , registry/harbor-jobservice:2.0.2-rev1 , registry/harbor-jobservice:2.0.2-rev1-build2.3 Container Release : 2.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:00:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:00:53 +0200 (CEST) Subject: SUSE-CU-2020:423-1: Recommended update of registry/harbor-nginx Message-ID: <20200901060053.B39FFFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:423-1 Container Tags : registry/harbor-nginx:2.0.2 , registry/harbor-nginx:2.0.2-rev1 , registry/harbor-nginx:2.0.2-rev1-build2.3 Container Release : 2.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:01:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:01:19 +0200 (CEST) Subject: SUSE-CU-2020:424-1: Recommended update of registry/harbor-portal Message-ID: <20200901060119.3E74CFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:424-1 Container Tags : registry/harbor-portal:2.0.2 , registry/harbor-portal:2.0.2-rev1 , registry/harbor-portal:2.0.2-rev1-build3.5 Container Release : 3.5 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:01:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:01:36 +0200 (CEST) Subject: SUSE-CU-2020:425-1: Recommended update of registry/harbor-redis Message-ID: <20200901060136.05D44FF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-redis ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:425-1 Container Tags : registry/harbor-redis:2.0.2 , registry/harbor-redis:2.0.2-rev1 , registry/harbor-redis:2.0.2-rev1-build2.3 Container Release : 2.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-redis was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:01:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:01:52 +0200 (CEST) Subject: SUSE-CU-2020:426-1: Recommended update of registry/harbor-registry Message-ID: <20200901060152.86E5CFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:426-1 Container Tags : registry/harbor-registry:2.0.2 , registry/harbor-registry:2.0.2-rev1 , registry/harbor-registry:2.0.2-rev1-build2.4 Container Release : 2.4 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:02:08 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:02:08 +0200 (CEST) Subject: SUSE-CU-2020:427-1: Recommended update of registry/harbor-registryctl Message-ID: <20200901060208.AC622FF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:427-1 Container Tags : registry/harbor-registryctl:2.0.2 , registry/harbor-registryctl:2.0.2-rev1 , registry/harbor-registryctl:2.0.2-rev1-build2.3 Container Release : 2.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 00:02:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 08:02:39 +0200 (CEST) Subject: SUSE-CU-2020:429-1: Recommended update of registry/harbor-trivy-adapter Message-ID: <20200901060239.9D95EFF0B@maintenance.suse.de> SUSE Container Update Advisory: registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:429-1 Container Tags : registry/harbor-trivy-adapter:2.0.2 , registry/harbor-trivy-adapter:2.0.2-rev1 , registry/harbor-trivy-adapter:2.0.2-rev1-build2.3 Container Release : 2.3 Severity : low Type : recommended References : 1170964 ----------------------------------------------------------------- The container registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) From sle-updates at lists.suse.com Tue Sep 1 04:17:00 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 12:17:00 +0200 (CEST) Subject: SUSE-SU-2020:2399-1: important: Security update for xorg-x11-server Message-ID: <20200901101700.3E517F403@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2399-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2399=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2399=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2399=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2399=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xorg-x11-server-1.19.6-4.11.1 xorg-x11-server-debuginfo-1.19.6-4.11.1 xorg-x11-server-debugsource-1.19.6-4.11.1 xorg-x11-server-extra-1.19.6-4.11.1 xorg-x11-server-extra-debuginfo-1.19.6-4.11.1 - SUSE OpenStack Cloud 9 (x86_64): xorg-x11-server-1.19.6-4.11.1 xorg-x11-server-debuginfo-1.19.6-4.11.1 xorg-x11-server-debugsource-1.19.6-4.11.1 xorg-x11-server-extra-1.19.6-4.11.1 xorg-x11-server-extra-debuginfo-1.19.6-4.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xorg-x11-server-1.19.6-4.11.1 xorg-x11-server-debuginfo-1.19.6-4.11.1 xorg-x11-server-debugsource-1.19.6-4.11.1 xorg-x11-server-extra-1.19.6-4.11.1 xorg-x11-server-extra-debuginfo-1.19.6-4.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.11.1 xorg-x11-server-debuginfo-1.19.6-4.11.1 xorg-x11-server-debugsource-1.19.6-4.11.1 xorg-x11-server-extra-1.19.6-4.11.1 xorg-x11-server-extra-debuginfo-1.19.6-4.11.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Tue Sep 1 04:18:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 12:18:10 +0200 (CEST) Subject: SUSE-SU-2020:2398-1: important: Security update for xorg-x11-server Message-ID: <20200901101810.2E626F403@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2398-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2398=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2398=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2398=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2398=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): xorg-x11-server-1.19.6-8.19.1 xorg-x11-server-debuginfo-1.19.6-8.19.1 xorg-x11-server-debugsource-1.19.6-8.19.1 xorg-x11-server-extra-1.19.6-8.19.1 xorg-x11-server-extra-debuginfo-1.19.6-8.19.1 xorg-x11-server-sdk-1.19.6-8.19.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): xorg-x11-server-1.19.6-8.19.1 xorg-x11-server-debuginfo-1.19.6-8.19.1 xorg-x11-server-debugsource-1.19.6-8.19.1 xorg-x11-server-extra-1.19.6-8.19.1 xorg-x11-server-extra-debuginfo-1.19.6-8.19.1 xorg-x11-server-sdk-1.19.6-8.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): xorg-x11-server-1.19.6-8.19.1 xorg-x11-server-debuginfo-1.19.6-8.19.1 xorg-x11-server-debugsource-1.19.6-8.19.1 xorg-x11-server-extra-1.19.6-8.19.1 xorg-x11-server-extra-debuginfo-1.19.6-8.19.1 xorg-x11-server-sdk-1.19.6-8.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): xorg-x11-server-1.19.6-8.19.1 xorg-x11-server-debuginfo-1.19.6-8.19.1 xorg-x11-server-debugsource-1.19.6-8.19.1 xorg-x11-server-extra-1.19.6-8.19.1 xorg-x11-server-extra-debuginfo-1.19.6-8.19.1 xorg-x11-server-sdk-1.19.6-8.19.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Tue Sep 1 04:19:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 12:19:23 +0200 (CEST) Subject: SUSE-SU-2020:2401-1: important: Security update for xorg-x11-server Message-ID: <20200901101923.2D9DAF403@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2401-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2401=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2401=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2401=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2401=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2401=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2401=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2401=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2401=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2401=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2401=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2401=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE OpenStack Cloud 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE OpenStack Cloud 7 (s390x x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 - HPE Helion Openstack 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.29.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.29.1 xorg-x11-server-debugsource-7.6_1.18.3-76.29.1 xorg-x11-server-extra-7.6_1.18.3-76.29.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.29.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Tue Sep 1 04:20:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 12:20:33 +0200 (CEST) Subject: SUSE-SU-2020:14475-1: important: Security update for xorg-x11-server Message-ID: <20200901102033.7094FF794@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14475-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xorg-x11-server-14475=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-server-14475=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-server-14475=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-server-14475=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.29.1 xorg-x11-server-7.4-27.122.29.1 xorg-x11-server-extra-7.4-27.122.29.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-Xvnc-7.4-27.122.29.1 xorg-x11-server-7.4-27.122.29.1 xorg-x11-server-extra-7.4-27.122.29.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.29.1 xorg-x11-server-debugsource-7.4-27.122.29.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.29.1 xorg-x11-server-debugsource-7.4-27.122.29.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Tue Sep 1 07:14:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:14:01 +0200 (CEST) Subject: SUSE-SU-2020:2403-1: moderate: Security update for php7 Message-ID: <20200901131401.C7F3FF794@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2403-1 Rating: moderate References: #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - fix CVE-2020-7068 [bsc#1175223]: Use of freed hash key in the phar_parse_zipfile function Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2403=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2403=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.0.7-50.97.1 php7-debugsource-7.0.7-50.97.1 php7-devel-7.0.7-50.97.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.0.7-50.97.1 apache2-mod_php7-debuginfo-7.0.7-50.97.1 php7-7.0.7-50.97.1 php7-bcmath-7.0.7-50.97.1 php7-bcmath-debuginfo-7.0.7-50.97.1 php7-bz2-7.0.7-50.97.1 php7-bz2-debuginfo-7.0.7-50.97.1 php7-calendar-7.0.7-50.97.1 php7-calendar-debuginfo-7.0.7-50.97.1 php7-ctype-7.0.7-50.97.1 php7-ctype-debuginfo-7.0.7-50.97.1 php7-curl-7.0.7-50.97.1 php7-curl-debuginfo-7.0.7-50.97.1 php7-dba-7.0.7-50.97.1 php7-dba-debuginfo-7.0.7-50.97.1 php7-debuginfo-7.0.7-50.97.1 php7-debugsource-7.0.7-50.97.1 php7-dom-7.0.7-50.97.1 php7-dom-debuginfo-7.0.7-50.97.1 php7-enchant-7.0.7-50.97.1 php7-enchant-debuginfo-7.0.7-50.97.1 php7-exif-7.0.7-50.97.1 php7-exif-debuginfo-7.0.7-50.97.1 php7-fastcgi-7.0.7-50.97.1 php7-fastcgi-debuginfo-7.0.7-50.97.1 php7-fileinfo-7.0.7-50.97.1 php7-fileinfo-debuginfo-7.0.7-50.97.1 php7-fpm-7.0.7-50.97.1 php7-fpm-debuginfo-7.0.7-50.97.1 php7-ftp-7.0.7-50.97.1 php7-ftp-debuginfo-7.0.7-50.97.1 php7-gd-7.0.7-50.97.1 php7-gd-debuginfo-7.0.7-50.97.1 php7-gettext-7.0.7-50.97.1 php7-gettext-debuginfo-7.0.7-50.97.1 php7-gmp-7.0.7-50.97.1 php7-gmp-debuginfo-7.0.7-50.97.1 php7-iconv-7.0.7-50.97.1 php7-iconv-debuginfo-7.0.7-50.97.1 php7-imap-7.0.7-50.97.1 php7-imap-debuginfo-7.0.7-50.97.1 php7-intl-7.0.7-50.97.1 php7-intl-debuginfo-7.0.7-50.97.1 php7-json-7.0.7-50.97.1 php7-json-debuginfo-7.0.7-50.97.1 php7-ldap-7.0.7-50.97.1 php7-ldap-debuginfo-7.0.7-50.97.1 php7-mbstring-7.0.7-50.97.1 php7-mbstring-debuginfo-7.0.7-50.97.1 php7-mcrypt-7.0.7-50.97.1 php7-mcrypt-debuginfo-7.0.7-50.97.1 php7-mysql-7.0.7-50.97.1 php7-mysql-debuginfo-7.0.7-50.97.1 php7-odbc-7.0.7-50.97.1 php7-odbc-debuginfo-7.0.7-50.97.1 php7-opcache-7.0.7-50.97.1 php7-opcache-debuginfo-7.0.7-50.97.1 php7-openssl-7.0.7-50.97.1 php7-openssl-debuginfo-7.0.7-50.97.1 php7-pcntl-7.0.7-50.97.1 php7-pcntl-debuginfo-7.0.7-50.97.1 php7-pdo-7.0.7-50.97.1 php7-pdo-debuginfo-7.0.7-50.97.1 php7-pgsql-7.0.7-50.97.1 php7-pgsql-debuginfo-7.0.7-50.97.1 php7-phar-7.0.7-50.97.1 php7-phar-debuginfo-7.0.7-50.97.1 php7-posix-7.0.7-50.97.1 php7-posix-debuginfo-7.0.7-50.97.1 php7-pspell-7.0.7-50.97.1 php7-pspell-debuginfo-7.0.7-50.97.1 php7-shmop-7.0.7-50.97.1 php7-shmop-debuginfo-7.0.7-50.97.1 php7-snmp-7.0.7-50.97.1 php7-snmp-debuginfo-7.0.7-50.97.1 php7-soap-7.0.7-50.97.1 php7-soap-debuginfo-7.0.7-50.97.1 php7-sockets-7.0.7-50.97.1 php7-sockets-debuginfo-7.0.7-50.97.1 php7-sqlite-7.0.7-50.97.1 php7-sqlite-debuginfo-7.0.7-50.97.1 php7-sysvmsg-7.0.7-50.97.1 php7-sysvmsg-debuginfo-7.0.7-50.97.1 php7-sysvsem-7.0.7-50.97.1 php7-sysvsem-debuginfo-7.0.7-50.97.1 php7-sysvshm-7.0.7-50.97.1 php7-sysvshm-debuginfo-7.0.7-50.97.1 php7-tokenizer-7.0.7-50.97.1 php7-tokenizer-debuginfo-7.0.7-50.97.1 php7-wddx-7.0.7-50.97.1 php7-wddx-debuginfo-7.0.7-50.97.1 php7-xmlreader-7.0.7-50.97.1 php7-xmlreader-debuginfo-7.0.7-50.97.1 php7-xmlrpc-7.0.7-50.97.1 php7-xmlrpc-debuginfo-7.0.7-50.97.1 php7-xmlwriter-7.0.7-50.97.1 php7-xmlwriter-debuginfo-7.0.7-50.97.1 php7-xsl-7.0.7-50.97.1 php7-xsl-debuginfo-7.0.7-50.97.1 php7-zip-7.0.7-50.97.1 php7-zip-debuginfo-7.0.7-50.97.1 php7-zlib-7.0.7-50.97.1 php7-zlib-debuginfo-7.0.7-50.97.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php7-pear-7.0.7-50.97.1 php7-pear-Archive_Tar-7.0.7-50.97.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Tue Sep 1 07:14:53 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:14:53 +0200 (CEST) Subject: SUSE-SU-2020:2409-1: moderate: Security update for freerdp Message-ID: <20200901131453.82542F794@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2409-1 Rating: moderate References: #1174321 Cross-References: CVE-2020-15103 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for freerdp fixes the following issues: - CVE-2020-15103: Fix integer overflow due to missing input sanitation in rdpegfx channel (bsc#1174321). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2409=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): freerdp-2.1.2-10.18.1 freerdp-debuginfo-2.1.2-10.18.1 freerdp-debugsource-2.1.2-10.18.1 freerdp-devel-2.1.2-10.18.1 libfreerdp2-2.1.2-10.18.1 libfreerdp2-debuginfo-2.1.2-10.18.1 libwinpr2-2.1.2-10.18.1 libwinpr2-debuginfo-2.1.2-10.18.1 winpr2-devel-2.1.2-10.18.1 References: https://www.suse.com/security/cve/CVE-2020-15103.html https://bugzilla.suse.com/1174321 From sle-updates at lists.suse.com Tue Sep 1 07:15:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:15:45 +0200 (CEST) Subject: SUSE-SU-2020:2404-1: moderate: Security update for php74 Message-ID: <20200901131545.B8323F794@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2404-1 Rating: moderate References: #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php74 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2404=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2404=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.6-1.8.1 php74-debugsource-7.4.6-1.8.1 php74-devel-7.4.6-1.8.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.6-1.8.1 apache2-mod_php74-debuginfo-7.4.6-1.8.1 php74-7.4.6-1.8.1 php74-bcmath-7.4.6-1.8.1 php74-bcmath-debuginfo-7.4.6-1.8.1 php74-bz2-7.4.6-1.8.1 php74-bz2-debuginfo-7.4.6-1.8.1 php74-calendar-7.4.6-1.8.1 php74-calendar-debuginfo-7.4.6-1.8.1 php74-ctype-7.4.6-1.8.1 php74-ctype-debuginfo-7.4.6-1.8.1 php74-curl-7.4.6-1.8.1 php74-curl-debuginfo-7.4.6-1.8.1 php74-dba-7.4.6-1.8.1 php74-dba-debuginfo-7.4.6-1.8.1 php74-debuginfo-7.4.6-1.8.1 php74-debugsource-7.4.6-1.8.1 php74-dom-7.4.6-1.8.1 php74-dom-debuginfo-7.4.6-1.8.1 php74-enchant-7.4.6-1.8.1 php74-enchant-debuginfo-7.4.6-1.8.1 php74-exif-7.4.6-1.8.1 php74-exif-debuginfo-7.4.6-1.8.1 php74-fastcgi-7.4.6-1.8.1 php74-fastcgi-debuginfo-7.4.6-1.8.1 php74-fileinfo-7.4.6-1.8.1 php74-fileinfo-debuginfo-7.4.6-1.8.1 php74-fpm-7.4.6-1.8.1 php74-fpm-debuginfo-7.4.6-1.8.1 php74-ftp-7.4.6-1.8.1 php74-ftp-debuginfo-7.4.6-1.8.1 php74-gd-7.4.6-1.8.1 php74-gd-debuginfo-7.4.6-1.8.1 php74-gettext-7.4.6-1.8.1 php74-gettext-debuginfo-7.4.6-1.8.1 php74-gmp-7.4.6-1.8.1 php74-gmp-debuginfo-7.4.6-1.8.1 php74-iconv-7.4.6-1.8.1 php74-iconv-debuginfo-7.4.6-1.8.1 php74-intl-7.4.6-1.8.1 php74-intl-debuginfo-7.4.6-1.8.1 php74-json-7.4.6-1.8.1 php74-json-debuginfo-7.4.6-1.8.1 php74-ldap-7.4.6-1.8.1 php74-ldap-debuginfo-7.4.6-1.8.1 php74-mbstring-7.4.6-1.8.1 php74-mbstring-debuginfo-7.4.6-1.8.1 php74-mysql-7.4.6-1.8.1 php74-mysql-debuginfo-7.4.6-1.8.1 php74-odbc-7.4.6-1.8.1 php74-odbc-debuginfo-7.4.6-1.8.1 php74-opcache-7.4.6-1.8.1 php74-opcache-debuginfo-7.4.6-1.8.1 php74-openssl-7.4.6-1.8.1 php74-openssl-debuginfo-7.4.6-1.8.1 php74-pcntl-7.4.6-1.8.1 php74-pcntl-debuginfo-7.4.6-1.8.1 php74-pdo-7.4.6-1.8.1 php74-pdo-debuginfo-7.4.6-1.8.1 php74-pgsql-7.4.6-1.8.1 php74-pgsql-debuginfo-7.4.6-1.8.1 php74-phar-7.4.6-1.8.1 php74-phar-debuginfo-7.4.6-1.8.1 php74-posix-7.4.6-1.8.1 php74-posix-debuginfo-7.4.6-1.8.1 php74-readline-7.4.6-1.8.1 php74-readline-debuginfo-7.4.6-1.8.1 php74-shmop-7.4.6-1.8.1 php74-shmop-debuginfo-7.4.6-1.8.1 php74-snmp-7.4.6-1.8.1 php74-snmp-debuginfo-7.4.6-1.8.1 php74-soap-7.4.6-1.8.1 php74-soap-debuginfo-7.4.6-1.8.1 php74-sockets-7.4.6-1.8.1 php74-sockets-debuginfo-7.4.6-1.8.1 php74-sodium-7.4.6-1.8.1 php74-sodium-debuginfo-7.4.6-1.8.1 php74-sqlite-7.4.6-1.8.1 php74-sqlite-debuginfo-7.4.6-1.8.1 php74-sysvmsg-7.4.6-1.8.1 php74-sysvmsg-debuginfo-7.4.6-1.8.1 php74-sysvsem-7.4.6-1.8.1 php74-sysvsem-debuginfo-7.4.6-1.8.1 php74-sysvshm-7.4.6-1.8.1 php74-sysvshm-debuginfo-7.4.6-1.8.1 php74-tidy-7.4.6-1.8.1 php74-tidy-debuginfo-7.4.6-1.8.1 php74-tokenizer-7.4.6-1.8.1 php74-tokenizer-debuginfo-7.4.6-1.8.1 php74-xmlreader-7.4.6-1.8.1 php74-xmlreader-debuginfo-7.4.6-1.8.1 php74-xmlrpc-7.4.6-1.8.1 php74-xmlrpc-debuginfo-7.4.6-1.8.1 php74-xmlwriter-7.4.6-1.8.1 php74-xmlwriter-debuginfo-7.4.6-1.8.1 php74-xsl-7.4.6-1.8.1 php74-xsl-debuginfo-7.4.6-1.8.1 php74-zip-7.4.6-1.8.1 php74-zip-debuginfo-7.4.6-1.8.1 php74-zlib-7.4.6-1.8.1 php74-zlib-debuginfo-7.4.6-1.8.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Tue Sep 1 07:16:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:16:36 +0200 (CEST) Subject: SUSE-SU-2020:2408-1: moderate: Security update for freerdp Message-ID: <20200901131636.1A760F794@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2408-1 Rating: moderate References: #1174321 Cross-References: CVE-2020-15103 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for freerdp fixes the following issues: - CVE-2020-15103: Fix integer overflow due to missing input sanitation in rdpegfx channel (bsc#1174321). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2408=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): freerdp-2.1.2-15.10.1 freerdp-debuginfo-2.1.2-15.10.1 freerdp-debugsource-2.1.2-15.10.1 freerdp-devel-2.1.2-15.10.1 libfreerdp2-2.1.2-15.10.1 libfreerdp2-debuginfo-2.1.2-15.10.1 libwinpr2-2.1.2-15.10.1 libwinpr2-debuginfo-2.1.2-15.10.1 winpr2-devel-2.1.2-15.10.1 References: https://www.suse.com/security/cve/CVE-2020-15103.html https://bugzilla.suse.com/1174321 From sle-updates at lists.suse.com Tue Sep 1 07:17:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:17:28 +0200 (CEST) Subject: SUSE-SU-2020:2405-1: moderate: Security update for php72 Message-ID: <20200901131728.12652F794@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2405-1 Rating: moderate References: #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php72 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2405=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2405=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.49.1 php72-debugsource-7.2.5-1.49.1 php72-devel-7.2.5-1.49.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.49.1 apache2-mod_php72-debuginfo-7.2.5-1.49.1 php72-7.2.5-1.49.1 php72-bcmath-7.2.5-1.49.1 php72-bcmath-debuginfo-7.2.5-1.49.1 php72-bz2-7.2.5-1.49.1 php72-bz2-debuginfo-7.2.5-1.49.1 php72-calendar-7.2.5-1.49.1 php72-calendar-debuginfo-7.2.5-1.49.1 php72-ctype-7.2.5-1.49.1 php72-ctype-debuginfo-7.2.5-1.49.1 php72-curl-7.2.5-1.49.1 php72-curl-debuginfo-7.2.5-1.49.1 php72-dba-7.2.5-1.49.1 php72-dba-debuginfo-7.2.5-1.49.1 php72-debuginfo-7.2.5-1.49.1 php72-debugsource-7.2.5-1.49.1 php72-dom-7.2.5-1.49.1 php72-dom-debuginfo-7.2.5-1.49.1 php72-enchant-7.2.5-1.49.1 php72-enchant-debuginfo-7.2.5-1.49.1 php72-exif-7.2.5-1.49.1 php72-exif-debuginfo-7.2.5-1.49.1 php72-fastcgi-7.2.5-1.49.1 php72-fastcgi-debuginfo-7.2.5-1.49.1 php72-fileinfo-7.2.5-1.49.1 php72-fileinfo-debuginfo-7.2.5-1.49.1 php72-fpm-7.2.5-1.49.1 php72-fpm-debuginfo-7.2.5-1.49.1 php72-ftp-7.2.5-1.49.1 php72-ftp-debuginfo-7.2.5-1.49.1 php72-gd-7.2.5-1.49.1 php72-gd-debuginfo-7.2.5-1.49.1 php72-gettext-7.2.5-1.49.1 php72-gettext-debuginfo-7.2.5-1.49.1 php72-gmp-7.2.5-1.49.1 php72-gmp-debuginfo-7.2.5-1.49.1 php72-iconv-7.2.5-1.49.1 php72-iconv-debuginfo-7.2.5-1.49.1 php72-imap-7.2.5-1.49.1 php72-imap-debuginfo-7.2.5-1.49.1 php72-intl-7.2.5-1.49.1 php72-intl-debuginfo-7.2.5-1.49.1 php72-json-7.2.5-1.49.1 php72-json-debuginfo-7.2.5-1.49.1 php72-ldap-7.2.5-1.49.1 php72-ldap-debuginfo-7.2.5-1.49.1 php72-mbstring-7.2.5-1.49.1 php72-mbstring-debuginfo-7.2.5-1.49.1 php72-mysql-7.2.5-1.49.1 php72-mysql-debuginfo-7.2.5-1.49.1 php72-odbc-7.2.5-1.49.1 php72-odbc-debuginfo-7.2.5-1.49.1 php72-opcache-7.2.5-1.49.1 php72-opcache-debuginfo-7.2.5-1.49.1 php72-openssl-7.2.5-1.49.1 php72-openssl-debuginfo-7.2.5-1.49.1 php72-pcntl-7.2.5-1.49.1 php72-pcntl-debuginfo-7.2.5-1.49.1 php72-pdo-7.2.5-1.49.1 php72-pdo-debuginfo-7.2.5-1.49.1 php72-pgsql-7.2.5-1.49.1 php72-pgsql-debuginfo-7.2.5-1.49.1 php72-phar-7.2.5-1.49.1 php72-phar-debuginfo-7.2.5-1.49.1 php72-posix-7.2.5-1.49.1 php72-posix-debuginfo-7.2.5-1.49.1 php72-pspell-7.2.5-1.49.1 php72-pspell-debuginfo-7.2.5-1.49.1 php72-readline-7.2.5-1.49.1 php72-readline-debuginfo-7.2.5-1.49.1 php72-shmop-7.2.5-1.49.1 php72-shmop-debuginfo-7.2.5-1.49.1 php72-snmp-7.2.5-1.49.1 php72-snmp-debuginfo-7.2.5-1.49.1 php72-soap-7.2.5-1.49.1 php72-soap-debuginfo-7.2.5-1.49.1 php72-sockets-7.2.5-1.49.1 php72-sockets-debuginfo-7.2.5-1.49.1 php72-sodium-7.2.5-1.49.1 php72-sodium-debuginfo-7.2.5-1.49.1 php72-sqlite-7.2.5-1.49.1 php72-sqlite-debuginfo-7.2.5-1.49.1 php72-sysvmsg-7.2.5-1.49.1 php72-sysvmsg-debuginfo-7.2.5-1.49.1 php72-sysvsem-7.2.5-1.49.1 php72-sysvsem-debuginfo-7.2.5-1.49.1 php72-sysvshm-7.2.5-1.49.1 php72-sysvshm-debuginfo-7.2.5-1.49.1 php72-tidy-7.2.5-1.49.1 php72-tidy-debuginfo-7.2.5-1.49.1 php72-tokenizer-7.2.5-1.49.1 php72-tokenizer-debuginfo-7.2.5-1.49.1 php72-wddx-7.2.5-1.49.1 php72-wddx-debuginfo-7.2.5-1.49.1 php72-xmlreader-7.2.5-1.49.1 php72-xmlreader-debuginfo-7.2.5-1.49.1 php72-xmlrpc-7.2.5-1.49.1 php72-xmlrpc-debuginfo-7.2.5-1.49.1 php72-xmlwriter-7.2.5-1.49.1 php72-xmlwriter-debuginfo-7.2.5-1.49.1 php72-xsl-7.2.5-1.49.1 php72-xsl-debuginfo-7.2.5-1.49.1 php72-zip-7.2.5-1.49.1 php72-zip-debuginfo-7.2.5-1.49.1 php72-zlib-7.2.5-1.49.1 php72-zlib-debuginfo-7.2.5-1.49.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.49.1 php72-pear-Archive_Tar-7.2.5-1.49.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Tue Sep 1 07:18:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 15:18:21 +0200 (CEST) Subject: SUSE-SU-2020:2407-1: important: Security update for xorg-x11-server Message-ID: <20200901131821.06E07F794@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2407-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2407=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2407=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.12.1 xorg-x11-server-debugsource-1.19.6-10.12.1 xorg-x11-server-sdk-1.19.6-10.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.12.1 xorg-x11-server-debuginfo-1.19.6-10.12.1 xorg-x11-server-debugsource-1.19.6-10.12.1 xorg-x11-server-extra-1.19.6-10.12.1 xorg-x11-server-extra-debuginfo-1.19.6-10.12.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Tue Sep 1 10:13:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:13:58 +0200 (CEST) Subject: SUSE-RU-2020:2414-1: moderate: Recommended update for SLES15-Migration Message-ID: <20200901161358.95A1CF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLES15-Migration ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2414-1 Rating: moderate References: #1173654 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SLES15-Migration fixes the following issues: - Added suse-migration-services version 2.0.13 Explicitly request python3-azuremetadata Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2414=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): SLES15-Migration-2.0.13-6 References: https://bugzilla.suse.com/1173654 From sle-updates at lists.suse.com Tue Sep 1 10:14:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:14:48 +0200 (CEST) Subject: SUSE-RU-2020:2415-1: moderate: Recommended update for python-kiwi Message-ID: <20200901161448.832B7F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2415-1 Rating: moderate References: #1096738 #1165730 #1172908 #1173226 #1173356 #1174009 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for python-kiwi contains the following fixes: - Bump version up to 9.21.7: This version upgrade includes several fixes: * Skip filesystem check for XFS prior xfs_grow running xfs_repair check isn't strictly necessary before resizing, and in some cases it may even prevent resizing by giving an error that would be cleared through mounting the fs (e.g. when the fs wasn't cleanly umounted, and thus letting xfs recover and replay its journal). Given that xfs can only grow online (while being mounted), this is sufficient to ensure that the fs is in a state where it can be resized. This is related to bsc#1174009. (bsc#1174009) * Fixed grub setup in EFI/BOOT directory kiwi copied the same grub.cfg file as it exists in boot/grub2 to the efi path. This is wrong as the setup in the efi boot directory is used to enable normal grub loading and not providing the user grub configuration. In addition the changes here makes sure that the early grub boot code is placed into the system in any EFI case except for secure boot when shim-install is present. If shim-install is present it also creates the early grub boot setup such that kiwi doesn't have to do it. This Fixes #1491 and Fixes bsc#1172908. (bsc#1172908) * Use rsync in inplace transfer mode Using the --inplace option in rsync helps to save space on syncing the rootfs data and prevents e.g OBS workers from running out of VM space when transfering root filesystem data. Also using --inplace allows to keep hardlinks intact. This is related to bsc#1096738. (bsc#1096738) * Don't keep copy of grub2-install in the system To prevent shim-install from calling grub2-install in uefi mode kiwi temporary replaces the tool by a noop. This acts as a workaround for an issue in shim-install. However the workaround left a file copy of grub2-install in the system which should not happen. This commit Fixes bsc#1173226 and Fixes #1490. (bsc#1173226) * Fixes live ISOs This commit fixes iso images. Due to a change introduced in c7ed1cf live ISOs were no longer booting as the rootfs.img filesystem was copied to the squashfs container while being still mounted. Because of that, at boot time, it refused to mount. This commit adds umount method for the filesystem base class, so it can be umounted before deleting the instance. Fixes #1489 and bsc#1173356. (bsc#1173356) * Support grub timeout_style parameter Grub supports a style setting that influences the display of the menu depending on the configured timeout value. With this patch kiwi allows to specify the style via a new bootloader parameter named timeout_style="hidden|countdown". If not set the grub default applies which shows the menu in any case. This Fixes bsc#1165730 and Fixes #1404. (bsc#1165730) * Use auto video mode as default for grub An explicit video mode 800x600 was used for grub if no video mode setup exists in the XML description. For grub this should better result in the auto mode. Related to bsc#1165730. (bsc#1165730) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2415=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2415=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.21.7-3.24.2 dracut-kiwi-live-9.21.7-3.24.2 dracut-kiwi-oem-dump-9.21.7-3.24.2 dracut-kiwi-oem-repart-9.21.7-3.24.2 dracut-kiwi-overlay-9.21.7-3.24.2 kiwi-man-pages-9.21.7-3.24.2 kiwi-tools-9.21.7-3.24.2 kiwi-tools-debuginfo-9.21.7-3.24.2 python-kiwi-debugsource-9.21.7-3.24.2 python3-kiwi-9.21.7-3.24.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): kiwi-pxeboot-9.21.7-3.24.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.21.7-3.24.2 dracut-kiwi-live-9.21.7-3.24.2 dracut-kiwi-oem-dump-9.21.7-3.24.2 dracut-kiwi-oem-repart-9.21.7-3.24.2 dracut-kiwi-overlay-9.21.7-3.24.2 kiwi-man-pages-9.21.7-3.24.2 kiwi-tools-9.21.7-3.24.2 kiwi-tools-debuginfo-9.21.7-3.24.2 python-kiwi-debugsource-9.21.7-3.24.2 python3-kiwi-9.21.7-3.24.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): kiwi-pxeboot-9.21.7-3.24.2 References: https://bugzilla.suse.com/1096738 https://bugzilla.suse.com/1165730 https://bugzilla.suse.com/1172908 https://bugzilla.suse.com/1173226 https://bugzilla.suse.com/1173356 https://bugzilla.suse.com/1174009 From sle-updates at lists.suse.com Tue Sep 1 10:17:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:17:54 +0200 (CEST) Subject: SUSE-RU-2020:2426-1: Recommended update for sysstat Message-ID: <20200901161754.2BD93F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for sysstat ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2426-1 Rating: low References: #1173593 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sysstat fixes the following issue: - sysstat was rebuild with a higher release number to adjust against other released 12 SP5 images, where the release number was too high. (bsc#1173593) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2426=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sysstat-12.0.2-20.8.1 sysstat-debuginfo-12.0.2-20.8.1 sysstat-debugsource-12.0.2-20.8.1 sysstat-isag-12.0.2-20.8.1 References: https://bugzilla.suse.com/1173593 From sle-updates at lists.suse.com Tue Sep 1 10:18:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:18:45 +0200 (CEST) Subject: SUSE-RU-2020:2416-1: moderate: Recommended update for python3-ec2imgutils Message-ID: <20200901161845.1E789F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-ec2imgutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2416-1 Rating: moderate References: #1172579 #1172948 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python3-ec2imgutils contains the following fixes: - Fixed an error, when an image gets deprecated using its name (bsc#1172948) - Added new utility ec2listimg to list images owned by the specified account - Fixed an error when an image is not allowed to be copied and shared with a specific account (bsc#1172579) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2416=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2416=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-ec2imgutils-9.0.0-3.17.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-ec2imgutils-9.0.0-3.17.1 References: https://bugzilla.suse.com/1172579 https://bugzilla.suse.com/1172948 From sle-updates at lists.suse.com Tue Sep 1 10:19:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:19:41 +0200 (CEST) Subject: SUSE-RU-2020:2424-1: moderate: Recommended update for yast2-rmt Message-ID: <20200901161941.29863F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-rmt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2424-1 Rating: moderate References: #1171555 #1172674 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-rmt fixes the following issues: - Handle Common Name length. (bsc#1172674) - Changed placeholders in translatable strings to support better the 'gettext' language format tags. (bsc#1171555) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2424=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): yast2-rmt-1.3.2-3.3.1 References: https://bugzilla.suse.com/1171555 https://bugzilla.suse.com/1172674 From sle-updates at lists.suse.com Tue Sep 1 10:20:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:20:38 +0200 (CEST) Subject: SUSE-RU-2020:2421-1: moderate: Recommended update for 389-ds Message-ID: <20200901162038.38BB7F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2421-1 Rating: moderate References: #1174057 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for 389-ds fixes the following issues: Update from version 1.4.2.14~git0.5ac5b02ce to version 1.4.2.16~git0.92afa2ea7: - Resolve upstream stability and fix rollup. (bsc#1174057) - dsidm ou delete fails - add more logconv stats for the new access log keywords - add new access log keywords for wtime and optime - Fix Allowed and Denied Ciphers lists - WebUI - UI - attr uniqueness - selecting empty subtree crashes cockpit - log warning when thread number is very different from autotuned value - Reindex task may create abandoned index file - Log an error when a search is fully unindexed - fix SLE15.2 install issps - dsctl fails with instance names that contain slapd- - Memory leaks in disk monitoring - Set the default minimum worker threads - Correct numSubordinates value for cn=monitor - dsctl and dsidm do not errors correctly when using JSON - Winsync setting winSyncWindowsFilter not working as expected - improve autotune defaults - Add option to healthcheck to list all the lint reports - UI - improve modal validation when creating an instance Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2421=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.2.16~git0.92afa2ea7-7.25.1 389-ds-debuginfo-1.4.2.16~git0.92afa2ea7-7.25.1 389-ds-debugsource-1.4.2.16~git0.92afa2ea7-7.25.1 389-ds-devel-1.4.2.16~git0.92afa2ea7-7.25.1 389-ds-snmp-1.4.2.16~git0.92afa2ea7-7.25.1 389-ds-snmp-debuginfo-1.4.2.16~git0.92afa2ea7-7.25.1 lib389-1.4.2.16~git0.92afa2ea7-7.25.1 libsvrcore0-1.4.2.16~git0.92afa2ea7-7.25.1 libsvrcore0-debuginfo-1.4.2.16~git0.92afa2ea7-7.25.1 References: https://bugzilla.suse.com/1174057 From sle-updates at lists.suse.com Tue Sep 1 10:21:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:21:27 +0200 (CEST) Subject: SUSE-RU-2020:2413-1: moderate: Recommended update for 389-ds Message-ID: <20200901162127.7C0BBF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2413-1 Rating: moderate References: #1174057 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for 389-ds fixes the following issues: Update from version 1.4.3.9~git0.3eb8617f6 to version 1.4.3.12~git0.9bc042902 - It should not be allowed to delete Managed Entry manually - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version - Fix instance name length for interactive install - JSON Error output has redundant messages - If dbhome directory is set online backup fails - Separate the BDB backend monitors - entryUSN is duplicated after memberOf operation - Fix disk_mon_check_diskspace types - Resolve upstream stability and fix rollup. (bsc#1174057) - Add option to reject internal unindexed searches - dsidm ou delete fails - add more logconv stats for the new access log keywords - db2ldif crashes when LDIF file can't be accessed - add new access log keywords for wtime and optime - Fix Allowed and Denied Ciphers lists - WebUI - UI - attr uniqueness - selecting empty subtree crashes cockpit - log warning when thread number is very different from autotuned value - Reindex task may create abandoned index file - Log an error when a search is fully unindexed - fix SLE15.2 install issps - dsctl fails with instance names that contain slapd- - Memory leaks in disk monitoring - nsIndexIDListScanLimit accepts any value - A distinguished value can be missing in an entry - Healthcheck should look for notes=A/F in access log - Set the default minimum worker threads - pwdReset can be modified by a user - Correct numSubordinates value for cn=monitor - dsctl and dsidm do not errors correctly when using JSON - Winsync setting winSyncWindowsFilter not working as expected - improve autotune defaults - Add option to healthcheck to list all the lint reports - UI - improve modal validation when creating an instance Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2413=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.3.12~git0.9bc042902-3.6.1 389-ds-debuginfo-1.4.3.12~git0.9bc042902-3.6.1 389-ds-debugsource-1.4.3.12~git0.9bc042902-3.6.1 389-ds-devel-1.4.3.12~git0.9bc042902-3.6.1 lib389-1.4.3.12~git0.9bc042902-3.6.1 libsvrcore0-1.4.3.12~git0.9bc042902-3.6.1 libsvrcore0-debuginfo-1.4.3.12~git0.9bc042902-3.6.1 References: https://bugzilla.suse.com/1174057 From sle-updates at lists.suse.com Tue Sep 1 10:25:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:25:14 +0200 (CEST) Subject: SUSE-RU-2020:2412-1: moderate: Recommended update for icewm-theme-branding Message-ID: <20200901162514.C4F67F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for icewm-theme-branding ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2412-1 Rating: moderate References: #1170420 #1173441 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for icewm-theme-branding fixes the following issue: - Fixed obsoletion of *icewm-config-upstream*. (bsc#1173441, bsc#1170420) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2412=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2412=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): icewm-theme-branding-1.2.4-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): icewm-theme-branding-1.2.4-3.12.1 References: https://bugzilla.suse.com/1170420 https://bugzilla.suse.com/1173441 From sle-updates at lists.suse.com Tue Sep 1 10:26:12 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:26:12 +0200 (CEST) Subject: SUSE-RU-2020:2410-1: Recommended update for pam Message-ID: <20200901162612.42F4DF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2410-1 Rating: low References: #1173593 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of pam fixes the following issue: - On some SUSE Linux Enterprise 12 SP5 based media from build.suse.com a pam version with a higher release number than the last update of pam was delivered. This update releases pam with a higher release number to align it with this media. (bsc#1173593) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2410=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2410=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): pam-debuginfo-1.1.8-24.33.1 pam-debugsource-1.1.8-24.33.1 pam-devel-1.1.8-24.33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): pam-1.1.8-24.33.1 pam-debuginfo-1.1.8-24.33.1 pam-debugsource-1.1.8-24.33.1 pam-extra-1.1.8-24.33.1 pam-extra-debuginfo-1.1.8-24.33.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): pam-32bit-1.1.8-24.33.1 pam-debuginfo-32bit-1.1.8-24.33.1 pam-extra-32bit-1.1.8-24.33.1 pam-extra-debuginfo-32bit-1.1.8-24.33.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): pam-doc-1.1.8-24.33.1 References: https://bugzilla.suse.com/1173593 From sle-updates at lists.suse.com Tue Sep 1 10:27:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:27:03 +0200 (CEST) Subject: SUSE-RU-2020:2418-1: moderate: Recommended update for golang-github-digitalocean-ceph_exporter Message-ID: <20200901162703.60856F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-digitalocean-ceph_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2418-1 Rating: moderate References: #1172772 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-digitalocean-ceph_exporter fixes the following issues: - Fix degraded/misplaced object count (bsc#1172772) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2418=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): golang-github-digitalocean-ceph_exporter-2.0.1+git20200709.6dd161d-4.12.1 References: https://bugzilla.suse.com/1172772 From sle-updates at lists.suse.com Tue Sep 1 10:29:52 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:29:52 +0200 (CEST) Subject: SUSE-RU-2020:2422-1: moderate: Recommended update for yast2-rmt Message-ID: <20200901162952.86838F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-rmt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2422-1 Rating: moderate References: #1171555 #1172674 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-rmt fixes the following issues: - Handle Common Name length. (bsc#1172674) - Changed placeholders in translatable strings to support better the 'gettext' language format tags. (bsc#1171555) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2422=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2422=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2422=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2422=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): yast2-rmt-1.3.2-3.24.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): yast2-rmt-1.3.2-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): yast2-rmt-1.3.2-3.24.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): yast2-rmt-1.3.2-3.24.1 References: https://bugzilla.suse.com/1171555 https://bugzilla.suse.com/1172674 From sle-updates at lists.suse.com Tue Sep 1 10:30:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:30:57 +0200 (CEST) Subject: SUSE-RU-2020:2425-1: moderate: Recommended update for nfs-utils Message-ID: <20200901163057.7809EF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2425-1 Rating: moderate References: #1174260 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nfs-utils fixes the following issues: - Fix a bug when concurrent 'gssd' requests arrive from kernel, causing hanging NFS mounts. (bsc#1174260) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2425=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2425=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.7.2 nfs-client-debuginfo-2.1.1-10.7.2 nfs-doc-2.1.1-10.7.2 nfs-kernel-server-2.1.1-10.7.2 nfs-kernel-server-debuginfo-2.1.1-10.7.2 nfs-utils-debuginfo-2.1.1-10.7.2 nfs-utils-debugsource-2.1.1-10.7.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-10.7.2 nfs-client-debuginfo-2.1.1-10.7.2 nfs-doc-2.1.1-10.7.2 nfs-kernel-server-2.1.1-10.7.2 nfs-kernel-server-debuginfo-2.1.1-10.7.2 nfs-utils-debuginfo-2.1.1-10.7.2 nfs-utils-debugsource-2.1.1-10.7.2 References: https://bugzilla.suse.com/1174260 From sle-updates at lists.suse.com Tue Sep 1 10:31:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:31:49 +0200 (CEST) Subject: SUSE-RU-2020:2420-1: moderate: Recommended update for zlib Message-ID: <20200901163149.C5CC2F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2420-1 Rating: moderate References: #1174551 #1174736 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2420=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2420=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2420=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2420=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): zlib-debugsource-1.2.11-3.15.1 zlib-devel-32bit-1.2.11-3.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): zlib-debugsource-1.2.11-3.15.1 zlib-devel-32bit-1.2.11-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.15.1 libminizip1-debuginfo-1.2.11-3.15.1 libz1-1.2.11-3.15.1 libz1-debuginfo-1.2.11-3.15.1 minizip-devel-1.2.11-3.15.1 zlib-debugsource-1.2.11-3.15.1 zlib-devel-1.2.11-3.15.1 zlib-devel-static-1.2.11-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libz1-32bit-1.2.11-3.15.1 libz1-32bit-debuginfo-1.2.11-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.15.1 libminizip1-debuginfo-1.2.11-3.15.1 libz1-1.2.11-3.15.1 libz1-debuginfo-1.2.11-3.15.1 minizip-devel-1.2.11-3.15.1 zlib-debugsource-1.2.11-3.15.1 zlib-devel-1.2.11-3.15.1 zlib-devel-static-1.2.11-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libz1-32bit-1.2.11-3.15.1 libz1-32bit-debuginfo-1.2.11-3.15.1 References: https://bugzilla.suse.com/1174551 https://bugzilla.suse.com/1174736 From sle-updates at lists.suse.com Tue Sep 1 10:32:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:32:48 +0200 (CEST) Subject: SUSE-RU-2020:2419-1: moderate: Recommended update for yast2-storage-ng Message-ID: <20200901163248.C55C4F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2419-1 Rating: moderate References: #1110413 #1115749 #1145269 #1172026 #1172548 #1173793 #1174469 #1174475 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for autoyast2, yast2-storage-ng and libstorage-ng provides the following fixes: Fixes in autoyast2: - Fix 'autoyast' and 'clone_system' command line interfaces (bsc#1172548): * autoyast: Add a list-modules command to list all known modules. * autoyast: Display the correct client name in the help text. * autoyast: 'file' and 'module' command are now equivalent. Both of them support setting 'filename' and 'modname' arguments. * clone_system: Add a 'filename' option instead of always using '/root/autoinst.xml'. * clone_system: Move the logic to find the clonable modules. - Move pre-scripts to the autoinit client running them just after the profile has been processed. (bsc#1110413) - Do not remove interfaces configuration by default when there is not networking section defined in the profile. (bsc#1173793) - Export ntp_policy as CDATA so that empty strings are preserved for the second_stage. (bsc#1172026) - Saving log files of postpartitioning-scripts. (bsc#1145269) Fixes in yast2-storage-ng and libstorage-ng: - Fixed detection of shadowed subvolumes for roles using separate LVM volume groups for each filesystem. (bsc#1174475) - AutoinstProposal now properly reports the proposal as failed when it fails to find the disks. (bsc#1174469) - AutoYaST: do not append a suffix to LVM Volume Group names unless it is needed. (bsc#1115749) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2419=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2419=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2020-2419=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.2.76-3.5.4 libstorage-ng-debugsource-4.2.76-3.5.4 libstorage-ng-utils-4.2.76-3.5.4 libstorage-ng-utils-debuginfo-4.2.76-3.5.4 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.2.76-3.5.4 libstorage-ng-debugsource-4.2.76-3.5.4 libstorage-ng-devel-4.2.76-3.5.4 libstorage-ng-ruby-4.2.76-3.5.4 libstorage-ng-ruby-debuginfo-4.2.76-3.5.4 libstorage-ng1-4.2.76-3.5.4 libstorage-ng1-debuginfo-4.2.76-3.5.4 yast2-storage-ng-4.2.113-3.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): autoyast2-4.2.42-3.3.1 autoyast2-installation-4.2.42-3.3.1 libstorage-ng-lang-4.2.76-3.5.4 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-ruby-4.2.76-3.5.4 libstorage-ng1-4.2.76-3.5.4 yast2-storage-ng-4.2.113-3.11.2 - SUSE Linux Enterprise Installer 15-SP2 (noarch): autoyast2-4.2.42-3.3.1 References: https://bugzilla.suse.com/1110413 https://bugzilla.suse.com/1115749 https://bugzilla.suse.com/1145269 https://bugzilla.suse.com/1172026 https://bugzilla.suse.com/1172548 https://bugzilla.suse.com/1173793 https://bugzilla.suse.com/1174469 https://bugzilla.suse.com/1174475 From sle-updates at lists.suse.com Tue Sep 1 10:34:37 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:34:37 +0200 (CEST) Subject: SUSE-RU-2020:2411-1: moderate: Recommended update for systemd Message-ID: <20200901163437.6A0F9F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2411-1 Rating: moderate References: #1142733 #1146991 #1158336 #1172195 #1172824 #1173539 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2411=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2411=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-2411=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.58.1 libsystemd0-debuginfo-234-24.58.1 libudev-devel-234-24.58.1 libudev1-234-24.58.1 libudev1-debuginfo-234-24.58.1 systemd-234-24.58.1 systemd-container-234-24.58.1 systemd-container-debuginfo-234-24.58.1 systemd-coredump-234-24.58.1 systemd-coredump-debuginfo-234-24.58.1 systemd-debuginfo-234-24.58.1 systemd-debugsource-234-24.58.1 systemd-devel-234-24.58.1 systemd-sysvinit-234-24.58.1 udev-234-24.58.1 udev-debuginfo-234-24.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libsystemd0-32bit-234-24.58.1 libsystemd0-32bit-debuginfo-234-24.58.1 libudev1-32bit-234-24.58.1 libudev1-32bit-debuginfo-234-24.58.1 systemd-32bit-234-24.58.1 systemd-32bit-debuginfo-234-24.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-bash-completion-234-24.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.58.1 libsystemd0-debuginfo-234-24.58.1 libudev-devel-234-24.58.1 libudev1-234-24.58.1 libudev1-debuginfo-234-24.58.1 systemd-234-24.58.1 systemd-container-234-24.58.1 systemd-container-debuginfo-234-24.58.1 systemd-coredump-234-24.58.1 systemd-coredump-debuginfo-234-24.58.1 systemd-debuginfo-234-24.58.1 systemd-debugsource-234-24.58.1 systemd-devel-234-24.58.1 systemd-sysvinit-234-24.58.1 udev-234-24.58.1 udev-debuginfo-234-24.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): systemd-bash-completion-234-24.58.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libsystemd0-32bit-234-24.58.1 libsystemd0-32bit-debuginfo-234-24.58.1 libudev1-32bit-234-24.58.1 libudev1-32bit-debuginfo-234-24.58.1 systemd-32bit-234-24.58.1 systemd-32bit-debuginfo-234-24.58.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libudev1-234-24.58.1 systemd-234-24.58.1 systemd-sysvinit-234-24.58.1 udev-234-24.58.1 References: https://bugzilla.suse.com/1142733 https://bugzilla.suse.com/1146991 https://bugzilla.suse.com/1158336 https://bugzilla.suse.com/1172195 https://bugzilla.suse.com/1172824 https://bugzilla.suse.com/1173539 From sle-updates at lists.suse.com Tue Sep 1 10:36:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 18:36:05 +0200 (CEST) Subject: SUSE-RU-2020:2423-1: moderate: Recommended update for yast2-rmt Message-ID: <20200901163605.01A93F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-rmt ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2423-1 Rating: moderate References: #1171555 #1172674 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-rmt fixes the following issues: - Handle Common Name length. (bsc#1172674) - Changed placeholders in translatable strings to support better the 'gettext' language format tags. (bsc#1171555) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2423=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): yast2-rmt-1.3.2-3.8.1 References: https://bugzilla.suse.com/1171555 https://bugzilla.suse.com/1172674 From sle-updates at lists.suse.com Tue Sep 1 13:13:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 1 Sep 2020 21:13:29 +0200 (CEST) Subject: SUSE-RU-2020:2427-1: important: Recommended update for openwsman Message-ID: <20200901191329.0D656F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for openwsman ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2427-1 Rating: important References: #1157655 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openwsman fixes the following issues: - Prevent libcurl from uninitializing global state of OpenSSL library. (bsc#1157655) - Prepare OpenSSL library for threaded operation. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2427=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2427=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2427=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2427=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2427=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2427=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2427=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2427=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2427=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2427=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2427=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2427=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2427=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2427=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2427=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2427=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2427=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE OpenStack Cloud 9 (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE OpenStack Cloud 8 (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libwsman-devel-2.4.11-21.11.1 libwsman_clientpp-devel-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-python-2.4.11-21.11.1 openwsman-python-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 - HPE Helion Openstack 8 (x86_64): libwsman1-2.4.11-21.11.1 libwsman1-debuginfo-2.4.11-21.11.1 libwsman_clientpp1-2.4.11-21.11.1 libwsman_clientpp1-debuginfo-2.4.11-21.11.1 openwsman-debugsource-2.4.11-21.11.1 openwsman-server-2.4.11-21.11.1 openwsman-server-debuginfo-2.4.11-21.11.1 References: https://bugzilla.suse.com/1157655 From sle-updates at lists.suse.com Tue Sep 1 19:13:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:13:44 +0200 (CEST) Subject: SUSE-RU-2020:2429-1: moderate: Recommended update for oracleasm Message-ID: <20200902011344.AC606F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2429-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2429=1 - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-2429=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_197.51-7.11.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_197.51-7.11.2 - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): oracleasm-kmp-rt-2.0.8_k4.12.14_14.23-7.11.2 oracleasm-kmp-rt-debuginfo-2.0.8_k4.12.14_14.23-7.11.2 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:14:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:14:32 +0200 (CEST) Subject: SUSE-RU-2020:2430-1: moderate: Recommended update for oracleasm Message-ID: <20200902011432.A41FFF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2430-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2430=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2430=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2430=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2430=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150.55-4.5.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.55-4.5.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): oracleasm-kmp-default-2.0.8_k4.12.14_150.55-4.5.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.55-4.5.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150.55-4.5.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.55-4.5.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_150.55-4.5.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_150.55-4.5.2 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:15:25 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:15:25 +0200 (CEST) Subject: SUSE-RU-2020:2428-1: moderate: Recommended update for ca-certificates-mozilla Message-ID: <20200902011525.CD832F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2428-1 Rating: moderate References: #1174673 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: - AddTrust External CA Root - AddTrust Class 1 CA Root - LuxTrust Global Root 2 - Staat der Nederlanden Root CA - G2 - Symantec Class 1 Public Primary Certification Authority - G4 - Symantec Class 2 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: - certSIGN Root CA G2 - e-Szigno Root CA 2017 - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2428=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2428=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2428=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2428=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2428=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2428=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2428=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2428=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2428=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2428=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2428=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2428=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2428=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2428=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2428=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2428=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE OpenStack Cloud 9 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE OpenStack Cloud 8 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE OpenStack Cloud 7 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): ca-certificates-mozilla-2.42-12.28.1 - SUSE Enterprise Storage 5 (noarch): ca-certificates-mozilla-2.42-12.28.1 - HPE Helion Openstack 8 (noarch): ca-certificates-mozilla-2.42-12.28.1 References: https://bugzilla.suse.com/1174673 From sle-updates at lists.suse.com Tue Sep 1 19:16:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:16:21 +0200 (CEST) Subject: SUSE-RU-2020:2441-1: moderate: Recommended update for avahi Message-ID: <20200902011621.135C2F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2441-1 Rating: moderate References: #1154063 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2441=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2441=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2441=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2441=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2441=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2441=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 python3-avahi-0.7-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 python3-avahi-0.7-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.7-3.3.1 avahi-autoipd-debuginfo-0.7-3.3.1 avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 avahi-glib2-debugsource-0.7-3.3.1 avahi-utils-gtk-0.7-3.3.1 avahi-utils-gtk-debuginfo-0.7-3.3.1 libavahi-gobject-devel-0.7-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.7-3.3.1 avahi-autoipd-debuginfo-0.7-3.3.1 avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 avahi-glib2-debugsource-0.7-3.3.1 avahi-utils-gtk-0.7-3.3.1 avahi-utils-gtk-debuginfo-0.7-3.3.1 libavahi-gobject-devel-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): avahi-0.7-3.3.1 avahi-compat-howl-devel-0.7-3.3.1 avahi-compat-mDNSResponder-devel-0.7-3.3.1 avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 avahi-glib2-debugsource-0.7-3.3.1 avahi-utils-0.7-3.3.1 avahi-utils-debuginfo-0.7-3.3.1 libavahi-client3-0.7-3.3.1 libavahi-client3-debuginfo-0.7-3.3.1 libavahi-common3-0.7-3.3.1 libavahi-common3-debuginfo-0.7-3.3.1 libavahi-core7-0.7-3.3.1 libavahi-core7-debuginfo-0.7-3.3.1 libavahi-devel-0.7-3.3.1 libavahi-glib-devel-0.7-3.3.1 libavahi-glib1-0.7-3.3.1 libavahi-glib1-debuginfo-0.7-3.3.1 libavahi-gobject0-0.7-3.3.1 libavahi-gobject0-debuginfo-0.7-3.3.1 libavahi-ui-gtk3-0-0.7-3.3.1 libavahi-ui-gtk3-0-debuginfo-0.7-3.3.1 libavahi-ui0-0.7-3.3.1 libavahi-ui0-debuginfo-0.7-3.3.1 libdns_sd-0.7-3.3.1 libdns_sd-debuginfo-0.7-3.3.1 libhowl0-0.7-3.3.1 libhowl0-debuginfo-0.7-3.3.1 typelib-1_0-Avahi-0_6-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): avahi-32bit-debuginfo-0.7-3.3.1 libavahi-client3-32bit-0.7-3.3.1 libavahi-client3-32bit-debuginfo-0.7-3.3.1 libavahi-common3-32bit-0.7-3.3.1 libavahi-common3-32bit-debuginfo-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): avahi-lang-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): avahi-0.7-3.3.1 avahi-compat-howl-devel-0.7-3.3.1 avahi-compat-mDNSResponder-devel-0.7-3.3.1 avahi-debuginfo-0.7-3.3.1 avahi-debugsource-0.7-3.3.1 avahi-glib2-debugsource-0.7-3.3.1 avahi-utils-0.7-3.3.1 avahi-utils-debuginfo-0.7-3.3.1 libavahi-client3-0.7-3.3.1 libavahi-client3-debuginfo-0.7-3.3.1 libavahi-common3-0.7-3.3.1 libavahi-common3-debuginfo-0.7-3.3.1 libavahi-core7-0.7-3.3.1 libavahi-core7-debuginfo-0.7-3.3.1 libavahi-devel-0.7-3.3.1 libavahi-glib-devel-0.7-3.3.1 libavahi-glib1-0.7-3.3.1 libavahi-glib1-debuginfo-0.7-3.3.1 libavahi-gobject0-0.7-3.3.1 libavahi-gobject0-debuginfo-0.7-3.3.1 libavahi-ui-gtk3-0-0.7-3.3.1 libavahi-ui-gtk3-0-debuginfo-0.7-3.3.1 libavahi-ui0-0.7-3.3.1 libavahi-ui0-debuginfo-0.7-3.3.1 libdns_sd-0.7-3.3.1 libdns_sd-debuginfo-0.7-3.3.1 libhowl0-0.7-3.3.1 libhowl0-debuginfo-0.7-3.3.1 typelib-1_0-Avahi-0_6-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): avahi-lang-0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): avahi-32bit-debuginfo-0.7-3.3.1 libavahi-client3-32bit-0.7-3.3.1 libavahi-client3-32bit-debuginfo-0.7-3.3.1 libavahi-common3-32bit-0.7-3.3.1 libavahi-common3-32bit-debuginfo-0.7-3.3.1 References: https://bugzilla.suse.com/1154063 From sle-updates at lists.suse.com Tue Sep 1 19:17:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:17:10 +0200 (CEST) Subject: SUSE-RU-2020:2436-1: moderate: Recommended update for oracleasm Message-ID: <20200902011710.0D2B9F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2436-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP4: zypper in -t patch SUSE-SLE-RT-12-SP4-2020-2436=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP4 (x86_64): oracleasm-kmp-rt-2.0.8_k4.12.14_8.24-3.5.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:17:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:17:55 +0200 (CEST) Subject: SUSE-RU-2020:2435-1: moderate: Recommended update for oracleasm Message-ID: <20200902011755.592CEF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2435-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2020-2435=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): oracleasm-kmp-rt-2.0.8_k4.12.14_10.9-4.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:18:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:18:43 +0200 (CEST) Subject: SUSE-RU-2020:2440-1: moderate: Recommended update for libmaxminddb Message-ID: <20200902011843.6018CF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for libmaxminddb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2440-1 Rating: moderate References: #1175006 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libmaxminddb fixes the following issues: - update to 1.4.3: * Use of uninitialized memory in dump_entry_data_list() could have cause a heap buffer flow in mmdblookup [bsc#1175006] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2440=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2440=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2440=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2440=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2440=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2440=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libmaxminddb0-32bit-1.4.3-1.6.1 libmaxminddb0-32bit-debuginfo-1.4.3-1.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 mmdblookup-debuginfo-1.4.3-1.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libmaxminddb0-32bit-1.4.3-1.6.1 libmaxminddb0-32bit-debuginfo-1.4.3-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libmaxminddb0-32bit-1.4.3-1.6.1 libmaxminddb0-32bit-debuginfo-1.4.3-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmaxminddb-debugsource-1.4.3-1.6.1 libmaxminddb-devel-1.4.3-1.6.1 libmaxminddb0-1.4.3-1.6.1 libmaxminddb0-debuginfo-1.4.3-1.6.1 mmdblookup-1.4.3-1.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libmaxminddb0-32bit-1.4.3-1.6.1 libmaxminddb0-32bit-debuginfo-1.4.3-1.6.1 References: https://bugzilla.suse.com/1175006 From sle-updates at lists.suse.com Tue Sep 1 19:19:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:19:32 +0200 (CEST) Subject: SUSE-RU-2020:2437-1: moderate: Recommended update for drbd Message-ID: <20200902011932.3DF9BF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2437-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2020-2437=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): drbd-kmp-rt-9.0.14+git.62f906cf_k4.12.14_10.9-4.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:20:19 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:20:19 +0200 (CEST) Subject: SUSE-RU-2020:2432-1: moderate: Recommended update for oracleasm Message-ID: <20200902012019.24A3AF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2432-1 Rating: moderate References: #1174543 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2432=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2432=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2432=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2432=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): oracleasm-kmp-default-2.0.8_k4.4.121_92.138-8.2.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.121_92.138-8.2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.4.121_92.138-8.2.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.121_92.138-8.2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.4.121_92.138-8.2.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.121_92.138-8.2.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): oracleasm-kmp-default-2.0.8_k4.4.121_92.138-8.2.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.4.121_92.138-8.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:21:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:21:05 +0200 (CEST) Subject: SUSE-RU-2020:2438-1: moderate: Recommended update for drbd Message-ID: <20200902012105.22E08F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2438-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of drbd fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP4: zypper in -t patch SUSE-SLE-RT-12-SP4-2020-2438=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP4 (x86_64): drbd-kmp-rt-9.0.14+git.62f906cf_k4.12.14_8.24-3.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Tue Sep 1 19:21:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:21:54 +0200 (CEST) Subject: SUSE-RU-2020:14478-1: moderate: Recommended update for mozilla-nss Message-ID: <20200902012154.75103F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14478-1 Rating: moderate References: #1168669 #1173767 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mozilla-nss fixes the following issues: - Deactivate HW optimizations on ppc that caused "Illegal instructions" on usage (bsc#1173767) - Add "-O1" flag to s390, ppc and ppc64 because of OOM-kills - avoid spurious initialization attempt of global RNG (bsc#1168669). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mozilla-nss-14478=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mozilla-nss-14478=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mozilla-nss-14478=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mozilla-nss-14478=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libfreebl3-3.53.1-47.12.1 libsoftokn3-3.53.1-47.12.1 mozilla-nss-3.53.1-47.12.1 mozilla-nss-certs-3.53.1-47.12.1 mozilla-nss-devel-3.53.1-47.12.1 mozilla-nss-tools-3.53.1-47.12.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libfreebl3-32bit-3.53.1-47.12.1 libsoftokn3-32bit-3.53.1-47.12.1 mozilla-nss-32bit-3.53.1-47.12.1 mozilla-nss-certs-32bit-3.53.1-47.12.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libfreebl3-3.53.1-47.12.1 libsoftokn3-3.53.1-47.12.1 mozilla-nss-3.53.1-47.12.1 mozilla-nss-tools-3.53.1-47.12.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mozilla-nss-debuginfo-3.53.1-47.12.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mozilla-nss-debuginfo-3.53.1-47.12.1 References: https://bugzilla.suse.com/1168669 https://bugzilla.suse.com/1173767 From sle-updates at lists.suse.com Tue Sep 1 19:22:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:22:56 +0200 (CEST) Subject: SUSE-RU-2020:2439-1: moderate: Recommended update for avahi Message-ID: <20200902012256.897E5F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2439-1 Rating: moderate References: #1154063 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for avahi fixes the following issues: - When changing ownership of /var/lib/autoipd, only change ownership of files owned by avahi, to mitigate against possible exploits (bsc#1154063). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2439=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2439=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2439=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2439=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2439=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2439=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2439=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2439=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2439=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2439=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2439=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2439=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2439=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2439=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2439=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2439=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2439=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2439=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE OpenStack Cloud 9 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE OpenStack Cloud 9 (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE OpenStack Cloud 8 (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE OpenStack Cloud 8 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE OpenStack Cloud 7 (s390x x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE OpenStack Cloud 7 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): avahi-glib2-debugsource-0.6.32-32.9.1 libavahi-gobject0-0.6.32-32.9.1 libavahi-gobject0-debuginfo-0.6.32-32.9.1 libavahi-ui-gtk3-0-0.6.32-32.9.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.9.1 libavahi-ui0-0.6.32-32.9.1 libavahi-ui0-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): avahi-compat-howl-devel-0.6.32-32.9.1 avahi-compat-mDNSResponder-devel-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 libavahi-devel-0.6.32-32.9.1 libavahi-glib-devel-0.6.32-32.9.1 libavahi-gobject-devel-0.6.32-32.9.1 libavahi-gobject0-0.6.32-32.9.1 libavahi-gobject0-debuginfo-0.6.32-32.9.1 libavahi-ui-gtk3-0-0.6.32-32.9.1 libavahi-ui-gtk3-0-debuginfo-0.6.32-32.9.1 libavahi-ui0-0.6.32-32.9.1 libavahi-ui0-debuginfo-0.6.32-32.9.1 libhowl0-0.6.32-32.9.1 libhowl0-debuginfo-0.6.32-32.9.1 python-avahi-0.6.32-32.9.1 typelib-1_0-Avahi-0_6-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): avahi-lang-0.6.32-32.9.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 - SUSE Enterprise Storage 5 (x86_64): avahi-debuginfo-32bit-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 - SUSE Enterprise Storage 5 (noarch): avahi-lang-0.6.32-32.9.1 - HPE Helion Openstack 8 (noarch): avahi-lang-0.6.32-32.9.1 - HPE Helion Openstack 8 (x86_64): avahi-0.6.32-32.9.1 avahi-debuginfo-0.6.32-32.9.1 avahi-debuginfo-32bit-0.6.32-32.9.1 avahi-debugsource-0.6.32-32.9.1 avahi-glib2-debugsource-0.6.32-32.9.1 avahi-utils-0.6.32-32.9.1 avahi-utils-debuginfo-0.6.32-32.9.1 libavahi-client3-0.6.32-32.9.1 libavahi-client3-32bit-0.6.32-32.9.1 libavahi-client3-debuginfo-0.6.32-32.9.1 libavahi-client3-debuginfo-32bit-0.6.32-32.9.1 libavahi-common3-0.6.32-32.9.1 libavahi-common3-32bit-0.6.32-32.9.1 libavahi-common3-debuginfo-0.6.32-32.9.1 libavahi-common3-debuginfo-32bit-0.6.32-32.9.1 libavahi-core7-0.6.32-32.9.1 libavahi-core7-debuginfo-0.6.32-32.9.1 libavahi-glib1-0.6.32-32.9.1 libavahi-glib1-32bit-0.6.32-32.9.1 libavahi-glib1-debuginfo-0.6.32-32.9.1 libavahi-glib1-debuginfo-32bit-0.6.32-32.9.1 libdns_sd-0.6.32-32.9.1 libdns_sd-32bit-0.6.32-32.9.1 libdns_sd-debuginfo-0.6.32-32.9.1 libdns_sd-debuginfo-32bit-0.6.32-32.9.1 References: https://bugzilla.suse.com/1154063 From sle-updates at lists.suse.com Tue Sep 1 19:23:49 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 03:23:49 +0200 (CEST) Subject: SUSE-RU-2020:2431-1: moderate: Recommended update for oracleasm Message-ID: <20200902012349.70854F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2431-1 Rating: moderate References: #1174543 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2431=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2431=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2431=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2431=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.57-4.5.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.57-4.5.1 - SUSE OpenStack Cloud 9 (x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.57-4.5.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.57-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.57-4.5.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.57-4.5.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_95.57-4.5.1 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_95.57-4.5.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Sep 2 00:17:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:17:51 +0200 (CEST) Subject: SUSE-CU-2020:430-1: Recommended update of suse/sles12sp3 Message-ID: <20200902061751.96131FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:430-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.197 , suse/sles12sp3:latest Container Release : 24.197 Severity : low Type : recommended References : 1173593 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2410-1 Released: Tue Sep 1 13:15:48 2020 Summary: Recommended update for pam Type: recommended Severity: low References: 1173593 This update of pam fixes the following issue: - On some SUSE Linux Enterprise 12 SP5 based media from build.suse.com a pam version with a higher release number than the last update of pam was delivered. This update releases pam with a higher release number to align it with this media. (bsc#1173593) From sle-updates at lists.suse.com Wed Sep 2 00:27:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:27:46 +0200 (CEST) Subject: SUSE-CU-2020:431-1: Recommended update of suse/sles12sp4 Message-ID: <20200902062746.95042FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:431-1 Container Tags : suse/sles12sp4:26.228 , suse/sles12sp4:latest Container Release : 26.228 Severity : low Type : recommended References : 1173593 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2410-1 Released: Tue Sep 1 13:15:48 2020 Summary: Recommended update for pam Type: recommended Severity: low References: 1173593 This update of pam fixes the following issue: - On some SUSE Linux Enterprise 12 SP5 based media from build.suse.com a pam version with a higher release number than the last update of pam was delivered. This update releases pam with a higher release number to align it with this media. (bsc#1173593) From sle-updates at lists.suse.com Wed Sep 2 00:32:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:32:47 +0200 (CEST) Subject: SUSE-CU-2020:432-1: Recommended update of suse/sles12sp5 Message-ID: <20200902063247.AD0E2FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:432-1 Container Tags : suse/sles12sp5:6.5.51 , suse/sles12sp5:latest Container Release : 6.5.51 Severity : moderate Type : recommended References : 1173593 1174673 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2410-1 Released: Tue Sep 1 13:15:48 2020 Summary: Recommended update for pam Type: recommended Severity: low References: 1173593 This update of pam fixes the following issue: - On some SUSE Linux Enterprise 12 SP5 based media from build.suse.com a pam version with a higher release number than the last update of pam was delivered. This update releases pam with a higher release number to align it with this media. (bsc#1173593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2428-1 Released: Tue Sep 1 22:07:35 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: - AddTrust External CA Root - AddTrust Class 1 CA Root - LuxTrust Global Root 2 - Staat der Nederlanden Root CA - G2 - Symantec Class 1 Public Primary Certification Authority - G4 - Symantec Class 2 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: - certSIGN Root CA G2 - e-Szigno Root CA 2017 - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 From sle-updates at lists.suse.com Wed Sep 2 00:44:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:44:07 +0200 (CEST) Subject: SUSE-CU-2020:433-1: Recommended update of suse/sle15 Message-ID: <20200902064407.3EF8CFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:433-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.259 Container Release : 4.22.259 Severity : moderate Type : recommended References : 1142733 1146991 1158336 1172195 1172824 1173539 1174551 1174736 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) From sle-updates at lists.suse.com Wed Sep 2 00:52:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:52:04 +0200 (CEST) Subject: SUSE-CU-2020:434-1: Recommended update of suse/sle15 Message-ID: <20200902065204.7BFACFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:434-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.298 Container Release : 6.2.298 Severity : moderate Type : recommended References : 1142733 1146991 1158336 1172195 1172824 1173539 1174551 1174736 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) From sle-updates at lists.suse.com Wed Sep 2 00:53:43 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 08:53:43 +0200 (CEST) Subject: SUSE-CU-2020:435-1: Recommended update of suse/sle15 Message-ID: <20200902065343.BBD71FCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:435-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.735 Container Release : 8.2.735 Severity : moderate Type : recommended References : 1142733 1146991 1158336 1172195 1172824 1173539 1174551 1174736 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR ??? WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) From sle-updates at lists.suse.com Wed Sep 2 07:13:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:13:42 +0200 (CEST) Subject: SUSE-SU-2020:2446-1: moderate: Security update for curl Message-ID: <20200902131342.84873F794@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2446-1 Rating: moderate References: #1175109 Cross-References: CVE-2020-8231 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2446=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.32.1 curl-debuginfo-7.60.0-3.32.1 curl-debugsource-7.60.0-3.32.1 libcurl-devel-7.60.0-3.32.1 libcurl4-7.60.0-3.32.1 libcurl4-debuginfo-7.60.0-3.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcurl4-32bit-7.60.0-3.32.1 libcurl4-32bit-debuginfo-7.60.0-3.32.1 References: https://www.suse.com/security/cve/CVE-2020-8231.html https://bugzilla.suse.com/1175109 From sle-updates at lists.suse.com Wed Sep 2 07:14:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:14:32 +0200 (CEST) Subject: SUSE-RU-2020:2448-1: important: Recommended update for transactional-update Message-ID: <20200902131432.12116F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for transactional-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2448-1 Rating: important References: #1162320 Affected Products: SUSE Linux Enterprise Module for Transactional Server 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for transactional-update fixes the following issue: - Mount efivarfs on EFI systems. (bsc#1162320) If the EFI variables are not available, some incorrect parameters will be attached to grub2-install, writing the binary to a wrong location. Due to this, the system fails at reboot with a missing symbol error. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP2: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP2-2020-2448=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP2 (aarch64 ppc64le s390x x86_64): transactional-update-2.20.3-3.3.1 transactional-update-debuginfo-2.20.3-3.3.1 transactional-update-debugsource-2.20.3-3.3.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP2 (noarch): transactional-update-zypp-config-2.20.3-3.3.1 References: https://bugzilla.suse.com/1162320 From sle-updates at lists.suse.com Wed Sep 2 07:17:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:17:01 +0200 (CEST) Subject: SUSE-RU-2020:2447-1: moderate: Recommended update for crmsh Message-ID: <20200902131701.51407F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2447-1 Rating: moderate References: #1175057 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fixes an issue by 'ssh_merge' function for compatibility. (bsc#1175057) - Adjust sbd config process to fix bug on sbd stage. (bsc#1175057) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2447=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.1.0+git.1598258232.7580dd00-3.28.1 crmsh-scripts-4.1.0+git.1598258232.7580dd00-3.28.1 References: https://bugzilla.suse.com/1175057 From sle-updates at lists.suse.com Wed Sep 2 07:17:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:17:51 +0200 (CEST) Subject: SUSE-SU-2020:2444-1: moderate: Security update for curl Message-ID: <20200902131751.AF91FF794@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2444-1 Rating: moderate References: #1175109 Cross-References: CVE-2020-8231 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2444=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2444=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.6.1 curl-debugsource-7.60.0-11.6.1 libcurl-devel-7.60.0-11.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.6.1 curl-debuginfo-7.60.0-11.6.1 curl-debugsource-7.60.0-11.6.1 libcurl4-7.60.0-11.6.1 libcurl4-debuginfo-7.60.0-11.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.6.1 libcurl4-debuginfo-32bit-7.60.0-11.6.1 References: https://www.suse.com/security/cve/CVE-2020-8231.html https://bugzilla.suse.com/1175109 From sle-updates at lists.suse.com Wed Sep 2 07:18:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:18:44 +0200 (CEST) Subject: SUSE-SU-2020:2445-1: moderate: Security update for curl Message-ID: <20200902131844.495F8F794@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2445-1 Rating: moderate References: #1175109 Cross-References: CVE-2020-8231 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2445=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.6.1 curl-debuginfo-7.66.0-4.6.1 curl-debugsource-7.66.0-4.6.1 libcurl-devel-7.66.0-4.6.1 libcurl4-7.66.0-4.6.1 libcurl4-debuginfo-7.66.0-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcurl4-32bit-7.66.0-4.6.1 libcurl4-32bit-debuginfo-7.66.0-4.6.1 References: https://www.suse.com/security/cve/CVE-2020-8231.html https://bugzilla.suse.com/1175109 From sle-updates at lists.suse.com Wed Sep 2 07:19:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:19:36 +0200 (CEST) Subject: SUSE-SU-2020:2442-1: critical: Security update for squid Message-ID: <20200902131936.440C5F794@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2442-1 Rating: critical References: #1173455 #1175664 #1175665 #1175671 Cross-References: CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2442=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2442=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2442=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2442=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2442=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2442=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): squid-4.13-5.23.1 squid-debuginfo-4.13-5.23.1 squid-debugsource-4.13-5.23.1 References: https://www.suse.com/security/cve/CVE-2020-15049.html https://www.suse.com/security/cve/CVE-2020-15810.html https://www.suse.com/security/cve/CVE-2020-15811.html https://www.suse.com/security/cve/CVE-2020-24606.html https://bugzilla.suse.com/1173455 https://bugzilla.suse.com/1175664 https://bugzilla.suse.com/1175665 https://bugzilla.suse.com/1175671 From sle-updates at lists.suse.com Wed Sep 2 07:20:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:20:54 +0200 (CEST) Subject: SUSE-SU-2020:2450-1: moderate: Security update for apache2 Message-ID: <20200902132054.3BD8AF794@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2450-1 Rating: moderate References: #1175070 #1175071 #1175072 Cross-References: CVE-2020-11985 CVE-2020-11993 CVE-2020-9490 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2450=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2450=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2450=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2450=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2450=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2450=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2450=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2450=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2450=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2450=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2450=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2450=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2450=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2450=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2450=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2450=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2450=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE OpenStack Cloud 9 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE OpenStack Cloud 9 (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE OpenStack Cloud 8 (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE OpenStack Cloud 8 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE OpenStack Cloud 7 (s390x x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE OpenStack Cloud 7 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-devel-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.63.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - SUSE Enterprise Storage 5 (noarch): apache2-doc-2.4.23-29.63.1 - HPE Helion Openstack 8 (x86_64): apache2-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-utils-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 - HPE Helion Openstack 8 (noarch): apache2-doc-2.4.23-29.63.1 References: https://www.suse.com/security/cve/CVE-2020-11985.html https://www.suse.com/security/cve/CVE-2020-11993.html https://www.suse.com/security/cve/CVE-2020-9490.html https://bugzilla.suse.com/1175070 https://bugzilla.suse.com/1175071 https://bugzilla.suse.com/1175072 From sle-updates at lists.suse.com Wed Sep 2 07:22:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 15:22:03 +0200 (CEST) Subject: SUSE-SU-2020:2443-1: critical: Security update for squid Message-ID: <20200902132203.DA22DF794@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2443-1 Rating: critical References: #1173455 #1175664 #1175665 #1175671 Cross-References: CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2443=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): squid-4.13-4.15.1 squid-debuginfo-4.13-4.15.1 squid-debugsource-4.13-4.15.1 References: https://www.suse.com/security/cve/CVE-2020-15049.html https://www.suse.com/security/cve/CVE-2020-15810.html https://www.suse.com/security/cve/CVE-2020-15811.html https://www.suse.com/security/cve/CVE-2020-24606.html https://bugzilla.suse.com/1173455 https://bugzilla.suse.com/1175664 https://bugzilla.suse.com/1175665 https://bugzilla.suse.com/1175671 From sle-updates at lists.suse.com Wed Sep 2 10:14:01 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:14:01 +0200 (CEST) Subject: SUSE-SU-2020:2455-1: moderate: Security update for php7 Message-ID: <20200902161401.6EC01F403@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2455-1 Rating: moderate References: #1173786 #1174010 #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). - Do not install outdated README.SUSE (bsc#1174010). - Added tmpfiles.d for php-fpm to provide a base for a socket (bsc#1173786). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-2455=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2455=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.61.1 apache2-mod_php7-debuginfo-7.2.5-4.61.1 php7-7.2.5-4.61.1 php7-bcmath-7.2.5-4.61.1 php7-bcmath-debuginfo-7.2.5-4.61.1 php7-bz2-7.2.5-4.61.1 php7-bz2-debuginfo-7.2.5-4.61.1 php7-calendar-7.2.5-4.61.1 php7-calendar-debuginfo-7.2.5-4.61.1 php7-ctype-7.2.5-4.61.1 php7-ctype-debuginfo-7.2.5-4.61.1 php7-curl-7.2.5-4.61.1 php7-curl-debuginfo-7.2.5-4.61.1 php7-dba-7.2.5-4.61.1 php7-dba-debuginfo-7.2.5-4.61.1 php7-debuginfo-7.2.5-4.61.1 php7-debugsource-7.2.5-4.61.1 php7-devel-7.2.5-4.61.1 php7-dom-7.2.5-4.61.1 php7-dom-debuginfo-7.2.5-4.61.1 php7-enchant-7.2.5-4.61.1 php7-enchant-debuginfo-7.2.5-4.61.1 php7-exif-7.2.5-4.61.1 php7-exif-debuginfo-7.2.5-4.61.1 php7-fastcgi-7.2.5-4.61.1 php7-fastcgi-debuginfo-7.2.5-4.61.1 php7-fileinfo-7.2.5-4.61.1 php7-fileinfo-debuginfo-7.2.5-4.61.1 php7-fpm-7.2.5-4.61.1 php7-fpm-debuginfo-7.2.5-4.61.1 php7-ftp-7.2.5-4.61.1 php7-ftp-debuginfo-7.2.5-4.61.1 php7-gd-7.2.5-4.61.1 php7-gd-debuginfo-7.2.5-4.61.1 php7-gettext-7.2.5-4.61.1 php7-gettext-debuginfo-7.2.5-4.61.1 php7-gmp-7.2.5-4.61.1 php7-gmp-debuginfo-7.2.5-4.61.1 php7-iconv-7.2.5-4.61.1 php7-iconv-debuginfo-7.2.5-4.61.1 php7-intl-7.2.5-4.61.1 php7-intl-debuginfo-7.2.5-4.61.1 php7-json-7.2.5-4.61.1 php7-json-debuginfo-7.2.5-4.61.1 php7-ldap-7.2.5-4.61.1 php7-ldap-debuginfo-7.2.5-4.61.1 php7-mbstring-7.2.5-4.61.1 php7-mbstring-debuginfo-7.2.5-4.61.1 php7-mysql-7.2.5-4.61.1 php7-mysql-debuginfo-7.2.5-4.61.1 php7-odbc-7.2.5-4.61.1 php7-odbc-debuginfo-7.2.5-4.61.1 php7-opcache-7.2.5-4.61.1 php7-opcache-debuginfo-7.2.5-4.61.1 php7-openssl-7.2.5-4.61.1 php7-openssl-debuginfo-7.2.5-4.61.1 php7-pcntl-7.2.5-4.61.1 php7-pcntl-debuginfo-7.2.5-4.61.1 php7-pdo-7.2.5-4.61.1 php7-pdo-debuginfo-7.2.5-4.61.1 php7-pgsql-7.2.5-4.61.1 php7-pgsql-debuginfo-7.2.5-4.61.1 php7-phar-7.2.5-4.61.1 php7-phar-debuginfo-7.2.5-4.61.1 php7-posix-7.2.5-4.61.1 php7-posix-debuginfo-7.2.5-4.61.1 php7-readline-7.2.5-4.61.1 php7-readline-debuginfo-7.2.5-4.61.1 php7-shmop-7.2.5-4.61.1 php7-shmop-debuginfo-7.2.5-4.61.1 php7-snmp-7.2.5-4.61.1 php7-snmp-debuginfo-7.2.5-4.61.1 php7-soap-7.2.5-4.61.1 php7-soap-debuginfo-7.2.5-4.61.1 php7-sockets-7.2.5-4.61.1 php7-sockets-debuginfo-7.2.5-4.61.1 php7-sodium-7.2.5-4.61.1 php7-sodium-debuginfo-7.2.5-4.61.1 php7-sqlite-7.2.5-4.61.1 php7-sqlite-debuginfo-7.2.5-4.61.1 php7-sysvmsg-7.2.5-4.61.1 php7-sysvmsg-debuginfo-7.2.5-4.61.1 php7-sysvsem-7.2.5-4.61.1 php7-sysvsem-debuginfo-7.2.5-4.61.1 php7-sysvshm-7.2.5-4.61.1 php7-sysvshm-debuginfo-7.2.5-4.61.1 php7-tidy-7.2.5-4.61.1 php7-tidy-debuginfo-7.2.5-4.61.1 php7-tokenizer-7.2.5-4.61.1 php7-tokenizer-debuginfo-7.2.5-4.61.1 php7-wddx-7.2.5-4.61.1 php7-wddx-debuginfo-7.2.5-4.61.1 php7-xmlreader-7.2.5-4.61.1 php7-xmlreader-debuginfo-7.2.5-4.61.1 php7-xmlrpc-7.2.5-4.61.1 php7-xmlrpc-debuginfo-7.2.5-4.61.1 php7-xmlwriter-7.2.5-4.61.1 php7-xmlwriter-debuginfo-7.2.5-4.61.1 php7-xsl-7.2.5-4.61.1 php7-xsl-debuginfo-7.2.5-4.61.1 php7-zip-7.2.5-4.61.1 php7-zip-debuginfo-7.2.5-4.61.1 php7-zlib-7.2.5-4.61.1 php7-zlib-debuginfo-7.2.5-4.61.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): php7-pear-7.2.5-4.61.1 php7-pear-Archive_Tar-7.2.5-4.61.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.61.1 php7-debugsource-7.2.5-4.61.1 php7-embed-7.2.5-4.61.1 php7-embed-debuginfo-7.2.5-4.61.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1173786 https://bugzilla.suse.com/1174010 https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Wed Sep 2 10:15:04 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:15:04 +0200 (CEST) Subject: SUSE-SU-2020:2456-1: moderate: Security update for php7 Message-ID: <20200902161505.00738F794@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2456-1 Rating: moderate References: #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2456=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2456=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.6.1 apache2-mod_php7-debuginfo-7.4.6-3.6.1 php7-7.4.6-3.6.1 php7-bcmath-7.4.6-3.6.1 php7-bcmath-debuginfo-7.4.6-3.6.1 php7-bz2-7.4.6-3.6.1 php7-bz2-debuginfo-7.4.6-3.6.1 php7-calendar-7.4.6-3.6.1 php7-calendar-debuginfo-7.4.6-3.6.1 php7-ctype-7.4.6-3.6.1 php7-ctype-debuginfo-7.4.6-3.6.1 php7-curl-7.4.6-3.6.1 php7-curl-debuginfo-7.4.6-3.6.1 php7-dba-7.4.6-3.6.1 php7-dba-debuginfo-7.4.6-3.6.1 php7-debuginfo-7.4.6-3.6.1 php7-debugsource-7.4.6-3.6.1 php7-devel-7.4.6-3.6.1 php7-dom-7.4.6-3.6.1 php7-dom-debuginfo-7.4.6-3.6.1 php7-enchant-7.4.6-3.6.1 php7-enchant-debuginfo-7.4.6-3.6.1 php7-exif-7.4.6-3.6.1 php7-exif-debuginfo-7.4.6-3.6.1 php7-fastcgi-7.4.6-3.6.1 php7-fastcgi-debuginfo-7.4.6-3.6.1 php7-fileinfo-7.4.6-3.6.1 php7-fileinfo-debuginfo-7.4.6-3.6.1 php7-fpm-7.4.6-3.6.1 php7-fpm-debuginfo-7.4.6-3.6.1 php7-ftp-7.4.6-3.6.1 php7-ftp-debuginfo-7.4.6-3.6.1 php7-gd-7.4.6-3.6.1 php7-gd-debuginfo-7.4.6-3.6.1 php7-gettext-7.4.6-3.6.1 php7-gettext-debuginfo-7.4.6-3.6.1 php7-gmp-7.4.6-3.6.1 php7-gmp-debuginfo-7.4.6-3.6.1 php7-iconv-7.4.6-3.6.1 php7-iconv-debuginfo-7.4.6-3.6.1 php7-intl-7.4.6-3.6.1 php7-intl-debuginfo-7.4.6-3.6.1 php7-json-7.4.6-3.6.1 php7-json-debuginfo-7.4.6-3.6.1 php7-ldap-7.4.6-3.6.1 php7-ldap-debuginfo-7.4.6-3.6.1 php7-mbstring-7.4.6-3.6.1 php7-mbstring-debuginfo-7.4.6-3.6.1 php7-mysql-7.4.6-3.6.1 php7-mysql-debuginfo-7.4.6-3.6.1 php7-odbc-7.4.6-3.6.1 php7-odbc-debuginfo-7.4.6-3.6.1 php7-opcache-7.4.6-3.6.1 php7-opcache-debuginfo-7.4.6-3.6.1 php7-openssl-7.4.6-3.6.1 php7-openssl-debuginfo-7.4.6-3.6.1 php7-pcntl-7.4.6-3.6.1 php7-pcntl-debuginfo-7.4.6-3.6.1 php7-pdo-7.4.6-3.6.1 php7-pdo-debuginfo-7.4.6-3.6.1 php7-pgsql-7.4.6-3.6.1 php7-pgsql-debuginfo-7.4.6-3.6.1 php7-phar-7.4.6-3.6.1 php7-phar-debuginfo-7.4.6-3.6.1 php7-posix-7.4.6-3.6.1 php7-posix-debuginfo-7.4.6-3.6.1 php7-readline-7.4.6-3.6.1 php7-readline-debuginfo-7.4.6-3.6.1 php7-shmop-7.4.6-3.6.1 php7-shmop-debuginfo-7.4.6-3.6.1 php7-snmp-7.4.6-3.6.1 php7-snmp-debuginfo-7.4.6-3.6.1 php7-soap-7.4.6-3.6.1 php7-soap-debuginfo-7.4.6-3.6.1 php7-sockets-7.4.6-3.6.1 php7-sockets-debuginfo-7.4.6-3.6.1 php7-sodium-7.4.6-3.6.1 php7-sodium-debuginfo-7.4.6-3.6.1 php7-sqlite-7.4.6-3.6.1 php7-sqlite-debuginfo-7.4.6-3.6.1 php7-sysvmsg-7.4.6-3.6.1 php7-sysvmsg-debuginfo-7.4.6-3.6.1 php7-sysvsem-7.4.6-3.6.1 php7-sysvsem-debuginfo-7.4.6-3.6.1 php7-sysvshm-7.4.6-3.6.1 php7-sysvshm-debuginfo-7.4.6-3.6.1 php7-tidy-7.4.6-3.6.1 php7-tidy-debuginfo-7.4.6-3.6.1 php7-tokenizer-7.4.6-3.6.1 php7-tokenizer-debuginfo-7.4.6-3.6.1 php7-xmlreader-7.4.6-3.6.1 php7-xmlreader-debuginfo-7.4.6-3.6.1 php7-xmlrpc-7.4.6-3.6.1 php7-xmlrpc-debuginfo-7.4.6-3.6.1 php7-xmlwriter-7.4.6-3.6.1 php7-xmlwriter-debuginfo-7.4.6-3.6.1 php7-xsl-7.4.6-3.6.1 php7-xsl-debuginfo-7.4.6-3.6.1 php7-zip-7.4.6-3.6.1 php7-zip-debuginfo-7.4.6-3.6.1 php7-zlib-7.4.6-3.6.1 php7-zlib-debuginfo-7.4.6-3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.6.1 php7-debugsource-7.4.6-3.6.1 php7-embed-7.4.6-3.6.1 php7-embed-debuginfo-7.4.6-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Wed Sep 2 10:15:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:15:55 +0200 (CEST) Subject: SUSE-SU-2020:2452-1: important: Security update for xorg-x11-server Message-ID: <20200902161555.E5DF1F403@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2452-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2452=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2452=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2452=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.5.1 xorg-x11-server-debugsource-1.20.3-22.5.5.1 xorg-x11-server-wayland-1.20.3-22.5.5.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.5.1 xorg-x11-server-debugsource-1.20.3-22.5.5.1 xorg-x11-server-sdk-1.20.3-22.5.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.5.1 xorg-x11-server-debuginfo-1.20.3-22.5.5.1 xorg-x11-server-debugsource-1.20.3-22.5.5.1 xorg-x11-server-extra-1.20.3-22.5.5.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.5.1 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Wed Sep 2 10:16:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:16:51 +0200 (CEST) Subject: SUSE-SU-2020:2453-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20200902161651.CFE02F403@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2453-1 Rating: moderate References: #1174157 #1175259 Cross-References: CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2453=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2453=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2453=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2453=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-3.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-3.41.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-3.41.1 References: https://www.suse.com/security/cve/CVE-2019-17639.html https://www.suse.com/security/cve/CVE-2020-14556.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14578.html https://www.suse.com/security/cve/CVE-2020-14579.html https://www.suse.com/security/cve/CVE-2020-14581.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 https://bugzilla.suse.com/1175259 From sle-updates at lists.suse.com Wed Sep 2 10:17:45 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:17:45 +0200 (CEST) Subject: SUSE-RU-2020:2451-1: important: Recommended update for dracut Message-ID: <20200902161745.95636F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2451-1 Rating: important References: #1167494 #996146 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dracut fixes the following issues: Update from version 049.1+suse.152.g8506e86f to version 049.1+suse.156.g7d852636: - net-lib.sh: support infiniband network mac addresses (bsc#996146) - 95nfs: use ip_params_for_remote_addr() (bsc#1167494) - 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) - dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2451=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.156.g7d852636-3.11.1 dracut-debuginfo-049.1+suse.156.g7d852636-3.11.1 dracut-debugsource-049.1+suse.156.g7d852636-3.11.1 dracut-fips-049.1+suse.156.g7d852636-3.11.1 dracut-ima-049.1+suse.156.g7d852636-3.11.1 References: https://bugzilla.suse.com/1167494 https://bugzilla.suse.com/996146 From sle-updates at lists.suse.com Wed Sep 2 10:18:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 18:18:42 +0200 (CEST) Subject: SUSE-SU-2020:14481-1: moderate: Security update for curl Message-ID: <20200902161842.14961F403@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14481-1 Rating: moderate References: #1175109 Cross-References: CVE-2020-8231 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-14481=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.37.0-70.52.2 libcurl4-openssl1-7.37.0-70.52.2 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.37.0-70.52.2 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.37.0-70.52.2 References: https://www.suse.com/security/cve/CVE-2020-8231.html https://bugzilla.suse.com/1175109 From sle-updates at lists.suse.com Wed Sep 2 13:13:33 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 21:13:33 +0200 (CEST) Subject: SUSE-SU-2020:2461-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20200902191333.6B3A6F794@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2461-1 Rating: moderate References: #1174157 #1175259 Cross-References: CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2461=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2461=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2461=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2461=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2461=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2461=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2461=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2461=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2461=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2461=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2461=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2461=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2461=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2461=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2461=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2461=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 - HPE Helion Openstack 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1 References: https://www.suse.com/security/cve/CVE-2019-17639.html https://www.suse.com/security/cve/CVE-2020-14556.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14578.html https://www.suse.com/security/cve/CVE-2020-14579.html https://www.suse.com/security/cve/CVE-2020-14581.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 https://bugzilla.suse.com/1175259 From sle-updates at lists.suse.com Wed Sep 2 13:14:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 21:14:32 +0200 (CEST) Subject: SUSE-RU-2020:2459-1: moderate: Recommended update for crmsh Message-ID: <20200902191432.C6611F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2459-1 Rating: moderate References: #1175057 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fixes an issue by 'ssh_merge' function for compatibility. (bsc#1175057) - Adjust sbd config process to fix bug on sbd stage. (bsc#1175057) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2459=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.1.0+git.1598258232.7580dd00-3.36.1 crmsh-scripts-4.1.0+git.1598258232.7580dd00-3.36.1 References: https://bugzilla.suse.com/1175057 From sle-updates at lists.suse.com Wed Sep 2 13:15:30 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 21:15:30 +0200 (CEST) Subject: SUSE-RU-2020:2458-1: moderate: Recommended update for iputils Message-ID: <20200902191530.2E624F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for iputils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2458-1 Rating: moderate References: #927831 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for iputils fixes the following issue: - ping: Remove workaround for bug in IP_RECVERR on raw sockets. (bsc#927831) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2458=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2458=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2458=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2458=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-s20161105-8.3.1 iputils-debugsource-s20161105-8.3.1 rarpd-debuginfo-s20161105-8.3.1 rarpd-s20161105-8.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-s20161105-8.3.1 iputils-debugsource-s20161105-8.3.1 rarpd-debuginfo-s20161105-8.3.1 rarpd-s20161105-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-s20161105-8.3.1 iputils-debugsource-s20161105-8.3.1 iputils-s20161105-8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-s20161105-8.3.1 iputils-debugsource-s20161105-8.3.1 iputils-s20161105-8.3.1 References: https://bugzilla.suse.com/927831 From sle-updates at lists.suse.com Wed Sep 2 13:16:22 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 21:16:22 +0200 (CEST) Subject: SUSE-SU-2020:14482-1: moderate: Security update for java-1_7_0-ibm Message-ID: <20200902191622.EB90AF794@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14482-1 Rating: moderate References: #1171352 #1174157 #1175259 Cross-References: CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for java-1_7_0-ibm fixes the following issues: - Update to Java 7.0 Service Refresh 10 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - The pack200 and unpack200 alternatives should be slaves of java [bsc#1171352] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_0-ibm-14482=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr10.70-65.54.1 java-1_7_0-ibm-alsa-1.7.0_sr10.70-65.54.1 java-1_7_0-ibm-devel-1.7.0_sr10.70-65.54.1 java-1_7_0-ibm-jdbc-1.7.0_sr10.70-65.54.1 java-1_7_0-ibm-plugin-1.7.0_sr10.70-65.54.1 References: https://www.suse.com/security/cve/CVE-2019-17639.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14578.html https://www.suse.com/security/cve/CVE-2020-14579.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1171352 https://bugzilla.suse.com/1174157 https://bugzilla.suse.com/1175259 From sle-updates at lists.suse.com Wed Sep 2 13:29:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 2 Sep 2020 21:29:09 +0200 (CEST) Subject: SUSE-RU-2020:2457-1: important: Recommended update for grub2 Message-ID: <20200902192909.B2B77F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2457-1 Rating: important References: #1174567 #1175766 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - The GRUB_VERIFY_FLAGS_DEFER_AUTH is enabled regardless secure boot status (bsc#1175766) A secure boot status check has been added before requesting other verifiers to verify external module, therefore external module loading can work after shim_lock module is loaded and secure boot turned off. - Make consistent check to enable relative path on btrfs (bsc#1174567) This fix unified the test in grub-install and grub-mkconfig. The path to default or selected btrfs subvolume/snapshot is used if the root file system is btrfs and the config has enabled btrfs snapshot booting. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2457=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2457=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): grub2-x86_64-xen-2.04-9.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.04-9.18.1 grub2-debuginfo-2.04-9.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.04-9.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): grub2-arm64-efi-2.04-9.18.1 grub2-i386-pc-2.04-9.18.1 grub2-powerpc-ieee1275-2.04-9.18.1 grub2-snapper-plugin-2.04-9.18.1 grub2-systemd-sleep-plugin-2.04-9.18.1 grub2-x86_64-efi-2.04-9.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): grub2-s390x-emu-2.04-9.18.1 References: https://bugzilla.suse.com/1174567 https://bugzilla.suse.com/1175766 From sle-updates at lists.suse.com Wed Sep 2 19:13:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:13:29 +0200 (CEST) Subject: SUSE-RU-2020:2469-1: moderate: Recommended update for tomcat Message-ID: <20200903011329.6A733F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2469-1 Rating: moderate References: #1092163 #1172562 #1173103 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for tomcat fixes the following issues: - Fixed the package alternatives for tomcat-servlet-4_0-api to use /usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar - We kept /usr/share/java/tomcat-servlet.jar as a symlink for compatibility reasons (bsc#1092163) - Removed write permissions on several files and directories for the tomcat group (bsc#1172562) - Changed the tomcat.pid location from /var/run to /run (bsc#1173103) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-2469=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): tomcat-9.0.36-4.44.3 tomcat-admin-webapps-9.0.36-4.44.3 tomcat-el-3_0-api-9.0.36-4.44.3 tomcat-jsp-2_3-api-9.0.36-4.44.3 tomcat-lib-9.0.36-4.44.3 tomcat-servlet-4_0-api-9.0.36-4.44.3 tomcat-webapps-9.0.36-4.44.3 References: https://bugzilla.suse.com/1092163 https://bugzilla.suse.com/1172562 https://bugzilla.suse.com/1173103 From sle-updates at lists.suse.com Wed Sep 2 19:14:29 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:14:29 +0200 (CEST) Subject: SUSE-RU-2020:2464-1: moderate: Recommended update for icewm Message-ID: <20200903011429.146DEF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for icewm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2464-1 Rating: moderate References: #1170420 #1173441 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for icewm fixes the following issues: - Fixes an issue where icewm updates could no longer be installed (bsc#1173441, bsc#1170420) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2464=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2464=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): icewm-1.4.2-7.12.1 icewm-debuginfo-1.4.2-7.12.1 icewm-debugsource-1.4.2-7.12.1 icewm-default-1.4.2-7.12.1 icewm-default-debuginfo-1.4.2-7.12.1 icewm-lite-1.4.2-7.12.1 icewm-lite-debuginfo-1.4.2-7.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): icewm-lang-1.4.2-7.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): icewm-1.4.2-7.12.1 icewm-debuginfo-1.4.2-7.12.1 icewm-debugsource-1.4.2-7.12.1 icewm-default-1.4.2-7.12.1 icewm-default-debuginfo-1.4.2-7.12.1 icewm-lite-1.4.2-7.12.1 icewm-lite-debuginfo-1.4.2-7.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): icewm-lang-1.4.2-7.12.1 References: https://bugzilla.suse.com/1170420 https://bugzilla.suse.com/1173441 From sle-updates at lists.suse.com Wed Sep 2 19:15:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:15:21 +0200 (CEST) Subject: SUSE-RU-2020:2463-1: moderate: Recommended update for oracleasm Message-ID: <20200903011521.3CD92F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2463-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2463=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k4.12.14_122.32-9.5.2 oracleasm-kmp-default-debuginfo-2.0.8_k4.12.14_122.32-9.5.2 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Sep 2 19:16:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:16:07 +0200 (CEST) Subject: SUSE-RU-2020:2466-1: moderate: Recommended update for fwupdate Message-ID: <20200903011607.05C2DF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2466-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of fwupdate fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2466=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2466=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2466=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2466=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): fwupdate-9+git21.gcd8f7d7-6.5.1 fwupdate-debuginfo-9+git21.gcd8f7d7-6.5.1 fwupdate-debugsource-9+git21.gcd8f7d7-6.5.1 fwupdate-devel-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.5.1 libfwup1-9+git21.gcd8f7d7-6.5.1 libfwup1-debuginfo-9+git21.gcd8f7d7-6.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): fwupdate-9+git21.gcd8f7d7-6.5.1 fwupdate-debuginfo-9+git21.gcd8f7d7-6.5.1 fwupdate-debugsource-9+git21.gcd8f7d7-6.5.1 fwupdate-devel-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.5.1 libfwup1-9+git21.gcd8f7d7-6.5.1 libfwup1-debuginfo-9+git21.gcd8f7d7-6.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): fwupdate-9+git21.gcd8f7d7-6.5.1 fwupdate-debuginfo-9+git21.gcd8f7d7-6.5.1 fwupdate-debugsource-9+git21.gcd8f7d7-6.5.1 fwupdate-devel-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.5.1 libfwup1-9+git21.gcd8f7d7-6.5.1 libfwup1-debuginfo-9+git21.gcd8f7d7-6.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): fwupdate-9+git21.gcd8f7d7-6.5.1 fwupdate-debuginfo-9+git21.gcd8f7d7-6.5.1 fwupdate-debugsource-9+git21.gcd8f7d7-6.5.1 fwupdate-devel-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-9+git21.gcd8f7d7-6.5.1 fwupdate-efi-debuginfo-9+git21.gcd8f7d7-6.5.1 libfwup1-9+git21.gcd8f7d7-6.5.1 libfwup1-debuginfo-9+git21.gcd8f7d7-6.5.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Sep 2 19:16:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:16:54 +0200 (CEST) Subject: SUSE-RU-2020:2470-1: moderate: Recommended update for lshw Message-ID: <20200903011654.5EA09F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for lshw ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2470-1 Rating: moderate References: #1168865 #1169668 #1172156 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for lshw fixes the following issues: - Fixes the detection of powerpc products (bsc#1172156) - Fixed an issue where lshw crashed on powerpc and aarch64 (bsc#1168865, bsc#1169668) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2470=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le x86_64): lshw-B.02.19.2-3.3.1 lshw-debuginfo-B.02.19.2-3.3.1 lshw-debugsource-B.02.19.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): lshw-lang-B.02.19.2-3.3.1 References: https://bugzilla.suse.com/1168865 https://bugzilla.suse.com/1169668 https://bugzilla.suse.com/1172156 From sle-updates at lists.suse.com Wed Sep 2 19:17:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:17:55 +0200 (CEST) Subject: SUSE-RU-2020:2467-1: moderate: Recommended update for aws-cli, python-boto3, and python-botocore Message-ID: <20200903011755.501FDF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-cli, python-boto3, and python-botocore ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2467-1 Rating: moderate References: #1075263 #1118021 #1118024 #1118027 #1146853 #1175147 #1175148 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for aws-cli, python-boto3, and python-botocore fixes the following issues: - This update mainly focuses on updating the API clients. Please refer to the rpm changelog of each package to receive a detailed list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2467=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2467=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2467=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2467=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2467=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2467=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): aws-cli-1.18.117-8.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): aws-cli-1.18.117-8.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-boto3-1.14.40-7.11.1 python2-botocore-1.17.40-7.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-boto3-1.14.40-7.11.1 python2-botocore-1.17.40-7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-boto3-1.14.40-7.11.1 python3-botocore-1.17.40-7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-boto3-1.14.40-7.11.1 python3-botocore-1.17.40-7.11.1 References: https://bugzilla.suse.com/1075263 https://bugzilla.suse.com/1118021 https://bugzilla.suse.com/1118024 https://bugzilla.suse.com/1118027 https://bugzilla.suse.com/1146853 https://bugzilla.suse.com/1175147 https://bugzilla.suse.com/1175148 From sle-updates at lists.suse.com Wed Sep 2 19:19:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:19:17 +0200 (CEST) Subject: SUSE-RU-2020:14483-1: moderate: Recommended update for oracleasm Message-ID: <20200903011917.15C74F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14483-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of oracleasm fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-oracleasm-14483=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-oracleasm-14483=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): oracleasm-2.0.5-7.44.4.1 oracleasm-kmp-default-2.0.5_3.0.101_108.117-7.44.4.1 oracleasm-kmp-trace-2.0.5_3.0.101_108.117-7.44.4.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): oracleasm-kmp-xen-2.0.5_3.0.101_108.117-7.44.4.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): oracleasm-kmp-bigmem-2.0.5_3.0.101_108.117-7.44.4.1 oracleasm-kmp-ppc64-2.0.5_3.0.101_108.117-7.44.4.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): oracleasm-kmp-pae-2.0.5_3.0.101_108.117-7.44.4.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): oracleasm-debuginfo-2.0.5-7.44.4.1 oracleasm-debugsource-2.0.5-7.44.4.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Sep 2 19:20:05 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:20:05 +0200 (CEST) Subject: SUSE-RU-2020:2465-1: moderate: Recommended update for fwupdate Message-ID: <20200903012005.BA2AAF403@maintenance.suse.de> SUSE Recommended Update: Recommended update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2465-1 Rating: moderate References: #1174543 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of fwupdate fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2465=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2465=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2465=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2465=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2465=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2465=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2465=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2465=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2465=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2465=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2465=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2465=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE OpenStack Cloud 9 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE OpenStack Cloud 8 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - SUSE Enterprise Storage 5 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 - HPE Helion Openstack 8 (x86_64): fwupdate-0.5-10.7.1 fwupdate-debuginfo-0.5-10.7.1 fwupdate-debugsource-0.5-10.7.1 fwupdate-efi-0.5-10.7.1 fwupdate-efi-debuginfo-0.5-10.7.1 libfwup0-0.5-10.7.1 libfwup0-debuginfo-0.5-10.7.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Sep 2 19:20:56 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 03:20:56 +0200 (CEST) Subject: SUSE-RU-2020:2468-1: moderate: Recommended update for aws-cli, python-boto3, and python-botocore Message-ID: <20200903012056.22E06F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-cli, python-boto3, and python-botocore ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2468-1 Rating: moderate References: #1175147 #1175148 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Module for Public Cloud 12 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for aws-cli, python-boto3, and python-botocore fixes the following issues: - This update mainly focuses on updating the API clients. Please refer to the rpm changelog of each package to receive a detailed list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2468=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2468=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-2468=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2468=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): aws-cli-1.18.117-22.20.1 python-botocore-1.17.40-28.26.1 - SUSE OpenStack Cloud 8 (noarch): aws-cli-1.18.117-22.20.1 python-botocore-1.17.40-28.26.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): aws-cli-1.18.117-22.20.1 python-boto3-1.14.40-14.20.1 python-botocore-1.17.40-28.26.1 python3-boto3-1.14.40-14.20.1 python3-botocore-1.17.40-28.26.1 - HPE Helion Openstack 8 (noarch): aws-cli-1.18.117-22.20.1 python-botocore-1.17.40-28.26.1 References: https://bugzilla.suse.com/1175147 https://bugzilla.suse.com/1175148 From sle-updates at lists.suse.com Thu Sep 3 00:45:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 08:45:09 +0200 (CEST) Subject: SUSE-CU-2020:436-1: Security update of suse/sle15 Message-ID: <20200903064509.6BEFBFCEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:436-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.260 Container Release : 4.22.260 Severity : moderate Type : security References : 1175109 CVE-2020-8231 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2446-1 Released: Wed Sep 2 09:33:22 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] From sle-updates at lists.suse.com Thu Sep 3 04:16:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 12:16:03 +0200 (CEST) Subject: SUSE-SU-2020:2471-1: critical: Security update for squid Message-ID: <20200903101603.AD7CBF794@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2471-1 Rating: critical References: #1175664 #1175665 #1175671 Cross-References: CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2471=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2471=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2471=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2471=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2471=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2471=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2471=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2471=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2471=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2471=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2471=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2471=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2471=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2471=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2471=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE OpenStack Cloud 9 (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE OpenStack Cloud 8 (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE OpenStack Cloud 7 (s390x x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 - HPE Helion Openstack 8 (x86_64): squid-3.5.21-26.32.1 squid-debuginfo-3.5.21-26.32.1 squid-debugsource-3.5.21-26.32.1 References: https://www.suse.com/security/cve/CVE-2020-15810.html https://www.suse.com/security/cve/CVE-2020-15811.html https://www.suse.com/security/cve/CVE-2020-24606.html https://bugzilla.suse.com/1175664 https://bugzilla.suse.com/1175665 https://bugzilla.suse.com/1175671 From sle-updates at lists.suse.com Thu Sep 3 07:14:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:14:21 +0200 (CEST) Subject: SUSE-SU-2020:14484-1: moderate: Security update for java-1_7_1-ibm Message-ID: <20200903131421.AFA9EF794@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14484-1 Rating: moderate References: #1174157 #1175259 Cross-References: CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-java-1_7_1-ibm-14484=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-26.58.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-26.58.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-26.58.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-26.58.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-26.58.1 References: https://www.suse.com/security/cve/CVE-2019-17639.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14578.html https://www.suse.com/security/cve/CVE-2020-14579.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 https://bugzilla.suse.com/1175259 From sle-updates at lists.suse.com Thu Sep 3 07:16:10 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:16:10 +0200 (CEST) Subject: SUSE-SU-2020:2474-1: moderate: Security update for libX11 Message-ID: <20200903131610.0F428F794@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2474-1 Rating: moderate References: #1175239 Cross-References: CVE-2020-14363 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2474=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2474=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-3.12.1 libX11-6-debuginfo-1.6.5-3.12.1 libX11-debugsource-1.6.5-3.12.1 libX11-devel-1.6.5-3.12.1 libX11-xcb1-1.6.5-3.12.1 libX11-xcb1-debuginfo-1.6.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libX11-6-32bit-1.6.5-3.12.1 libX11-6-32bit-debuginfo-1.6.5-3.12.1 libX11-xcb1-32bit-1.6.5-3.12.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libX11-data-1.6.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.5-3.12.1 libX11-6-debuginfo-1.6.5-3.12.1 libX11-debugsource-1.6.5-3.12.1 libX11-devel-1.6.5-3.12.1 libX11-xcb1-1.6.5-3.12.1 libX11-xcb1-debuginfo-1.6.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libX11-6-32bit-1.6.5-3.12.1 libX11-6-32bit-debuginfo-1.6.5-3.12.1 libX11-xcb1-32bit-1.6.5-3.12.1 libX11-xcb1-32bit-debuginfo-1.6.5-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libX11-data-1.6.5-3.12.1 References: https://www.suse.com/security/cve/CVE-2020-14363.html https://bugzilla.suse.com/1175239 From sle-updates at lists.suse.com Thu Sep 3 07:16:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:16:58 +0200 (CEST) Subject: SUSE-RU-2020:2472-1: moderate: Recommended update for powerpc-utils Message-ID: <20200903131658.D0FACF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2472-1 Rating: moderate References: #1174666 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issue: - On SUSE the service is called kexec-load.service instead of kexec.service. (bsc#1174666) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2472=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2472=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le): powerpc-utils-1.3.7.1-3.21.1 powerpc-utils-debuginfo-1.3.7.1-3.21.1 powerpc-utils-debugsource-1.3.7.1-3.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le): powerpc-utils-1.3.7.1-3.21.1 powerpc-utils-debuginfo-1.3.7.1-3.21.1 powerpc-utils-debugsource-1.3.7.1-3.21.1 References: https://bugzilla.suse.com/1174666 From sle-updates at lists.suse.com Thu Sep 3 07:17:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:17:48 +0200 (CEST) Subject: SUSE-SU-2020:2475-1: moderate: Security update for libX11 Message-ID: <20200903131748.1C0CBF794@maintenance.suse.de> SUSE Security Update: Security update for libX11 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2475-1 Rating: moderate References: #1175239 Cross-References: CVE-2020-14363 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2475=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2475=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-debugsource-1.6.2-12.15.1 libX11-devel-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libX11-6-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libX11-data-1.6.2-12.15.1 References: https://www.suse.com/security/cve/CVE-2020-14363.html https://bugzilla.suse.com/1175239 From sle-updates at lists.suse.com Thu Sep 3 07:18:44 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:18:44 +0200 (CEST) Subject: SUSE-RU-2020:2473-1: moderate: Recommended update for gdm Message-ID: <20200903131844.43166F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2473-1 Rating: moderate References: #1172813 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issue: - gdm quit plymouth when xdmcp is the only allowed connection. (bsc#1172813) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2473=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2473=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2473=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2473=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2473=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2473=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2473=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2473=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2473=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2473=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2473=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2473=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2473=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2473=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2473=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2473=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2473=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 9 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 9 (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 8 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 8 (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 7 (s390x x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE OpenStack Cloud 7 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 gdm-devel-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 - SUSE Enterprise Storage 5 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - HPE Helion Openstack 8 (noarch): gdm-lang-3.10.0.1-54.14.1 gdmflexiserver-3.10.0.1-54.14.1 - HPE Helion Openstack 8 (x86_64): gdm-3.10.0.1-54.14.1 gdm-debuginfo-3.10.0.1-54.14.1 gdm-debugsource-3.10.0.1-54.14.1 libgdm1-3.10.0.1-54.14.1 libgdm1-debuginfo-3.10.0.1-54.14.1 typelib-1_0-Gdm-1_0-3.10.0.1-54.14.1 References: https://bugzilla.suse.com/1172813 From sle-updates at lists.suse.com Thu Sep 3 07:19:39 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:19:39 +0200 (CEST) Subject: SUSE-SU-2020:2478-1: important: Security update for the Linux Kernel Message-ID: <20200903131939.E9DAEF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2478-1 Rating: important References: #1051510 #1058115 #1065600 #1065729 #1071995 #1082555 #1083647 #1085030 #1089895 #1103990 #1103991 #1103992 #1104745 #1104967 #1109837 #1111666 #1112178 #1112374 #1113956 #1114279 #1124278 #1127354 #1127355 #1127371 #1133021 #1137325 #1141558 #1142685 #1144333 #1145929 #1148868 #1150660 #1151794 #1151927 #1152107 #1152489 #1152624 #1154824 #1157169 #1158265 #1158983 #1159037 #1159058 #1159199 #1160388 #1160947 #1161016 #1162002 #1162063 #1163309 #1163403 #1163897 #1164284 #1164780 #1164871 #1165183 #1165478 #1165741 #1166780 #1166860 #1166861 #1166862 #1166864 #1166866 #1166867 #1166868 #1166870 #1166940 #1166969 #1166978 #1166985 #1167104 #1167288 #1167574 #1167851 #1167867 #1168081 #1168202 #1168332 #1168486 #1168503 #1168670 #1168760 #1168762 #1168763 #1168764 #1168765 #1168789 #1168881 #1168884 #1168952 #1168959 #1169005 #1169013 #1169020 #1169057 #1169194 #1169390 #1169514 #1169525 #1169625 #1169762 #1169771 #1169795 #1170011 #1170056 #1170125 #1170145 #1170284 #1170345 #1170442 #1170457 #1170522 #1170592 #1170617 #1170618 #1170620 #1170621 #1170770 #1170778 #1170791 #1170901 #1171078 #1171098 #1171118 #1171124 #1171189 #1171191 #1171195 #1171202 #1171205 #1171214 #1171217 #1171218 #1171219 #1171220 #1171244 #1171293 #1171417 #1171424 #1171527 #1171529 #1171530 #1171558 #1171599 #1171600 #1171601 #1171602 #1171604 #1171605 #1171606 #1171607 #1171608 #1171609 #1171610 #1171611 #1171612 #1171613 #1171614 #1171615 #1171616 #1171617 #1171618 #1171619 #1171620 #1171621 #1171622 #1171623 #1171624 #1171625 #1171626 #1171662 #1171673 #1171679 #1171691 #1171692 #1171694 #1171695 #1171732 #1171736 #1171739 #1171743 #1171753 #1171759 #1171761 #1171817 #1171835 #1171841 #1171868 #1171904 #1171948 #1171949 #1171951 #1171952 #1171979 #1171982 #1171983 #1172017 #1172096 #1172097 #1172098 #1172099 #1172101 #1172102 #1172103 #1172104 #1172127 #1172130 #1172185 #1172188 #1172199 #1172201 #1172202 #1172218 #1172221 #1172247 #1172249 #1172251 #1172253 #1172257 #1172317 #1172342 #1172343 #1172344 #1172366 #1172378 #1172391 #1172397 #1172453 #1172458 #1172472 #1172484 #1172537 #1172538 #1172687 #1172719 #1172759 #1172770 #1172775 #1172781 #1172782 #1172783 #1172999 #1173060 #1173074 #1173146 #1173265 #1173280 #1173284 #1173428 #1173462 #1173514 #1173567 #1173573 #1173659 #1173746 #1173818 #1173820 #1173825 #1173826 #1173833 #1173838 #1173839 #1173845 #1173857 #1174113 #1174115 #1174122 #1174123 #1174130 #1174186 #1174187 #1174296 Cross-References: CVE-2018-1000199 CVE-2019-16746 CVE-2019-19462 CVE-2019-20806 CVE-2019-20810 CVE-2019-20812 CVE-2019-20908 CVE-2019-9455 CVE-2020-0543 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-11669 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12659 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 39 vulnerabilities and has 234 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or "CrossTalk" (bsc#1154824). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which caused a memory leak, aka CID-9453264ef586 (bnc#1172458). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c, where the length of variable elements in a beacon head was not checked, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add br_netfilter to kernel-default-base (bsc#1169020) - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ahci: Add support for Amazon's Annapurna Labs SATA controller (bsc#1169013). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256 (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add driver blacklist (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda: Always use jackpoll helper for jack update after resume (bsc#1051510). - ALSA: hda: call runtime_allow() for all hda controllers (bsc#1051510). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Honor PM disablement in PM freeze and thaw_noirq ops (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda: Match both PCI ID and SSID for driver blacklist (bsc#1111666). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA (git-fixes). - ALSA: hda/realtek - Add HP new mute led supported for ALC236 (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Notebook (git-fixes). - ALSA: hda/realtek - Add supported new mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295 (git-fixes). - ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295 (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Enable the headset mic on Asus FX505DT (bsc#1051510). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (bsc#1111666). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hda: Release resources at error in delayed probe (bsc#1051510). - ALSA: hda: Remove ASUS ROG Zenith from the blacklist (bsc#1051510). - ALSA: hda: Skip controller resume if not needed (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add connector notifier delegation (bsc#1051510). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: add mapping for ASRock TRX40 Creator (git-fixes). - ALSA: usb-audio: Add mixer workaround for TRX40 and co (bsc#1051510). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: Add quirk for Focusrite Scarlett 2i2 (bsc#1051510). - ALSA: usb-audio: Add static mapping table for ALC1220-VB-based mobos (bsc#1051510). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Apply async workaround for Scarlett 2i4 2nd gen (bsc#1051510). - ALSA: usb-audio: Check mapping at creating connector controls, too (bsc#1051510). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not create jack controls for PCM terminals (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Filter error from connector kctl ops, too (bsc#1051510). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert "bcache: shrink btree node cache after bch_btree_check()" (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - blk-mq: honor IO scheduler for multiqueue devices (bsc#1165478). - blk-mq: simplify blk_mq_make_request() (bsc#1165478). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF (bsc#1104745). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bnxt_en: Return error if bnxt_alloc_ctx_mem() fails (bsc#1104745 ). - bnxt_en: Return error when allocating zero size context memory (bsc#1104745). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - bpf: Fix sk_psock refcnt leak when receiving message (bsc#1083647). - bpf: Forbid XADD on spilled pointers for unprivileged users (bsc#1083647). - brcmfmac: abort and release host after error (bsc#1051510). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - Btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - Btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - Btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - Btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: move the dio_sem higher up the callchain (bsc#1171761). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: relocation: add error injection points for cancelling balance (bsc#1171417). - btrfs: relocation: Check cancel request after each data page read (bsc#1171417). - btrfs: relocation: Check cancel request after each extent found (bsc#1171417). - btrfs: relocation: Clear the DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417). - btrfs: relocation: Fix reloc root leakage and the NULL pointer reference caused by the leakage (bsc#1171417). - btrfs: relocation: Work around dead relocation stage loop (bsc#1171417). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - Btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - Btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - Btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - can: add missing attribute validation for termination (networking-stable-20_03_14). - carl9170: remove P2P_GO support (bsc#1111666). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: check if file lock exists before sending unlock request (bsc#1168789). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: demote quotarealm lookup warning to a debug message (bsc#1171692). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: CIFSpdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - CIFS: ignore cached share root handle closing errors (bsc#1166780). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620, bsc#1170621). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - copy_{to,from}_user(): consolidate object size checks (git fixes). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Change a message to reflect status instead of failure (bsc#1172218). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - cxgb4: fix MPS index overwrite when setting MAC address (bsc#1127355). - cxgb4: fix Txq restart check during backpressure (bsc#1127354 bsc#1127371). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - devlink: fix return value after hitting end in region read (bsc#1109837). - devlink: validate length of param values (bsc#1109837). - devlink: validate length of region addr/len (bsc#1109837). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm-raid1: fix invalid return value from dm_mirror (bsc#1172378). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - Drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172249, bsc#1172251). - Drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618). - Drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - Drivers: w1: add hwmon support structures (jsc#SLE-11048). - Drivers: w1: add hwmon temp support for w1_therm (jsc#SLE-11048). - Drivers: w1: refactor w1_slave_show to make the temp reading functionality separate (jsc#SLE-11048). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) (bsc#1111666). - drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event (bsc#1111666). - drm/amd/powerplay: force the trim of the mclk dpm_levels if OD is (bsc#1113956) - drm/atomic: Take the atomic toys away from X (bsc#1112178) * context changes - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/etnaviv: fix perfmon domain interation (bsc#1113956) - drm/etnaviv: rework perfmon query infrastructure (bsc#1112178) - drm/i915: Apply Wa_1406680159:icl,ehl as an engine workaround (bsc#1112178) * rename gt/intel_workarounds.c to intel_workarounds.c * context changes - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1112178) * rename display/intel_hdmi.c to intel_hdmi.c * context changes - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - drm/sun4i: dsi: Allow binding the host without a panel (bsc#1113956) - drm/sun4i: dsi: Avoid hotplug race with DRM driver bind (bsc#1113956) - drm/sun4i: dsi: Remove incorrect use of runtime PM (bsc#1113956) * context changes - drm/sun4i: dsi: Remove unused drv from driver context (bsc#1113956) * context changes * keep include of sun4i_drv.h - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Add family ops for Family 19h Models 00h-0Fh (jsc#SLE-11833). - EDAC/amd64: Drop some family checks for newer systems (jsc#SLE-11833). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - EDAC/mce_amd: Always load on SMCA systems (jsc#SLE-11833). - EDAC/mce_amd: Make fam_ops static global (jsc#SLE-11833). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - Fix a backport bug, where btrfs_put_root() -> btrfs_put_fs_root() modification is not needed due to missing dependency - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172249, bsc#1172251). - HID: hyperv: Add a module description line (bsc#1172253). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/ipoib: Add child to parent list only if device initialized (bsc#1168503). - IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503). - IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503). - IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503). - IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503). - IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503). - IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503). - IB/ipoib: Move init code to ndo_init (bsc#1168503). - IB/ipoib: Replace printk with pr_warn (bsc#1168503). - IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503). - IB/ipoib: Warn when one port fails to initialize (bsc#1168503). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (bsc#1103991). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172249, bsc#1172251). - Input: hyperv-keyboard - add module description (bsc#1172253). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174130). - ip6_tunnel: Allow rcv/xmit even if remote address is a local address (bsc#1166978). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: fix restrict IPV6_ADDRFORM operation (bsc#1171662). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - ixgbe: do not check firmware errors (bsc#1170284). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi fix for (bsc#1168202). - kabi fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kabi, protect struct ib_device (bsc#1168503). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locks: print unsigned ino in /proc/locks (bsc#1171951). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211: add option for setting control flags (bsc#1111666). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - make some Fujitsu systems run (bsc#1141558). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: si2157: Better check for running tuner in init (bsc#1111666). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mlxsw: spectrum_mr: Fix list iteration in error path (bsc#1112374). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: core: Check request type before completing the request (git-fixes). - mmc: core: Fix recursive locking issue in CQE recovery path (git-fixes). - mmc: cqhci: Avoid false "cqhci: CQE stuck on" by not open-coding timeout loop (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: fix compilation of user API (bsc#1051510). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - mm: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mvpp2: remove misleading comment (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - net/ethernet: add Google GVE driver (jsc#SLE-10538) - net: fec: add phy_reset_after_clk_enable() support (git-fixes). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net: hns3: fix "tc qdisc del" failed issue (bsc#1109837). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net: macsec: update SCI upon MAC address change (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix ethtool self test: link speed (bsc#1171118). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix failing fw tracer allocation on s390 (bsc#1103990 ). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (networking-stable-20_05_27). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (bsc#1109837). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - nfc: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfp: abm: fix a memory leak bug (bsc#1109837). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - nfs: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - nfs: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - nfs: Fix memory leaks and corruption in readdir (git-fixes). - nfs: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - nfs: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - nfs/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - nfs/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - nfs: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: Remove broken queue flushing (git-fixes). - padata: reorder work kABI fixup (git-fixes). - Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()" (git fixes (block drivers)). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201, bsc#1172202). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172201, bsc#1172202). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - PCI: sanity test on PCI vendor to be sure we do not touch everything (bsc#1141558). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix bad use of igrab() (git fixes (dependent patch)). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Add support for Large Increment per Cycle Events (jsc#SLE-11831). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (jsc#SLE-11831). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - RDMA/ipoib: Fix use of sizeof() (bsc#1168503). - RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503). - RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503). - RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503). - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - resolve KABI warning for perf-pt-coresight (git-fixes). - rpm/kernel-docs.spec.in: Require python-packaging for build. - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/cpum_cf: Add new extended counters for IBM z15 (bsc#1169762 LTC#185291). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: do not set affinity for floating irqs (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164780). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164780). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164780). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164780). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164780). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164780). - scsi: lpfc: remove duplicate unloading checks (bsc#1164780). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164780). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164780). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/powerpc: Fix build errors in powerpc ptrace selftests (boo#1124278). - Separate one more kABI fixup from the functional change: - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - snb3: Additional compression structures (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - SUNRPC: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - supported.conf: Add br_netfilter to base (bsc#1169020). - supported.conf: support w1 core and thermometer support - svcrdma: Fix double svc_rdma_send_ctxt_put() in an error path (bsc#1103992). - svcrdma: Fix leak of transport addresses (git-fixes). - svcrdma: Fix trace point use-after-free race (bsc#1103992 ). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tty: rocket, avoid OOB access (git-fixes). - tun: Do not put_page() for all negative return values from XDP program (bsc#1109837). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - ubifs: remove broken lazytime support (bsc#1173826). - Update config files: Build w1 bus on arm64 (jsc#SLE-11048) - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - USB: cdc-acm: restore capability check order (git-fixes). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - USB: core: Fix misleading driver bug report (bsc#1051510). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usbnet: silence an unnecessary warning (bsc#1170770). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - w1: Add subsystem kernel public interface (jsc#SLE-11048). - w1: Fix slave count on 1-Wire bus (resend) (jsc#SLE-11048). - w1: keep balance of mutex locks and refcnts (jsc#SLE-11048). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - w1: use put_device() if device_register() fail (jsc#SLE-11048). - watchdog: reset last_hw_keepalive time at start (git-fixes). - watchdog: sp805: fix restart handler (bsc#1111666). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/amd_nb: Add Family 19h PCI IDs (jsc#SLE-11834). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170617, bsc#1170618). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618). - x86/Hyper-V: report value of misc_features (git fixes). - x86/Hyper-V: report value of misc_features (git-fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170617, bsc#1170618). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170617, bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618). - x86/Hyperv-V: Allow guests to enable InvariantTSC (bsc#1170621, bsc#1170620). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/MCE/AMD: Add a KABI workaround for enum smca_bank_types (jsc#SLE-11833). - x86/MCE/AMD, EDAC/mce_amd: Add new Load Store unit McaType (jsc#SLE-11833). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE (bsc#1169005). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes). - xfs: clear PF_MEMALLOC before exiting xfsaild thread (git-fixes). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2020-2478=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.13.1 kernel-source-rt-4.12.14-10.13.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.13.1 dlm-kmp-rt-4.12.14-10.13.1 gfs2-kmp-rt-4.12.14-10.13.1 kernel-rt-4.12.14-10.13.1 kernel-rt-base-4.12.14-10.13.1 kernel-rt-devel-4.12.14-10.13.1 kernel-rt_debug-4.12.14-10.13.1 kernel-rt_debug-devel-4.12.14-10.13.1 kernel-syms-rt-4.12.14-10.13.1 ocfs2-kmp-rt-4.12.14-10.13.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19462.html https://www.suse.com/security/cve/CVE-2019-20806.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20812.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2019-9455.html https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-10690.html https://www.suse.com/security/cve/CVE-2020-10711.html https://www.suse.com/security/cve/CVE-2020-10720.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10751.html https://www.suse.com/security/cve/CVE-2020-10757.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-11669.html https://www.suse.com/security/cve/CVE-2020-12114.html https://www.suse.com/security/cve/CVE-2020-12464.html https://www.suse.com/security/cve/CVE-2020-12652.html https://www.suse.com/security/cve/CVE-2020-12653.html https://www.suse.com/security/cve/CVE-2020-12654.html https://www.suse.com/security/cve/CVE-2020-12655.html https://www.suse.com/security/cve/CVE-2020-12656.html https://www.suse.com/security/cve/CVE-2020-12657.html https://www.suse.com/security/cve/CVE-2020-12659.html https://www.suse.com/security/cve/CVE-2020-12769.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13143.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1089895 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1104967 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1124278 https://bugzilla.suse.com/1127354 https://bugzilla.suse.com/1127355 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1137325 https://bugzilla.suse.com/1141558 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1145929 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1151794 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152107 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1154824 https://bugzilla.suse.com/1157169 https://bugzilla.suse.com/1158265 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159037 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1159199 https://bugzilla.suse.com/1160388 https://bugzilla.suse.com/1160947 https://bugzilla.suse.com/1161016 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1163309 https://bugzilla.suse.com/1163403 https://bugzilla.suse.com/1163897 https://bugzilla.suse.com/1164284 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1164871 https://bugzilla.suse.com/1165183 https://bugzilla.suse.com/1165478 https://bugzilla.suse.com/1165741 https://bugzilla.suse.com/1166780 https://bugzilla.suse.com/1166860 https://bugzilla.suse.com/1166861 https://bugzilla.suse.com/1166862 https://bugzilla.suse.com/1166864 https://bugzilla.suse.com/1166866 https://bugzilla.suse.com/1166867 https://bugzilla.suse.com/1166868 https://bugzilla.suse.com/1166870 https://bugzilla.suse.com/1166940 https://bugzilla.suse.com/1166969 https://bugzilla.suse.com/1166978 https://bugzilla.suse.com/1166985 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1167288 https://bugzilla.suse.com/1167574 https://bugzilla.suse.com/1167851 https://bugzilla.suse.com/1167867 https://bugzilla.suse.com/1168081 https://bugzilla.suse.com/1168202 https://bugzilla.suse.com/1168332 https://bugzilla.suse.com/1168486 https://bugzilla.suse.com/1168503 https://bugzilla.suse.com/1168670 https://bugzilla.suse.com/1168760 https://bugzilla.suse.com/1168762 https://bugzilla.suse.com/1168763 https://bugzilla.suse.com/1168764 https://bugzilla.suse.com/1168765 https://bugzilla.suse.com/1168789 https://bugzilla.suse.com/1168881 https://bugzilla.suse.com/1168884 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169005 https://bugzilla.suse.com/1169013 https://bugzilla.suse.com/1169020 https://bugzilla.suse.com/1169057 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169390 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169525 https://bugzilla.suse.com/1169625 https://bugzilla.suse.com/1169762 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170056 https://bugzilla.suse.com/1170125 https://bugzilla.suse.com/1170145 https://bugzilla.suse.com/1170284 https://bugzilla.suse.com/1170345 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170457 https://bugzilla.suse.com/1170522 https://bugzilla.suse.com/1170592 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1170620 https://bugzilla.suse.com/1170621 https://bugzilla.suse.com/1170770 https://bugzilla.suse.com/1170778 https://bugzilla.suse.com/1170791 https://bugzilla.suse.com/1170901 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1171098 https://bugzilla.suse.com/1171118 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171189 https://bugzilla.suse.com/1171191 https://bugzilla.suse.com/1171195 https://bugzilla.suse.com/1171202 https://bugzilla.suse.com/1171205 https://bugzilla.suse.com/1171214 https://bugzilla.suse.com/1171217 https://bugzilla.suse.com/1171218 https://bugzilla.suse.com/1171219 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1171244 https://bugzilla.suse.com/1171293 https://bugzilla.suse.com/1171417 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171527 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171599 https://bugzilla.suse.com/1171600 https://bugzilla.suse.com/1171601 https://bugzilla.suse.com/1171602 https://bugzilla.suse.com/1171604 https://bugzilla.suse.com/1171605 https://bugzilla.suse.com/1171606 https://bugzilla.suse.com/1171607 https://bugzilla.suse.com/1171608 https://bugzilla.suse.com/1171609 https://bugzilla.suse.com/1171610 https://bugzilla.suse.com/1171611 https://bugzilla.suse.com/1171612 https://bugzilla.suse.com/1171613 https://bugzilla.suse.com/1171614 https://bugzilla.suse.com/1171615 https://bugzilla.suse.com/1171616 https://bugzilla.suse.com/1171617 https://bugzilla.suse.com/1171618 https://bugzilla.suse.com/1171619 https://bugzilla.suse.com/1171620 https://bugzilla.suse.com/1171621 https://bugzilla.suse.com/1171622 https://bugzilla.suse.com/1171623 https://bugzilla.suse.com/1171624 https://bugzilla.suse.com/1171625 https://bugzilla.suse.com/1171626 https://bugzilla.suse.com/1171662 https://bugzilla.suse.com/1171673 https://bugzilla.suse.com/1171679 https://bugzilla.suse.com/1171691 https://bugzilla.suse.com/1171692 https://bugzilla.suse.com/1171694 https://bugzilla.suse.com/1171695 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171736 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171753 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171761 https://bugzilla.suse.com/1171817 https://bugzilla.suse.com/1171835 https://bugzilla.suse.com/1171841 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1171948 https://bugzilla.suse.com/1171949 https://bugzilla.suse.com/1171951 https://bugzilla.suse.com/1171952 https://bugzilla.suse.com/1171979 https://bugzilla.suse.com/1171982 https://bugzilla.suse.com/1171983 https://bugzilla.suse.com/1172017 https://bugzilla.suse.com/1172096 https://bugzilla.suse.com/1172097 https://bugzilla.suse.com/1172098 https://bugzilla.suse.com/1172099 https://bugzilla.suse.com/1172101 https://bugzilla.suse.com/1172102 https://bugzilla.suse.com/1172103 https://bugzilla.suse.com/1172104 https://bugzilla.suse.com/1172127 https://bugzilla.suse.com/1172130 https://bugzilla.suse.com/1172185 https://bugzilla.suse.com/1172188 https://bugzilla.suse.com/1172199 https://bugzilla.suse.com/1172201 https://bugzilla.suse.com/1172202 https://bugzilla.suse.com/1172218 https://bugzilla.suse.com/1172221 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172249 https://bugzilla.suse.com/1172251 https://bugzilla.suse.com/1172253 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172317 https://bugzilla.suse.com/1172342 https://bugzilla.suse.com/1172343 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172366 https://bugzilla.suse.com/1172378 https://bugzilla.suse.com/1172391 https://bugzilla.suse.com/1172397 https://bugzilla.suse.com/1172453 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172472 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172537 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172770 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173146 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173462 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173857 https://bugzilla.suse.com/1174113 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174122 https://bugzilla.suse.com/1174123 https://bugzilla.suse.com/1174130 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174187 https://bugzilla.suse.com/1174296 From sle-updates at lists.suse.com Thu Sep 3 07:49:21 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 15:49:21 +0200 (CEST) Subject: SUSE-SU-2020:2477-1: moderate: Security update for php5 Message-ID: <20200903134921.00DA0F3D7@maintenance.suse.de> SUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2477-1 Rating: moderate References: #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php5 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2020-2477=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php5-5.5.14-109.79.1 apache2-mod_php5-debuginfo-5.5.14-109.79.1 php5-5.5.14-109.79.1 php5-bcmath-5.5.14-109.79.1 php5-bcmath-debuginfo-5.5.14-109.79.1 php5-bz2-5.5.14-109.79.1 php5-bz2-debuginfo-5.5.14-109.79.1 php5-calendar-5.5.14-109.79.1 php5-calendar-debuginfo-5.5.14-109.79.1 php5-ctype-5.5.14-109.79.1 php5-ctype-debuginfo-5.5.14-109.79.1 php5-curl-5.5.14-109.79.1 php5-curl-debuginfo-5.5.14-109.79.1 php5-dba-5.5.14-109.79.1 php5-dba-debuginfo-5.5.14-109.79.1 php5-debuginfo-5.5.14-109.79.1 php5-debugsource-5.5.14-109.79.1 php5-dom-5.5.14-109.79.1 php5-dom-debuginfo-5.5.14-109.79.1 php5-enchant-5.5.14-109.79.1 php5-enchant-debuginfo-5.5.14-109.79.1 php5-exif-5.5.14-109.79.1 php5-exif-debuginfo-5.5.14-109.79.1 php5-fastcgi-5.5.14-109.79.1 php5-fastcgi-debuginfo-5.5.14-109.79.1 php5-fileinfo-5.5.14-109.79.1 php5-fileinfo-debuginfo-5.5.14-109.79.1 php5-fpm-5.5.14-109.79.1 php5-fpm-debuginfo-5.5.14-109.79.1 php5-ftp-5.5.14-109.79.1 php5-ftp-debuginfo-5.5.14-109.79.1 php5-gd-5.5.14-109.79.1 php5-gd-debuginfo-5.5.14-109.79.1 php5-gettext-5.5.14-109.79.1 php5-gettext-debuginfo-5.5.14-109.79.1 php5-gmp-5.5.14-109.79.1 php5-gmp-debuginfo-5.5.14-109.79.1 php5-iconv-5.5.14-109.79.1 php5-iconv-debuginfo-5.5.14-109.79.1 php5-imap-5.5.14-109.79.1 php5-imap-debuginfo-5.5.14-109.79.1 php5-intl-5.5.14-109.79.1 php5-intl-debuginfo-5.5.14-109.79.1 php5-json-5.5.14-109.79.1 php5-json-debuginfo-5.5.14-109.79.1 php5-ldap-5.5.14-109.79.1 php5-ldap-debuginfo-5.5.14-109.79.1 php5-mbstring-5.5.14-109.79.1 php5-mbstring-debuginfo-5.5.14-109.79.1 php5-mcrypt-5.5.14-109.79.1 php5-mcrypt-debuginfo-5.5.14-109.79.1 php5-mysql-5.5.14-109.79.1 php5-mysql-debuginfo-5.5.14-109.79.1 php5-odbc-5.5.14-109.79.1 php5-odbc-debuginfo-5.5.14-109.79.1 php5-opcache-5.5.14-109.79.1 php5-opcache-debuginfo-5.5.14-109.79.1 php5-openssl-5.5.14-109.79.1 php5-openssl-debuginfo-5.5.14-109.79.1 php5-pcntl-5.5.14-109.79.1 php5-pcntl-debuginfo-5.5.14-109.79.1 php5-pdo-5.5.14-109.79.1 php5-pdo-debuginfo-5.5.14-109.79.1 php5-pgsql-5.5.14-109.79.1 php5-pgsql-debuginfo-5.5.14-109.79.1 php5-phar-5.5.14-109.79.1 php5-phar-debuginfo-5.5.14-109.79.1 php5-posix-5.5.14-109.79.1 php5-posix-debuginfo-5.5.14-109.79.1 php5-pspell-5.5.14-109.79.1 php5-pspell-debuginfo-5.5.14-109.79.1 php5-shmop-5.5.14-109.79.1 php5-shmop-debuginfo-5.5.14-109.79.1 php5-snmp-5.5.14-109.79.1 php5-snmp-debuginfo-5.5.14-109.79.1 php5-soap-5.5.14-109.79.1 php5-soap-debuginfo-5.5.14-109.79.1 php5-sockets-5.5.14-109.79.1 php5-sockets-debuginfo-5.5.14-109.79.1 php5-sqlite-5.5.14-109.79.1 php5-sqlite-debuginfo-5.5.14-109.79.1 php5-suhosin-5.5.14-109.79.1 php5-suhosin-debuginfo-5.5.14-109.79.1 php5-sysvmsg-5.5.14-109.79.1 php5-sysvmsg-debuginfo-5.5.14-109.79.1 php5-sysvsem-5.5.14-109.79.1 php5-sysvsem-debuginfo-5.5.14-109.79.1 php5-sysvshm-5.5.14-109.79.1 php5-sysvshm-debuginfo-5.5.14-109.79.1 php5-tokenizer-5.5.14-109.79.1 php5-tokenizer-debuginfo-5.5.14-109.79.1 php5-wddx-5.5.14-109.79.1 php5-wddx-debuginfo-5.5.14-109.79.1 php5-xmlreader-5.5.14-109.79.1 php5-xmlreader-debuginfo-5.5.14-109.79.1 php5-xmlrpc-5.5.14-109.79.1 php5-xmlrpc-debuginfo-5.5.14-109.79.1 php5-xmlwriter-5.5.14-109.79.1 php5-xmlwriter-debuginfo-5.5.14-109.79.1 php5-xsl-5.5.14-109.79.1 php5-xsl-debuginfo-5.5.14-109.79.1 php5-zip-5.5.14-109.79.1 php5-zip-debuginfo-5.5.14-109.79.1 php5-zlib-5.5.14-109.79.1 php5-zlib-debuginfo-5.5.14-109.79.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php5-pear-5.5.14-109.79.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1175223 From sle-updates at lists.suse.com Thu Sep 3 10:13:42 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 18:13:42 +0200 (CEST) Subject: SUSE-RU-2020:2479-1: moderate: Recommended update for crmsh Message-ID: <20200903161342.A0FA4F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2479-1 Rating: moderate References: #1175057 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - Fixes an issue by 'ssh_merge' function for compatibility. (bsc#1175057) - Adjust sbd config process to fix bug on sbd stage. (bsc#1175057) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2479=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.2.0+git.1598257562.570eb99d-5.12.1 crmsh-scripts-4.2.0+git.1598257562.570eb99d-5.12.1 References: https://bugzilla.suse.com/1175057 From sle-updates at lists.suse.com Thu Sep 3 10:14:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 18:14:31 +0200 (CEST) Subject: SUSE-RU-2020:2480-1: moderate: Recommended update for python-kiwi Message-ID: <20200903161431.0AC26F403@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2480-1 Rating: moderate References: #1174009 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issues: - Fix string formatting to match flake8 criteria - Skip filesystem check for XFS as it is not strictly necessary before resizing, and in some cases it may even prevent resizing by giving an error. (bsc#1174009) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2480=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kiwi-pxeboot-9.17.18-3.22.1 References: https://bugzilla.suse.com/1174009 From sle-updates at lists.suse.com Thu Sep 3 13:13:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 21:13:46 +0200 (CEST) Subject: SUSE-RU-2020:14485-1: moderate: Recommended update for openssl-certs Message-ID: <20200903191346.76C11F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-certs ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:14485-1 Rating: moderate References: #1174673 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-certs fixes the following issues: - update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: - LuxTrust Global Root 2 - Staat der Nederlanden Root CA - G2 - Symantec Class 1 Public Primary Certification Authority - G4 - Symantec Class 2 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: - certSIGN Root CA G2 - e-Szigno Root CA 2017 - Microsoft ECC Root Certificate Authority 2017 - Microsoft RSA Root Certificate Authority 2017 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssl-certs-14485=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openssl-certs-14485=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): openssl-certs-2.42-0.7.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): openssl-certs-2.42-0.7.18.1 References: https://bugzilla.suse.com/1174673 From sle-updates at lists.suse.com Thu Sep 3 13:14:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 21:14:38 +0200 (CEST) Subject: SUSE-SU-2020:2482-1: moderate: Security update for java-1_7_1-ibm Message-ID: <20200903191438.DE323F794@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2482-1 Rating: moderate References: #1174157 #1175259 Cross-References: CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2482=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2482=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2482=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2482=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2482=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2482=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2482=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2482=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2482=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2482=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2482=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2482=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2482=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2482=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2482=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2482=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2482=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - SUSE Enterprise Storage 5 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 - HPE Helion Openstack 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 References: https://www.suse.com/security/cve/CVE-2019-17639.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14578.html https://www.suse.com/security/cve/CVE-2020-14579.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 https://bugzilla.suse.com/1175259 From sle-updates at lists.suse.com Thu Sep 3 13:15:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 21:15:38 +0200 (CEST) Subject: SUSE-SU-2020:2485-1: important: Security update for the Linux Kernel Message-ID: <20200903191538.0FA9EF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2485-1 Rating: important References: #1065600 #1065729 #1071995 #1085030 #1120163 #1133021 #1149032 #1152472 #1152489 #1154353 #1154492 #1155518 #1156395 #1159058 #1160634 #1167773 #1169790 #1171634 #1171688 #1172108 #1172197 #1172247 #1172418 #1172871 #1172963 #1173468 #1173485 #1173798 #1173813 #1173954 #1174002 #1174003 #1174026 #1174387 #1174484 #1174625 #1174645 #1174689 #1174699 #1174737 #1174757 #1174762 #1174770 #1174771 #1174777 #1174805 #1174824 #1174825 #1174852 #1174865 #1174880 #1174897 #1174906 #1174969 #1175009 #1175010 #1175011 #1175012 #1175013 #1175014 #1175015 #1175016 #1175017 #1175018 #1175019 #1175020 #1175021 #1175052 #1175112 #1175116 #1175128 #1175149 #1175175 #1175176 #1175180 #1175181 #1175182 #1175183 #1175184 #1175185 #1175186 #1175187 #1175188 #1175189 #1175190 #1175191 #1175192 #1175195 #1175199 #1175213 #1175232 #1175263 #1175284 #1175296 #1175344 #1175345 #1175346 #1175347 #1175367 #1175377 #1175440 #1175493 #1175546 #1175550 #1175654 #1175691 #1175768 #1175769 #1175770 #1175771 #1175772 #1175774 #1175775 #1175834 #1175873 Cross-References: CVE-2020-14314 CVE-2020-14356 CVE-2020-16166 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 112 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in ext4 (bsc#1173798). - CVE-2020-14356: Fixed a NULL pointer dereference in the cgroupv2 subsystem (bsc#1175213). - CVE-2020-16166: Fixed an information leak in the network RNG (bnc#1174757). The following non-security bugs were fixed: - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: atmel: Remove invalid "fall through" comments (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (git-fixes). - ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes). - ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes). - ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes). - ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes). - ALSA: echoaudio: Race conditions around "opencount" (git-fixes). - ALSA: echoaudio: Remove redundant check (git-fixes). - ALSA: echoaudio: re-enable IRQs on failure path (git-fixes). - ALSA: firewire: fix kernel-doc (git-fixes). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes). - ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes). - ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes). - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes). - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes). - ALSA: hda/realtek - Fix unused variable warning (git-fixes). - ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes). - ALSA: hda/tegra: Disable sync-write operation (git-fixes). - ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes). - ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: hda: avoid reset of sdo_limit (git-fixes). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes). - ALSA: isa/gus: remove 'set but not used' warning (git-fixes). - ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes). - ALSA: isa: fix spelling mistakes in the comments (git-fixes). - ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes). - ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes). - ALSA: pci/asihpi: fix kernel-doc (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes). - ALSA: pci/au88x0: remove "defined but not used" warnings (git-fixes). - ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes). - ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes). - ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes). - ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes). - ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes). - ALSA: pci/es1938: remove 'set but not used' warning (git-fixes). - ALSA: pci/fm801: fix kernel-doc (git-fixes). - ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes). - ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes). - ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes). - ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes). - ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes). - ALSA: seq: oss: Serialize ioctls (git-fixes). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes). - ALSA: usb-audio: Fix some typos (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes). - ALSA: usb-audio: add startech usb audio dock name (git-fixes). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (git-fixes). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb/line6: remove 'defined but not used' warning (git-fixes). - ALSA: vx_core: remove warning for empty loop body (git-fixes). - ALSA: xen: Remove superfluous fall through comments (git-fixes). - ALSA: xen: remove 'set but not used' warning (git-fixes). - ARM: percpu.h: fix build error (git-fixes). - ARM: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906). - ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes). - ASoC: SOF: nocodec: add missing .owner field (git-fixes). - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes). - ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes). - ASoC: meson: axg-tdmin: fix g12a skew (git-fixes). - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes). - ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes). - ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes). - ASoC: q6routing: add dummy register read/write function (git-fixes). - ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes). - Bluetooth: btusb: fix up firmware download sequence (git-fixes). - Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes). - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes). - Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes). - HID: alps: support devices with report id 2 (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes). - HID: input: Fix devices that return multiple bytes in battery report (git-fixes). - HID: steam: fixes race in handling device list (git-fixes). - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770). - Input: elan_i2c - only increment wakeup count on touch (git-fixes). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: Play nice with read-only memslots when querying host page size (bsc#1133021). - KVM: Reinstall old memslots if arch preparation fails (bsc#1133021). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190). - KVM: arm64: Correct PSTATE on exception entry (bsc#1133021). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021). - KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021). - KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021). - KVM: x86: Fix APIC page invalidation race (bsc#1133021). - Mark the SLE15-SP2 kernel properly released. There perhaps was a typo, when SUSE_KERNEL_RELEASED missed the trailing "D" - this leads to our kernels being marked as "Unreleased kernel". SUSE_KERNEL_RELEASED is defined in rpm/kernel-binary.spec.in. To fix that, it should be enough to switch from SUSE_KERNEL_RELEASE to SUSE_KERNEL_RELEASED. - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix runtime PM imbalance on error (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes). - RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix typo in enum name (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (git-fixes). - Revert "drm/amd/display: Expose connector VRR range via debugfs" (bsc#1152489) * refreshed for context changes - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (git-fixes). - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - appletalk: Fix atalk_proc_init() return path (git-fixes). - arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185). - arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906). - arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180). - arm64: cacheflush: Fix KGDB trap detection (bsc#1175188). - arm64: csum: Fix handling of bad packets (bsc#1175192). - arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016). - arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347). - arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346). - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345). - arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013). - arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012). - arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes). - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015). - arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards (none bsc#1175014). - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021). - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020). - arm64: dts: uDPU: fix broken ethernet (bsc#1175344). - arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011). - arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184). - arm64: hugetlb: avoid potential NULL dereference (bsc#1175183). - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186). - arm64: kexec_file: print appropriate variable (bsc#1175187). - arm64: kgdb: Fix single-step exception handling oops (bsc#1175191). - arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010). - arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009). - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017). - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018). - arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182). - arm64: vdso: do not free unallocated pages (bsc#1175181). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes). - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bdc: Fix bug causing crash after multiple disconnects (git-fixes). - bfq: fix blkio cgroup leakage v4 (bsc#1175775). - block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518). - bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518). - bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518). - bpfilter: Initialize pos variable (bsc#1155518). - bpfilter: fix up a sparse annotation (bsc#1155518). - bpfilter: reject kernel addresses (bsc#1155518). - bpfilter: switch to kernel_write (bsc#1155518). - brcmfmac: Set timeout value when configuring power save (bsc#1173468). - brcmfmac: To fix Bss Info flag definition Bug (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes). - btmrvl: Fix firmware filename for sd8977 chipset (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (git-fixes). - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263). - btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149). - btrfs: Remove leftover of in-band dedupe (bsc#1175149). - btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377). - btrfs: add helper to get the end offset of a file extent item (bsc#1175546). - btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: delete the ordered isize update code (bsc#1175377). - btrfs: do not set path->leave_spinning for truncate (bsc#1175377). - btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix lost i_size update after cloning inline extent (bsc#1175377). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix race between shrinking truncate and fiemap (bsc#1175377). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: introduce per-inode file extent tree (bsc#1175377). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: make full fsyncs always operate on the entire file again (bsc#1175546). - btrfs: make ranged full fsyncs more efficient (bsc#1175546). - btrfs: move extent_io_tree defs to their own header (bsc#1175377). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377). - btrfs: remove useless check for copy_items() return value (bsc#1175546). - btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377). - btrfs: separate out the extent io init function (bsc#1175377). - btrfs: separate out the extent leak code (bsc#1175377). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263). - btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377). - btrfs: use the file extent tree infrastructure (bsc#1175377). - cfg80211: check vendor command doit pointer before use (git-fixes). - clk: actions: Fix h_clk for Actions S500 SoC (git-fixes). - clk: at91: clk-generated: check best_rate against ranges (git-fixes). - clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes). - clk: at91: sam9x60-pll: check fcore against ranges (git-fixes). - clk: at91: sam9x60-pll: use logical or for range check (git-fixes). - clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes). - clk: at91: sckc: register slow_rc with accuracy option (git-fixes). - clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865). - clk: bcm63xx-gate: fix last clock availability (git-fixes). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes). - clk: iproc: round clock rate to the closest (git-fixes). - clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes). - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes). - clk: rockchip: Revert "fix wrong mmc sample phase shift for rk3328" (git-fixes). - clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes). - crc-t10dif: Fix potential crypto notify dead-lock (git-fixes). - crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes). - crypto: aesni - add compatibility with IAS (git-fixes). - crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: ccree - fix resource leak on error path (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (git-fixes). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes). - dmaengine: ioat setting ioat timeout as module parameter (git-fixes). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes). - docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.) - drbd: Remove uninitialized_var() usage (git-fixes). - driver core: Avoid binding drivers to dead devices (git-fixes). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes). - drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes). - drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes). - drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0 - drm/amdgpu/gfx10: fix race condition for kiq (git-fixes). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes). - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes). - drm/amdgpu: fix preemption unit test (git-fixes). - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes). - drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c - drm/debugfs: fix plain echo to connector "force" attribute (git-fixes). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes). - drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes). - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes). - drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737). - drm/i915/gt: Move new timelines to the end of active_list (git-fixes). - drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes). - drm/i915: Actually emit the await_start (bsc#1174737). - drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737). - drm/i915: Do not poison i915_request.link on removal (bsc#1174737). - drm/i915: Drop no-semaphore boosting (bsc#1174737). - drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737). - drm/i915: Flush execution tasklets before checking request status (bsc#1174737). - drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737). - drm/i915: Ignore submit-fences on the same timeline (bsc#1174737). - drm/i915: Improve the start alignment of bonded pairs (bsc#1174737). - drm/i915: Keep track of request among the scheduling lists (bsc#1174737). - drm/i915: Lock signaler timeline while navigating (bsc#1174737). - drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737). - drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737). - drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737). - drm/i915: Peel dma-fence-chains for await (bsc#1174737). - drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737). - drm/i915: Protect i915_request_await_start from early waits (bsc#1174737). - drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737). - drm/i915: Rely on direct submission to the queue (bsc#1174737). - drm/i915: Remove wait priority boosting (bsc#1174737). - drm/i915: Reorder await_execution before await_request (bsc#1174737). - drm/i915: Return early for await_start on same timeline (bsc#1174737). - drm/i915: Use EAGAIN for trylock failures (bsc#1174737). - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (git-fixes). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes). - drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (git-fixes). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes). - drm/radeon: disable AGP by default (git-fixes). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/stm: repair runtime power management (git-fixes). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes - drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes). - drm: hold gem reference until object is no longer accessed (git-fixes). - drm: msm: a6xx: fix gpu failure after system resume (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes). - enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28). - ext2: fix missing percpu_counter_inc (bsc#1175774). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not BUG on inconsistent journal feature (bsc#1171634). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins (git-fixes). - firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: Fix a reference count leak (git-fixes). - firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes). - firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes). - firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906). - firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906). - firmware: smccc: Add function to fetch SMCCC version (bsc#1174906). - firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906). - firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906). - firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906). - firmware: smccc: Update link to latest SMCCC specification (bsc#1174906). - firmware_loader: fix memory leak for paged buffer (bsc#1175367). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176). - fuse: fix weird page warning (bsc#1175175). - genetlink: remove genl_bind (networking-stable-20_07_17). - genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090). - genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090). - genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090). - gfs2: Another gfs2_find_jhead fix (bsc#1174824). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825). - go7007: add sanity checking for endpoints (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: arizona: put pm_runtime in case of failure (git-fixes). - gpio: max77620: Fix missing release of interrupt (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes). - hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes). - i2c: also convert placeholder function to return errno (git-fixes). - i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411). - i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411). - i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - i2c: iproc: fix race between client unreg and isr (git-fixes). - i2c: rcar: avoid race when unregistering slave (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes). - i2c: slave: add sanity check when unregistering (git-fixes). - i2c: slave: improve sanity check when registering (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ice: Clear and free XLT entries on reset (jsc#SLE-7926). - ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926). - ide: Remove uninitialized_var() usage (git-fixes). - igc: Fix PTP initialization (bsc#1160634). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ionic: unlock queue mutex in error path (bsc#1167773). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17). - ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1175195). - iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI workaround for enum cpuhp_state (git-fixes). - kABI workaround for struct kvm_device (git-fixes). Just change an variable to "const" type in kvm_device. - kABI workaround for struct kvm_vcpu_arch (git-fixes). Add a struct variable to the end of kvm_vcpu_arch and kvm_vcpu_arch is embedded into kvm_vcpu at the end. It is usually used by pointer and allocated dynamically, so this change should be fine even for external kvm module. - kABI/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - kABI/severities: ignore qla2xxx as all symbols are internal - kABI: genetlink: remove genl_bind (kabi). - kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645). - kernel.h: remove duplicate include of asm/div64.h (git-fixes). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: gpio: Fix semantic error (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: lm36274: fix use-after-free on unbind (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - locktorture: Print ratio of acquisitions, not failures (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix misplaced while instead of if (git-fixes). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: camss: fix memory leaks on error handling paths in probe (git-fixes). - media: cxusb-analog: fix V4L2 dependency (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes). - media: media-request: Fix crash if memory allocation fails (git-fixes). - media: nuvoton-cir: remove setting tx carrier functions (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes). - media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes). - media: sur40: Remove uninitialized_var() usage (git-fixes). - media: vpss: clean up resources in init (git-fixes). - media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mm: Fix protection usage propagation (bsc#1174002). - mm: filemap: clear idle flag for writes (bsc#1175769). - mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes). - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes). - mtd: rawnand: qcom: avoid write to unavailable register (git-fixes). - mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28). - mwifiex: Fix firmware filename for sd8977 chipset (git-fixes). - mwifiex: Fix firmware filename for sd8997 chipset (git-fixes). - mwifiex: Prevent memory corruption handling keys (git-fixes). - ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518). - net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518). - net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518). - net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17). - net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: Make missed_tx stat incremental (git-fixes). - net: ena: Make some functions static (bsc#1174852). - net: ena: Prevent reset after device destruction (git-fixes). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid memory access violation by validating req_id properly (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: fix continuous keep-alive resets (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: lan78xx: replace bogus endpoint lookup (git-fixes). - net: mvneta: fix use of state->speed (networking-stable-20_07_17). - net: phy: Check harder for errors in get_phy_id() (git-fixes). - net: phy: fix memory leak in device-create error path (git-fixes). - net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme-multipath: set bdi capabilities once (bsc#1159058). - nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058). - nvme-rdma: Add warning on state change failure at (bsc#1159058). - nvme-tcp: Add warning on state change failure at (bsc#1159058). - nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058). - nvme: Fix controller creation races with teardown flow (bsc#1159058). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058). - nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058). - nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058). - nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes). - nvme: always search for namespace head (bsc#1159058). - nvme: avoid an Identify Controller command for each namespace (bsc#1159058). - nvme: check namespace head shared property (bsc#1159058). - nvme: clean up nvme_scan_work (bsc#1159058). - nvme: cleanup namespace identifier reporting in (bsc#1159058). - nvme: consolidate chunk_sectors settings (bsc#1159058). - nvme: consolodate io settings (bsc#1159058). - nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058). - nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058). - nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058). - nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058). - nvme: fix identify error status silent ignore (git-fixes, bsc#1159058). - nvme: fix possible hang when ns scanning fails during error (bsc#1159058). - nvme: kABI fixes for nvme_ctrl (bsc#1159058). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058). - nvme: provide num dword helper (bsc#1159058). - nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058). - nvme: refine the Qemu Identify CNS quirk (bsc#1159058). - nvme: release ida resources (bsc#1159058). - nvme: release namespace head reference on error (bsc#1159058). - nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058). - nvme: remove unused parameter (bsc#1159058). - nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058). - nvme: revalidate after verifying identifiers (bsc#1159058). - nvme: revalidate namespace stream parameters (bsc#1159058). - nvme: unlink head after removing last namespace (bsc#1159058). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (git-fixes). - openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28). - phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes). - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes). - phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes). - platform/x86: ISST: Add new PCI device ids (git-fixes). - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395). - powerpc/iommu: Allow bypass-only for DMA (bsc#1156395). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - r8169: fix jumbo configuration for RTL8168evl (bsc#1175296). - r8169: fix jumbo packet handling on resume from suspend (bsc#1175296). - r8169: fix resume on cable plug-in (bsc#1175296). - r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296). - r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296). - r8169: read common register for PCI commit (bsc#1175296). - random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes). - random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes). - random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes). - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes). - rhashtable: Document the right function parameters (bsc#1174880). - rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880). - rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880). - rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880). - rhashtable: drop duplicated word in (bsc#1174880). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/modules.fips: * add ecdh_generic (boo#1173813) - rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtw88: fix LDPC field for RA info (git-fixes). - rtw88: fix short GI capability based on current bandwidth (git-fixes). - sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28). - sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: ipr: remove unneeded semicolon (jsc#SLE-13654). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes). - serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes). - serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes). - serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - serial: tegra: fix CREAD handling for PIO (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834). - soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116). - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes). - spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - spi: rockchip: Fix error in SPI slave pio read (git-fixes). - spi: spi-geni-qcom: Actually use our FIFO (git-fixes). - spi: spidev: Align buffers for DMA (git-fixes). - spi: stm32: fixes suspend/resume management (git-fixes). - staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging: rtl8712: handle firmware load failure (git-fixes). - staging: vchiq_arm: Add a matching unregister call (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes). - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - ubsan: check panic_on_warn (bsc#1174805). - uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762). - update upstream reference - usb: bdc: Halt controller on suspend (git-fixes). - usb: core: fix quirks_param_set() writing to a const pointer (git-fixes). - usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes). - usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes). - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (git-fixes). - usb: iowarrior: fix up report size handling for some devices (git-fixes). - usb: mtu3: clear dual mode of u3port when disable device (git-fixes). - usb: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - usb: serial: cp210x: re-enable auto-RTS on open (git-fixes). - usb: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - usb: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes). - watchdog: initialize device before misc_register (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - wl1251: fix always return 0 error (git-fixes). - x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes). - xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600). - xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645). - xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2485=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.15.1 kernel-azure-debuginfo-5.3.18-18.15.1 kernel-azure-debugsource-5.3.18-18.15.1 kernel-azure-devel-5.3.18-18.15.1 kernel-azure-devel-debuginfo-5.3.18-18.15.1 kernel-syms-azure-5.3.18-18.15.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.15.1 kernel-source-azure-5.3.18-18.15.1 References: https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-16166.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154492 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1171634 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172197 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173468 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173813 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174002 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174645 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174737 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174762 https://bugzilla.suse.com/1174770 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174777 https://bugzilla.suse.com/1174805 https://bugzilla.suse.com/1174824 https://bugzilla.suse.com/1174825 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174865 https://bugzilla.suse.com/1174880 https://bugzilla.suse.com/1174897 https://bugzilla.suse.com/1174906 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175009 https://bugzilla.suse.com/1175010 https://bugzilla.suse.com/1175011 https://bugzilla.suse.com/1175012 https://bugzilla.suse.com/1175013 https://bugzilla.suse.com/1175014 https://bugzilla.suse.com/1175015 https://bugzilla.suse.com/1175016 https://bugzilla.suse.com/1175017 https://bugzilla.suse.com/1175018 https://bugzilla.suse.com/1175019 https://bugzilla.suse.com/1175020 https://bugzilla.suse.com/1175021 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175116 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175175 https://bugzilla.suse.com/1175176 https://bugzilla.suse.com/1175180 https://bugzilla.suse.com/1175181 https://bugzilla.suse.com/1175182 https://bugzilla.suse.com/1175183 https://bugzilla.suse.com/1175184 https://bugzilla.suse.com/1175185 https://bugzilla.suse.com/1175186 https://bugzilla.suse.com/1175187 https://bugzilla.suse.com/1175188 https://bugzilla.suse.com/1175189 https://bugzilla.suse.com/1175190 https://bugzilla.suse.com/1175191 https://bugzilla.suse.com/1175192 https://bugzilla.suse.com/1175195 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175263 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175296 https://bugzilla.suse.com/1175344 https://bugzilla.suse.com/1175345 https://bugzilla.suse.com/1175346 https://bugzilla.suse.com/1175347 https://bugzilla.suse.com/1175367 https://bugzilla.suse.com/1175377 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175546 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175774 https://bugzilla.suse.com/1175775 https://bugzilla.suse.com/1175834 https://bugzilla.suse.com/1175873 From sle-updates at lists.suse.com Thu Sep 3 13:27:14 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 21:27:14 +0200 (CEST) Subject: SUSE-SU-2020:2481-1: important: Security update for xorg-x11-server Message-ID: <20200903192714.47946F794@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2481-1 Rating: important References: #1174910 #1174913 Cross-References: CVE-2020-14361 CVE-2020-14362 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2481=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2481=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2481=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): xorg-x11-server-debuginfo-1.20.3-14.5.5.2 xorg-x11-server-debugsource-1.20.3-14.5.5.2 xorg-x11-server-wayland-1.20.3-14.5.5.2 xorg-x11-server-wayland-debuginfo-1.20.3-14.5.5.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-14.5.5.2 xorg-x11-server-debugsource-1.20.3-14.5.5.2 xorg-x11-server-sdk-1.20.3-14.5.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-14.5.5.2 xorg-x11-server-debuginfo-1.20.3-14.5.5.2 xorg-x11-server-debugsource-1.20.3-14.5.5.2 xorg-x11-server-extra-1.20.3-14.5.5.2 xorg-x11-server-extra-debuginfo-1.20.3-14.5.5.2 References: https://www.suse.com/security/cve/CVE-2020-14361.html https://www.suse.com/security/cve/CVE-2020-14362.html https://bugzilla.suse.com/1174910 https://bugzilla.suse.com/1174913 From sle-updates at lists.suse.com Thu Sep 3 13:28:16 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 3 Sep 2020 21:28:16 +0200 (CEST) Subject: SUSE-RU-2020:2484-1: moderate: Recommended update for libsoup Message-ID: <20200903192816.1AC8FF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsoup ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2484-1 Rating: moderate References: #1175207 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: libsoup was updated to ship libsoup-devel also to the LTSS channels (bsc#1175207). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2484=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2484=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2484=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2484=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2484=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2484=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2484=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2484=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2484=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2484=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2484=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2484=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2484=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2484=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2484=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2484=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2484=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE OpenStack Cloud 9 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE OpenStack Cloud 9 (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE OpenStack Cloud 8 (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE OpenStack Cloud 8 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE OpenStack Cloud 7 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libsoup-lang-2.62.2-5.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 - SUSE Enterprise Storage 5 (x86_64): libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 - SUSE Enterprise Storage 5 (noarch): libsoup-lang-2.62.2-5.9.1 - HPE Helion Openstack 8 (noarch): libsoup-lang-2.62.2-5.9.1 - HPE Helion Openstack 8 (x86_64): libsoup-2_4-1-2.62.2-5.9.1 libsoup-2_4-1-32bit-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-2.62.2-5.9.1 libsoup-2_4-1-debuginfo-32bit-2.62.2-5.9.1 libsoup-debugsource-2.62.2-5.9.1 libsoup-devel-2.62.2-5.9.1 typelib-1_0-Soup-2_4-2.62.2-5.9.1 References: https://bugzilla.suse.com/1175207 From sle-updates at lists.suse.com Thu Sep 3 16:13:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 00:13:31 +0200 (CEST) Subject: SUSE-SU-2020:2486-1: important: Security update for the Linux Kernel Message-ID: <20200903221331.5B95CF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2486-1 Rating: important References: #1065600 #1065729 #1071995 #1085030 #1120163 #1133021 #1149032 #1152472 #1152489 #1153274 #1154353 #1154488 #1154492 #1155518 #1156395 #1159058 #1160634 #1167773 #1169790 #1171634 #1171688 #1172108 #1172197 #1172247 #1172418 #1172871 #1172963 #1173468 #1173485 #1173798 #1173813 #1173954 #1174002 #1174003 #1174026 #1174205 #1174247 #1174362 #1174387 #1174484 #1174625 #1174645 #1174689 #1174699 #1174737 #1174757 #1174762 #1174770 #1174771 #1174777 #1174805 #1174824 #1174825 #1174852 #1174865 #1174880 #1174897 #1174906 #1174969 #1175009 #1175010 #1175011 #1175012 #1175013 #1175014 #1175015 #1175016 #1175017 #1175018 #1175019 #1175020 #1175021 #1175052 #1175112 #1175116 #1175128 #1175149 #1175175 #1175176 #1175180 #1175181 #1175182 #1175183 #1175184 #1175185 #1175186 #1175187 #1175188 #1175189 #1175190 #1175191 #1175192 #1175195 #1175199 #1175213 #1175232 #1175263 #1175284 #1175296 #1175344 #1175345 #1175346 #1175347 #1175367 #1175377 #1175440 #1175493 #1175546 #1175550 #1175654 #1175691 #1175768 #1175769 #1175770 #1175771 #1175772 #1175774 #1175775 #1175834 #1175873 Cross-References: CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-16166 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has 116 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in ext4 (bsc#1173798). - CVE-2020-14331: Fixed a missing check in scrollback handling (bsc#1174205 bsc#1174247). - CVE-2020-14356: Fixed a NULL pointer dereference in the cgroupv2 subsystem (bsc#1175213). - CVE-2020-16166: Fixed an information leak in the network RNG (bsc#1174757). The following non-security bugs were fixed: - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: atmel: Remove invalid "fall through" comments (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (git-fixes). - ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes). - ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes). - ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes). - ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes). - ALSA: echoaudio: Race conditions around "opencount" (git-fixes). - ALSA: echoaudio: re-enable IRQs on failure path (git-fixes). - ALSA: echoaudio: Remove redundant check (git-fixes). - ALSA: firewire: fix kernel-doc (git-fixes). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes). - ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes). - ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes). - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes). - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes). - ALSA: hda/realtek - Fix unused variable warning (git-fixes). - ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes). - ALSA: hda/tegra: Disable sync-write operation (git-fixes). - ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes). - ALSA: hda: avoid reset of sdo_limit (git-fixes). - ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: isa/gus: remove 'set but not used' warning (git-fixes). - ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes). - ALSA: isa: fix spelling mistakes in the comments (git-fixes). - ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes). - ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes). - ALSA: pci/asihpi: fix kernel-doc (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes). - ALSA: pci/au88x0: remove "defined but not used" warnings (git-fixes). - ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes). - ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes). - ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes). - ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes). - ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes). - ALSA: pci/es1938: remove 'set but not used' warning (git-fixes). - ALSA: pci/fm801: fix kernel-doc (git-fixes). - ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes). - ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes). - ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes). - ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes). - ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes). - ALSA: seq: oss: Serialize ioctls (git-fixes). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes). - ALSA: usb-audio: add startech usb audio dock name (git-fixes). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: Fix some typos (git-fixes). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (git-fixes). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb/line6: remove 'defined but not used' warning (git-fixes). - ALSA: vx_core: remove warning for empty loop body (git-fixes). - ALSA: xen: remove 'set but not used' warning (git-fixes). - ALSA: xen: Remove superfluous fall through comments (git-fixes). - appletalk: Fix atalk_proc_init() return path (git-fixes). - arm/arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906). - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906). - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180). - arm64: cacheflush: Fix KGDB trap detection (bsc#1175188). - arm64: csum: Fix handling of bad packets (bsc#1175192). - arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016). - arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347). - arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346). - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345). - arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013). - arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012). - arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes). - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021). - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020). - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015). - arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards (none bsc#1175014). - arm64: dts: uDPU: fix broken ethernet (bsc#1175344). - arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011). - arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185). - arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184). - arm64: hugetlb: avoid potential NULL dereference (bsc#1175183). - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186). - arm64: kexec_file: print appropriate variable (bsc#1175187). - arm64: kgdb: Fix single-step exception handling oops (bsc#1175191). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010). - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017). - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018). - arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009). - arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182). - arm64: vdso: do not free unallocated pages (bsc#1175181). - arm: percpu.h: fix build error (git-fixes). - arm: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906). - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes). - ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes). - ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes). - ASoC: meson: axg-tdmin: fix g12a skew (git-fixes). - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes). - ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes). - ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes). - ASoC: q6routing: add dummy register read/write function (git-fixes). - ASoC: SOF: nocodec: add missing .owner field (git-fixes). - ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix regression with Atheros 9271 (git-fixes). - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bdc: Fix bug causing crash after multiple disconnects (git-fixes). - bfq: fix blkio cgroup leakage v4 (bsc#1175775). - block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes). - Bluetooth: btusb: fix up firmware download sequence (git-fixes). - Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes). - Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518). - bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518). - bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518). - bpfilter: fix up a sparse annotation (bsc#1155518). - bpfilter: Initialize pos variable (bsc#1155518). - bpfilter: reject kernel addresses (bsc#1155518). - bpfilter: switch to kernel_write (bsc#1155518). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes). - brcmfmac: Set timeout value when configuring power save (bsc#1173468). - brcmfmac: To fix Bss Info flag definition Bug (git-fixes). - btmrvl: Fix firmware filename for sd8977 chipset (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (git-fixes). - btrfs: add helper to get the end offset of a file extent item (bsc#1175546). - btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: delete the ordered isize update code (bsc#1175377). - btrfs: do not set path->leave_spinning for truncate (bsc#1175377). - btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix lost i_size update after cloning inline extent (bsc#1175377). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix race between shrinking truncate and fiemap (bsc#1175377). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: introduce per-inode file extent tree (bsc#1175377). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: make full fsyncs always operate on the entire file again (bsc#1175546). - btrfs: make ranged full fsyncs more efficient (bsc#1175546). - btrfs: move extent_io_tree defs to their own header (bsc#1175377). - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149). - btrfs: Remove leftover of in-band dedupe (bsc#1175149). - btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377). - btrfs: remove useless check for copy_items() return value (bsc#1175546). - btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377). - btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377). - btrfs: separate out the extent io init function (bsc#1175377). - btrfs: separate out the extent leak code (bsc#1175377). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263). - btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377). - btrfs: use the file extent tree infrastructure (bsc#1175377). - cfg80211: check vendor command doit pointer before use (git-fixes). - clk: actions: Fix h_clk for Actions S500 SoC (git-fixes). - clk: at91: clk-generated: check best_rate against ranges (git-fixes). - clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes). - clk: at91: sam9x60-pll: check fcore against ranges (git-fixes). - clk: at91: sam9x60-pll: use logical or for range check (git-fixes). - clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes). - clk: at91: sckc: register slow_rc with accuracy option (git-fixes). - clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865). - clk: bcm63xx-gate: fix last clock availability (git-fixes). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes). - clk: iproc: round clock rate to the closest (git-fixes). - clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes). - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes). - clk: rockchip: Revert "fix wrong mmc sample phase shift for rk3328" (git-fixes). - clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes). - crc-t10dif: Fix potential crypto notify dead-lock (git-fixes). - crypto: aesni - add compatibility with IAS (git-fixes). - crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes). - crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: ccree - fix resource leak on error path (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (git-fixes). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes). - dmaengine: ioat setting ioat timeout as module parameter (git-fixes). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes). - docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.) - drbd: Remove uninitialized_var() usage (git-fixes). - driver core: Avoid binding drivers to dead devices (git-fixes). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes). - drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes). - drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472) - drm/amd/powerplay: fix a crash when overclocking Vega M (git-fixes). - drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes). - drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0 - drm/amdgpu/gfx10: fix race condition for kiq (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes). - drm/amdgpu: fix preemption unit test (git-fixes). - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes). - drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c - drm/debugfs: fix plain echo to connector "force" attribute (git-fixes). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes). - drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes). - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) * context changes - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes). - drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737). - drm/i915/gt: Move new timelines to the end of active_list (git-fixes). - drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) * context changes - drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes). - drm/i915: Actually emit the await_start (bsc#1174737). - drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737). - drm/i915: Do not poison i915_request.link on removal (bsc#1174737). - drm/i915: Drop no-semaphore boosting (bsc#1174737). - drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737). - drm/i915: Flush execution tasklets before checking request status (bsc#1174737). - drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737). - drm/i915: Ignore submit-fences on the same timeline (bsc#1174737). - drm/i915: Improve the start alignment of bonded pairs (bsc#1174737). - drm/i915: Keep track of request among the scheduling lists (bsc#1174737). - drm/i915: Lock signaler timeline while navigating (bsc#1174737). - drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737). - drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737). - drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737). - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) * context changes - drm/i915: Peel dma-fence-chains for await (bsc#1174737). - drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737). - drm/i915: Protect i915_request_await_start from early waits (bsc#1174737). - drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737). - drm/i915: Rely on direct submission to the queue (bsc#1174737). - drm/i915: Remove wait priority boosting (bsc#1174737). - drm/i915: Reorder await_execution before await_request (bsc#1174737). - drm/i915: Return early for await_start on same timeline (bsc#1174737). - drm/i915: Use EAGAIN for trylock failures (bsc#1174737). - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (git-fixes). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes). - drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (git-fixes). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm/radeon: disable AGP by default (git-fixes). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes). - drm/stm: repair runtime power management (git-fixes). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes - drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes). - drm: hold gem reference until object is no longer accessed (git-fixes). - drm: msm: a6xx: fix gpu failure after system resume (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes). - dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes). - enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28). - ext2: fix missing percpu_counter_inc (bsc#1175774). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: do not BUG on inconsistent journal feature (bsc#1171634). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins (git-fixes). - firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes). - firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes). - firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: Fix a reference count leak (git-fixes). - firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906). - firmware: smccc: Add function to fetch SMCCC version (bsc#1174906). - firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906). - firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906). - firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906). - firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906). - firmware: smccc: Update link to latest SMCCC specification (bsc#1174906). - firmware_loader: fix memory leak for paged buffer (bsc#1175367). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176). - fuse: fix weird page warning (bsc#1175175). - genetlink: remove genl_bind (networking-stable-20_07_17). - geneve: fix an uninitialized value in geneve_changelink() (git-fixes). - genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090). - genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090). - genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090). - gfs2: Another gfs2_find_jhead fix (bsc#1174824). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825). - go7007: add sanity checking for endpoints (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: arizona: put pm_runtime in case of failure (git-fixes). - gpio: max77620: Fix missing release of interrupt (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes). - habanalabs: increase timeout during reset (git-fixes). - HID: alps: support devices with report id 2 (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes). - HID: input: Fix devices that return multiple bytes in battery report (git-fixes). - HID: steam: fixes race in handling device list (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes). - i2c: also convert placeholder function to return errno (git-fixes). - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes). - i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411). - i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411). - i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - i2c: iproc: fix race between client unreg and isr (git-fixes). - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes). - i2c: rcar: avoid race when unregistering slave (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes). - i2c: slave: add sanity check when unregistering (git-fixes). - i2c: slave: improve sanity check when registering (git-fixes). - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes). - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes). - i40iw: Report correct firmware version (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (git-fixes). - IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes). - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes). - IB/hfi1: Ensure pq is not left on waitlist (git-fixes). - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes). - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes). - IB/mad: Fix use after free when destroying MAD agent (git-fixes). - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes). - IB/mlx5: Fix 50G per lane indication (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes). - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes). - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes). - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes). - IB/rdmavt: Delete unused routine (git-fixes). - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770). - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ice: Clear and free XLT entries on reset (jsc#SLE-7926). - ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926). - ide: Remove uninitialized_var() usage (git-fixes). - ieee802154: fix one possible memleak in adf7242_probe (git-fixes). - igc: Fix PTP initialization (bsc#1160634). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - Input: elan_i2c - only increment wakeup count on touch (git-fixes). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ionic: fix up filter locks and debug msgs (bsc#1167773). - ionic: keep rss hash after fw update (bsc#1167773). - ionic: unlock queue mutex in error path (bsc#1167773). - ionic: update filter id after replay (bsc#1167773). - ionic: use mutex to protect queue operations (bsc#1167773). - ionic: use offset for ethtool regs data (bsc#1167773). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17). - ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1175195). - iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI workaround for enum cpuhp_state (git-fixes). - kABI workaround for struct kvm_device (git-fixes). Just change an variable to "const" type in kvm_device. - kABI workaround for struct kvm_vcpu_arch (git-fixes). Add a struct variable to the end of kvm_vcpu_arch and kvm_vcpu_arch is embedded into kvm_vcpu at the end. It is usually used by pointer and allocated dynamically, so this change should be fine even for external kvm module. - kABI/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - kABI/severities: ignore qla2xxx as all symbols are internal - kABI: genetlink: remove genl_bind (kabi). - kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645). - kernel.h: remove duplicate include of asm/div64.h (git-fixes). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190). - KVM: arm64: Correct PSTATE on exception entry (bsc#1133021). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021). - KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021). - KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593). - KVM: Play nice with read-only memslots when querying host page size (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: Reinstall old memslots if arch preparation fails (bsc#1133021). - KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021). - KVM: x86: Fix APIC page invalidation race (bsc#1133021). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: gpio: Fix semantic error (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: lm36274: fix use-after-free on unbind (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - locktorture: Print ratio of acquisitions, not failures (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix misplaced while instead of if (git-fixes). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - Mark the SLE15-SP2 kernel properly released. There perhaps was a typo, when SUSE_KERNEL_RELEASED missed the trailing "D" - this leads to our kernels being marked as "Unreleased kernel". SUSE_KERNEL_RELEASED is defined in rpm/kernel-binary.spec.in. To fix that, it should be enough to switch from SUSE_KERNEL_RELEASE to SUSE_KERNEL_RELEASED. - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: camss: fix memory leaks on error handling paths in probe (git-fixes). - media: cxusb-analog: fix V4L2 dependency (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes). - media: media-request: Fix crash if memory allocation fails (git-fixes). - media: nuvoton-cir: remove setting tx carrier functions (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes). - media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes). - media: sur40: Remove uninitialized_var() usage (git-fixes). - media: vpss: clean up resources in init (git-fixes). - media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488). - mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm: Fix protection usage propagation (bsc#1174002). - mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes). - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes). - mtd: rawnand: qcom: avoid write to unavailable register (git-fixes). - mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28). - mwifiex: Fix firmware filename for sd8977 chipset (git-fixes). - mwifiex: Fix firmware filename for sd8997 chipset (git-fixes). - mwifiex: Prevent memory corruption handling keys (git-fixes). - ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518). - net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518). - net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518). - net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17). - net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid memory access violation by validating req_id properly (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: fix continuous keep-alive resets (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: Make missed_tx stat incremental (git-fixes). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: Prevent reset after device destruction (git-fixes). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: hns3: fix error handling for desc filling (git-fixes). - net: hns3: fix for not calculating TX BD send size correctly (git-fixes). - net: hns3: fix return value error when query MAC link status fail (git-fixes). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: lan78xx: replace bogus endpoint lookup (git-fixes). - net: mvneta: fix use of state->speed (networking-stable-20_07_17). - net: phy: Check harder for errors in get_phy_id() (git-fixes). - net: phy: fix memory leak in device-create error path (git-fixes). - net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17). - netdevsim: fix unbalaced locking in nsim_create() (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - ntb: Fix static check warning in perf_clear_test (git-fixes). - ntb: Fix the default port and peer numbers for legacy drivers (git-fixes). - ntb: hw: remove the code that sets the DMA mask (git-fixes). - ntb: ntb_pingpong: Choose doorbells based on port number (git-fixes). - ntb: ntb_test: Fix bug when counting remote files (git-fixes). - ntb: ntb_tool: reading the link file should not end in a NULL byte (git-fixes). - ntb: perf: Do not require one more memory window than number of peers (git-fixes). - ntb: perf: Fix race condition when run with ntb_test (git-fixes). - ntb: perf: Fix support for hardware that does not have port numbers (git-fixes). - ntb: Revert the change to use the NTB device dev for DMA allocations (git-fixes). - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes). - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme-multipath: set bdi capabilities once (bsc#1159058). - nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058). - nvme-rdma: Add warning on state change failure at (bsc#1159058). - nvme-tcp: Add warning on state change failure at (bsc#1159058). - nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058). - nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes). - nvme: always search for namespace head (bsc#1159058). - nvme: avoid an Identify Controller command for each namespace (bsc#1159058). - nvme: check namespace head shared property (bsc#1159058). - nvme: clean up nvme_scan_work (bsc#1159058). - nvme: cleanup namespace identifier reporting in (bsc#1159058). - nvme: consolidate chunk_sectors settings (bsc#1159058). - nvme: consolodate io settings (bsc#1159058). - nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058). - nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058). - nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058). - nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058). - nvme: Fix controller creation races with teardown flow (bsc#1159058). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058). - nvme: fix identify error status silent ignore (git-fixes, bsc#1159058). - nvme: fix possible hang when ns scanning fails during error (bsc#1159058). - nvme: kABI fixes for nvme_ctrl (bsc#1159058). - nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058). - nvme: provide num dword helper (bsc#1159058). - nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058). - nvme: refine the Qemu Identify CNS quirk (bsc#1159058). - nvme: release ida resources (bsc#1159058). - nvme: release namespace head reference on error (bsc#1159058). - nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058). - nvme: remove unused parameter (bsc#1159058). - nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058). - nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058). - nvme: revalidate after verifying identifiers (bsc#1159058). - nvme: revalidate namespace stream parameters (bsc#1159058). - nvme: unlink head after removing last namespace (bsc#1159058). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (git-fixes). - openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix runtime PM imbalance on error (git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes). - phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes). - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes). - phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes). - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: ISST: Add new PCI device ids (git-fixes). - PM: wakeup: Show statistics for deleted wakeup sources again (git-fixes). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395). - powerpc/iommu: Allow bypass-only for DMA (bsc#1156395). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - qed: suppress "do not support RoCE & iWARP" flooding on HW init (git-fixes). - qed: suppress false-positives interrupt error messages on HW init (git-fixes). - r8169: fix jumbo configuration for RTL8168evl (bsc#1175296). - r8169: fix jumbo packet handling on resume from suspend (bsc#1175296). - r8169: fix resume on cable plug-in (bsc#1175296). - r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296). - r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296). - r8169: read common register for PCI commit (bsc#1175296). - random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes). - random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes). - random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes). - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes). - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes). - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes). - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes). - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes). - RDMA/cm: Remove a race freeing timewait_info (git-fixes). - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes). - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes). - RDMA/core: Fix double destruction of uobject (git-fixes). - RDMA/core: Fix double put of resource (git-fixes). - RDMA/core: Fix missing error check on dev_set_name() (git-fixes). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes). - RDMA/core: Fix race between destroy and release FD object (git-fixes). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes). - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes). - RDMA/counter: Query a counter before release (git-fixes). - RDMA/efa: Set maximum pkeys device attribute (git-fixes). - RDMA/hns: Bugfix for querying qkey (git-fixes). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes). - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes). - RDMA/iwcm: Fix iwcm work deallocation (git-fixes). - RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes). - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes). - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes). - RDMA/mlx5: Add init2init as a modify command (git-fixes). - RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446). - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes). - RDMA/mlx5: Fix typo in enum name (git-fixes). - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes). - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes). - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes). - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes). - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes). - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes). - RDMA/rxe: Set default vendor ID (git-fixes). - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes). - RDMA/siw: Fix failure handling during device creation (git-fixes). - RDMA/siw: Fix passive connection establishment (git-fixes). - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes). - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes). - RDMA/siw: Fix reporting vendor_part_id (git-fixes). - RDMA/siw: Fix setting active_mtu attribute (git-fixes). - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes). - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes). - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - remoteproc: qcom: q6v5: Update running state before requesting stop (git-fixes). - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes). - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (git-fixes). - Revert "drm/amd/display: Expose connector VRR range via debugfs" (bsc#1152489) * refreshed for context changes - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (git-fixes). - Revert "i2c: cadence: Fix the hold bit setting" (git-fixes). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (git-fixes). - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - rhashtable: Document the right function parameters (bsc#1174880). - rhashtable: drop duplicated word in (bsc#1174880). - rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880). - rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880). - rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/modules.fips: * add ecdh_generic (boo#1173813) - rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - rtw88: fix LDPC field for RA info (git-fixes). - rtw88: fix short GI capability based on current bandwidth (git-fixes). - sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28). - sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: remove unneeded semicolon (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes). - serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes). - serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes). - serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - serial: tegra: fix CREAD handling for PIO (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834). - soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116). - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes). - spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - spi: rockchip: Fix error in SPI slave pio read (git-fixes). - spi: spi-geni-qcom: Actually use our FIFO (git-fixes). - spi: spidev: Align buffers for DMA (git-fixes). - spi: stm32: fixes suspend/resume management (git-fixes). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging: rtl8712: handle firmware load failure (git-fixes). - staging: vchiq_arm: Add a matching unregister call (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes). - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes). - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - ubsan: check panic_on_warn (bsc#1174805). - uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762). - update upstream reference - usb: bdc: Halt controller on suspend (git-fixes). - usb: core: fix quirks_param_set() writing to a const pointer (git-fixes). - usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes). - usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes). - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: iowarrior: fix up report size handling for some devices (git-fixes). - usb: mtu3: clear dual mode of u3port when disable device (git-fixes). - usb: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - usb: serial: cp210x: re-enable auto-RTS on open (git-fixes). - usb: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - usb: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: tegra: Fix allocation for the FPCI context (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes). - watchdog: initialize device before misc_register (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - wl1251: fix always return 0 error (git-fixes). - x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes). - xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600). - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645). - xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645). - xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2486=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 kernel-default-livepatch-5.3.18-24.12.1 kernel-default-livepatch-devel-5.3.18-24.12.1 kernel-livepatch-5_3_18-24_12-default-1-5.3.1 kernel-livepatch-5_3_18-24_12-default-debuginfo-1-5.3.1 kernel-livepatch-SLE15-SP2_Update_2-debugsource-1-5.3.1 References: https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-16166.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154488 https://bugzilla.suse.com/1154492 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1171634 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172197 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173468 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173813 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174002 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174247 https://bugzilla.suse.com/1174362 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174645 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174737 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174762 https://bugzilla.suse.com/1174770 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174777 https://bugzilla.suse.com/1174805 https://bugzilla.suse.com/1174824 https://bugzilla.suse.com/1174825 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174865 https://bugzilla.suse.com/1174880 https://bugzilla.suse.com/1174897 https://bugzilla.suse.com/1174906 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175009 https://bugzilla.suse.com/1175010 https://bugzilla.suse.com/1175011 https://bugzilla.suse.com/1175012 https://bugzilla.suse.com/1175013 https://bugzilla.suse.com/1175014 https://bugzilla.suse.com/1175015 https://bugzilla.suse.com/1175016 https://bugzilla.suse.com/1175017 https://bugzilla.suse.com/1175018 https://bugzilla.suse.com/1175019 https://bugzilla.suse.com/1175020 https://bugzilla.suse.com/1175021 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175116 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175175 https://bugzilla.suse.com/1175176 https://bugzilla.suse.com/1175180 https://bugzilla.suse.com/1175181 https://bugzilla.suse.com/1175182 https://bugzilla.suse.com/1175183 https://bugzilla.suse.com/1175184 https://bugzilla.suse.com/1175185 https://bugzilla.suse.com/1175186 https://bugzilla.suse.com/1175187 https://bugzilla.suse.com/1175188 https://bugzilla.suse.com/1175189 https://bugzilla.suse.com/1175190 https://bugzilla.suse.com/1175191 https://bugzilla.suse.com/1175192 https://bugzilla.suse.com/1175195 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175263 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175296 https://bugzilla.suse.com/1175344 https://bugzilla.suse.com/1175345 https://bugzilla.suse.com/1175346 https://bugzilla.suse.com/1175347 https://bugzilla.suse.com/1175367 https://bugzilla.suse.com/1175377 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175546 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175774 https://bugzilla.suse.com/1175775 https://bugzilla.suse.com/1175834 https://bugzilla.suse.com/1175873 From sle-updates at lists.suse.com Thu Sep 3 16:25:32 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 00:25:32 +0200 (CEST) Subject: SUSE-SU-2020:2486-1: important: Security update for the Linux Kernel Message-ID: <20200903222532.E75D0F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2486-1 Rating: important References: #1065600 #1065729 #1071995 #1085030 #1120163 #1133021 #1149032 #1152472 #1152489 #1153274 #1154353 #1154488 #1154492 #1155518 #1156395 #1159058 #1160634 #1167773 #1169790 #1171634 #1171688 #1172108 #1172197 #1172247 #1172418 #1172871 #1172963 #1173468 #1173485 #1173798 #1173813 #1173954 #1174002 #1174003 #1174026 #1174205 #1174247 #1174362 #1174387 #1174484 #1174625 #1174645 #1174689 #1174699 #1174737 #1174757 #1174762 #1174770 #1174771 #1174777 #1174805 #1174824 #1174825 #1174852 #1174865 #1174880 #1174897 #1174906 #1174969 #1175009 #1175010 #1175011 #1175012 #1175013 #1175014 #1175015 #1175016 #1175017 #1175018 #1175019 #1175020 #1175021 #1175052 #1175112 #1175116 #1175128 #1175149 #1175175 #1175176 #1175180 #1175181 #1175182 #1175183 #1175184 #1175185 #1175186 #1175187 #1175188 #1175189 #1175190 #1175191 #1175192 #1175195 #1175199 #1175213 #1175232 #1175263 #1175284 #1175296 #1175344 #1175345 #1175346 #1175347 #1175367 #1175377 #1175440 #1175493 #1175546 #1175550 #1175654 #1175691 #1175768 #1175769 #1175770 #1175771 #1175772 #1175774 #1175775 #1175834 #1175873 Cross-References: CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-16166 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has 116 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in ext4 (bsc#1173798). - CVE-2020-14331: Fixed a missing check in scrollback handling (bsc#1174205 bsc#1174247). - CVE-2020-14356: Fixed a NULL pointer dereference in the cgroupv2 subsystem (bsc#1175213). - CVE-2020-16166: Fixed an information leak in the network RNG (bsc#1174757). The following non-security bugs were fixed: - 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: atmel: Remove invalid "fall through" comments (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (git-fixes). - ALSA: echoaduio: Drop superfluous volatile modifier (git-fixes). - ALSA: echoaudio: Address bugs in the interrupt handling (git-fixes). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (git-fixes). - ALSA: echoaudio: Prevent races in calls to set_audio_format() (git-fixes). - ALSA: echoaudio: Prevent some noise on unloading the module (git-fixes). - ALSA: echoaudio: Race conditions around "opencount" (git-fixes). - ALSA: echoaudio: re-enable IRQs on failure path (git-fixes). - ALSA: echoaudio: Remove redundant check (git-fixes). - ALSA: firewire: fix kernel-doc (git-fixes). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (git-fixes). - ALSA: hda - reverse the setting value in the micmute_led_set (git-fixes). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (git-fixes). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (git-fixes). - ALSA: hda/hdmi: Add quirk to force connectivity (git-fixes). - ALSA: hda/hdmi: Fix keep_power assignment for non-component devices (git-fixes). - ALSA: hda/hdmi: Use force connectivity quirk on another HP desktop (git-fixes). - ALSA: hda/realtek - Fix unused variable warning (git-fixes). - ALSA: hda/realtek - Fixed HP right speaker no sound (git-fixes). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (git-fixes). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (git-fixes). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (git-fixes). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (git-fixes). - ALSA: hda/tegra: Disable sync-write operation (git-fixes). - ALSA: hda: Add support for Loongson 7A1000 controller (git-fixes). - ALSA: hda: avoid reset of sdo_limit (git-fixes). - ALSA: hda: Enable sync-write operation as default for all controllers (git-fixes). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (git-fixes). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: isa/gus: remove 'set but not used' warning (git-fixes). - ALSA: isa/gus: remove -Wmissing-prototypes warnings (git-fixes). - ALSA: isa: fix spelling mistakes in the comments (git-fixes). - ALSA: line6: add hw monitor volume control for POD HD500 (git-fixes). - ALSA: line6: Use kmemdup in podhd_set_monitor_level() (git-fixes). - ALSA: pci/asihpi: fix kernel-doc (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warning (git-fixes). - ALSA: pci/asihpi: remove 'set but not used' warnings (git-fixes). - ALSA: pci/au88x0: remove "defined but not used" warnings (git-fixes). - ALSA: pci/aw2-saa7146: remove 'set but not used' warning (git-fixes). - ALSA: pci/ctxfi/ctatc: fix kernel-doc (git-fixes). - ALSA: pci/ctxfi: fix kernel-doc warnings (git-fixes). - ALSA: pci/echoaudio: remove 'set but not used' warning (git-fixes). - ALSA: pci/emu10k1: remove 'set but not used' warning (git-fixes). - ALSA: pci/es1938: remove 'set but not used' warning (git-fixes). - ALSA: pci/fm801: fix kernel-doc (git-fixes). - ALSA: pci/korg1212: remove 'set but not used' warnings (git-fixes). - ALSA: pci/oxygen/xonar_wm87x6: remove always true condition (git-fixes). - ALSA: pci/rme9652/hdspm: remove always true condition (git-fixes). - ALSA: pci/via82xx: remove 'set but not used' warnings (git-fixes). - ALSA: pcmcia/pdaudiocf: fix kernel-doc (git-fixes). - ALSA: seq: oss: Serialize ioctls (git-fixes). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2 (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (git-fixes). - ALSA: usb-audio: add startech usb audio dock name (git-fixes). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (git-fixes). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (git-fixes). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (git-fixes). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (git-fixes). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: Fix some typos (git-fixes). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (git-fixes). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb/line6: remove 'defined but not used' warning (git-fixes). - ALSA: vx_core: remove warning for empty loop body (git-fixes). - ALSA: xen: remove 'set but not used' warning (git-fixes). - ALSA: xen: Remove superfluous fall through comments (git-fixes). - appletalk: Fix atalk_proc_init() return path (git-fixes). - arm/arm64: Make use of the SMCCC 1.1 wrapper (bsc#1174906). - arm/arm64: Provide a wrapper for SMCCC 1.1 calls (bsc#1174906). - arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (bsc#1175180). - arm64: cacheflush: Fix KGDB trap detection (bsc#1175188). - arm64: csum: Fix handling of bad packets (bsc#1175192). - arm64: dts: allwinner: a64: Remove unused SPDIF sound card (none bsc#1175016). - arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay (bsc#1175347). - arm64: dts: exynos: Fix silent hang after boot on Espresso (bsc#1175346). - arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range (none bsc#1175019). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bsc#1175345). - arm64: dts: librem5-devkit: add a vbus supply to usb0 (none bsc#1175013). - arm64: dts: ls1028a: delete extraneous #interrupt-cells for ENETC RCIE (none bsc#1175012). - arm64: dts: qcom: msm8998-clamshell: Fix label on l15 regulator (git-fixes). - arm64: dts: rockchip: fix rk3399-puma gmac reset gpio (none bsc#1175021). - arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio (none bsc#1175020). - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy (none bsc#1175015). - arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards (none bsc#1175014). - arm64: dts: uDPU: fix broken ethernet (bsc#1175344). - arm64: dts: uniphier: Set SCSSI clock and reset IDs for each channel (none bsc#1175011). - arm64: errata: use arm_smccc_1_1_get_conduit() (bsc#1174906). - arm64: Fix PTRACE_SYSEMU semantics (bsc#1175185). - arm64: fix the flush_icache_range arguments in machine_kexec (bsc#1175184). - arm64: hugetlb: avoid potential NULL dereference (bsc#1175183). - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (bsc#1175189). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1175186). - arm64: kexec_file: print appropriate variable (bsc#1175187). - arm64: kgdb: Fix single-step exception handling oops (bsc#1175191). - arm64: Retrieve stolen time as paravirtualized guest (bsc#1172197 jsc#SLE-13593). - arm64: tegra: Enable I2C controller for EEPROM (none bsc#1175010). - arm64: tegra: Fix ethernet phy-mode for Jetson Xavier (none bsc#1175017). - arm64: tegra: Fix flag for 64-bit resources in 'ranges' property (none bsc#1175018). - arm64: tegra: Fix Tegra194 PCIe compatible string (none bsc#1175009). - arm64: vdso: Add -fasynchronous-unwind-tables to cflags (bsc#1175182). - arm64: vdso: do not free unallocated pages (bsc#1175181). - arm: percpu.h: fix build error (git-fixes). - arm: spectre-v2: use arm_smccc_1_1_get_conduit() (bsc#1174906). - ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK (git-fixes). - ASoC: hdac_hda: fix deadlock after PCM open error (git-fixes). - ASoC: Intel: bxt_rt298: add missing .owner field (git-fixes). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: meson: axg-tdm-interface: fix link fmt setup (git-fixes). - ASoC: meson: axg-tdmin: fix g12a skew (git-fixes). - ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback (git-fixes). - ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes). - ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes). - ASoC: q6routing: add dummy register read/write function (git-fixes). - ASoC: SOF: nocodec: add missing .owner field (git-fixes). - ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: enable transmit data ack RSSI for QCA9884 (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix regression with Atheros 9271 (git-fixes). - atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bdc: Fix bug causing crash after multiple disconnects (git-fixes). - bfq: fix blkio cgroup leakage v4 (bsc#1175775). - block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btmtksdio: fix up firmware download sequence (git-fixes). - Bluetooth: btusb: fix up firmware download sequence (git-fixes). - Bluetooth: fix kernel oops in store_pending_adv_report (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (git-fixes). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags (git-fixes). - Bluetooth: hci_serdev: Only unregister device if it was registered (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (git-fixes). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bpf: Fix map leak in HASH_OF_MAPS map (bsc#1155518). - bpf: net: Avoid copying sk_user_data of reuseport_array during sk_clone (bsc#1155518). - bpf: net: Avoid incorrect bpf_sk_reuseport_detach call (bsc#1155518). - bpfilter: fix up a sparse annotation (bsc#1155518). - bpfilter: Initialize pos variable (bsc#1155518). - bpfilter: reject kernel addresses (bsc#1155518). - bpfilter: switch to kernel_write (bsc#1155518). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes). - brcmfmac: Set timeout value when configuring power save (bsc#1173468). - brcmfmac: To fix Bss Info flag definition Bug (git-fixes). - btmrvl: Fix firmware filename for sd8977 chipset (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (git-fixes). - btrfs: add helper to get the end offset of a file extent item (bsc#1175546). - btrfs: avoid unnecessary splits when setting bits on an extent io tree (bsc#1175377). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: delete the ordered isize update code (bsc#1175377). - btrfs: do not set path->leave_spinning for truncate (bsc#1175377). - btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof (bsc#1175377). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix lost i_size update after cloning inline extent (bsc#1175377). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix race between shrinking truncate and fiemap (bsc#1175377). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: introduce per-inode file extent tree (bsc#1175377). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: make full fsyncs always operate on the entire file again (bsc#1175546). - btrfs: make ranged full fsyncs more efficient (bsc#1175546). - btrfs: move extent_io_tree defs to their own header (bsc#1175377). - btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range (bsc#1175263). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Remove delalloc_end argument from extent_clear_unlock_delalloc (bsc#1175149). - btrfs: Remove leftover of in-band dedupe (bsc#1175149). - btrfs: remove unnecessary delalloc mutex for inodes (bsc#1175377). - btrfs: remove useless check for copy_items() return value (bsc#1175546). - btrfs: Rename btrfs_join_transaction_nolock (bsc#1175377). - btrfs: replace all uses of btrfs_ordered_update_i_size (bsc#1175377). - btrfs: separate out the extent io init function (bsc#1175377). - btrfs: separate out the extent leak code (bsc#1175377). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - btrfs: trim: fix underflow in trim length to prevent access beyond device boundary (bsc#1175263). - btrfs: use btrfs_ordered_update_i_size in clone_finish_inode_update (bsc#1175377). - btrfs: use the file extent tree infrastructure (bsc#1175377). - cfg80211: check vendor command doit pointer before use (git-fixes). - clk: actions: Fix h_clk for Actions S500 SoC (git-fixes). - clk: at91: clk-generated: check best_rate against ranges (git-fixes). - clk: at91: clk-generated: continue if __clk_determine_rate() returns error (git-fixes). - clk: at91: sam9x60-pll: check fcore against ranges (git-fixes). - clk: at91: sam9x60-pll: use logical or for range check (git-fixes). - clk: at91: sam9x60: fix main rc oscillator frequency (git-fixes). - clk: at91: sckc: register slow_rc with accuracy option (git-fixes). - clk: bcm2835: Do not use prediv with bcm2711's PLLs (bsc#1174865). - clk: bcm63xx-gate: fix last clock availability (git-fixes). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (git-fixes). - clk: iproc: round clock rate to the closest (git-fixes). - clk: qcom: gcc-sdm660: Add missing modem reset (git-fixes). - clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk (git-fixes). - clk: rockchip: Revert "fix wrong mmc sample phase shift for rk3328" (git-fixes). - clk: scmi: Fix min and max rate when registering clocks with discrete rates (git-fixes). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes). - crc-t10dif: Fix potential crypto notify dead-lock (git-fixes). - crypto: aesni - add compatibility with IAS (git-fixes). - crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes). - crypto: caam - Fix argument type in handle_imx6_err005766 (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: ccree - fix resource leak on error path (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: hisilicon - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - devlink: ignore -EOPNOTSUPP errors on dumpit (bsc#1154353). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (git-fixes). - dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu (git-fixes). - dmaengine: ioat setting ioat timeout as module parameter (git-fixes). - dmaengine: tegra210-adma: Fix runtime PM imbalance on error (git-fixes). - docs: fix memory.low description in cgroup-v2.rst (git-fixes). (SLE documentation might refer to cgroup-v2.rst.) - drbd: Remove uninitialized_var() usage (git-fixes). - driver core: Avoid binding drivers to dead devices (git-fixes). - drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() (git-fixes). - drivers/net/wan: lapb: Corrected the usage of skb_cow (git-fixes). - drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128). - drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472) - drm/amd/powerplay: fix a crash when overclocking Vega M (git-fixes). - drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes). - drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes). - drm/amdgpu/display: use blanked rather than plane state for sync (bsc#1152489) * refreshed for context changes * protect code with CONFIG_DRM_AMD_DC_DCN2_0 - drm/amdgpu/gfx10: fix race condition for kiq (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (git-fixes). - drm/amdgpu: fix preemption unit test (git-fixes). - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1152472) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers (git-fixes). - drm/bridge: ti-sn65dsi86: Do not use kernel-doc comment for local array (git-fixes). - drm/bridge: ti-sn65dsi86: Fix off-by-one error in clock choice (bsc#1152489) * refreshed for context changes - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1152472) * move drm_mipi_dbi.c -> tinydrm/mipi-dbi.c - drm/debugfs: fix plain echo to connector "force" attribute (git-fixes). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes). - drm/gem: Fix a leak in drm_gem_objects_lookup() (git-fixes). - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) * context changes - drm/i915/gt: Close race between engine_park and intel_gt_retire_requests (git-fixes). - drm/i915/gt: Flush submission tasklet before waiting/retiring (bsc#1174737). - drm/i915/gt: Move new timelines to the end of active_list (git-fixes). - drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) * context changes - drm/i915/gt: Unlock engine-pm after queuing the kernel context switch (git-fixes). - drm/i915: Actually emit the await_start (bsc#1174737). - drm/i915: Copy across scheduler behaviour flags across submit fences (bsc#1174737). - drm/i915: Do not poison i915_request.link on removal (bsc#1174737). - drm/i915: Drop no-semaphore boosting (bsc#1174737). - drm/i915: Eliminate the trylock for awaiting an earlier request (bsc#1174737). - drm/i915: Flush execution tasklets before checking request status (bsc#1174737). - drm/i915: Flush tasklet submission before sleeping on i915_request_wait (bsc#1174737). - drm/i915: Ignore submit-fences on the same timeline (bsc#1174737). - drm/i915: Improve the start alignment of bonded pairs (bsc#1174737). - drm/i915: Keep track of request among the scheduling lists (bsc#1174737). - drm/i915: Lock signaler timeline while navigating (bsc#1174737). - drm/i915: Mark i915_request.timeline as a volatile, rcu pointer (bsc#1174737). - drm/i915: Mark racy read of intel_engine_cs.saturated (bsc#1174737). - drm/i915: Mark up unlocked update of i915_request.hwsp_seqno (bsc#1174737). - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) * context changes - drm/i915: Peel dma-fence-chains for await (bsc#1174737). - drm/i915: Prevent using semaphores to chain up to external fences (bsc#1174737). - drm/i915: Protect i915_request_await_start from early waits (bsc#1174737). - drm/i915: Pull waiting on an external dma-fence into its routine (bsc#1174737). - drm/i915: Rely on direct submission to the queue (bsc#1174737). - drm/i915: Remove wait priority boosting (bsc#1174737). - drm/i915: Reorder await_execution before await_request (bsc#1174737). - drm/i915: Return early for await_start on same timeline (bsc#1174737). - drm/i915: Use EAGAIN for trylock failures (bsc#1174737). - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/ingenic: Fix incorrect assumption about plane->index (bsc#1152489) * refreshed for context changes - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm: ratelimit crtc event overflow error (git-fixes). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (git-fixes). - drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (git-fixes). - drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm/radeon: disable AGP by default (git-fixes). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes). - drm/stm: repair runtime power management (git-fixes). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232). - drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1152489) * refreshed for context changes - drm/vmwgfx: Fix two list_for_each loop exit tests (git-fixes). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (git-fixes). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (git-fixes). - drm: hold gem reference until object is no longer accessed (git-fixes). - drm: msm: a6xx: fix gpu failure after system resume (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes). - dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes). - enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28). - ext2: fix missing percpu_counter_inc (bsc#1175774). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: do not BUG on inconsistent journal feature (bsc#1171634). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins (git-fixes). - firmware/psci: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: arm_scmi: Fix SCMI genpd domain probing (git-fixes). - firmware: arm_scmi: Keep the discrete clock rates sorted (git-fixes). - firmware: arm_sdei: use common SMCCC_CONDUIT_* (bsc#1174906). - firmware: Fix a reference count leak (git-fixes). - firmware: smccc: Add ARCH_SOC_ID support (bsc#1174906). - firmware: smccc: Add function to fetch SMCCC version (bsc#1174906). - firmware: smccc: Add HAVE_ARM_SMCCC_DISCOVERY to identify SMCCC v1.1 and above (bsc#1174906). - firmware: smccc: Add the definition for SMCCCv1.2 version/error codes (bsc#1174906). - firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead (bsc#1174906). - firmware: smccc: Refactor SMCCC specific bits into separate file (bsc#1174906). - firmware: smccc: Update link to latest SMCCC specification (bsc#1174906). - firmware_loader: fix memory leak for paged buffer (bsc#1175367). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175176). - fuse: fix weird page warning (bsc#1175175). - genetlink: remove genl_bind (networking-stable-20_07_17). - geneve: fix an uninitialized value in geneve_changelink() (git-fixes). - genirq/affinity: Improve __irq_build_affinity_masks() (bsc#1174897 ltc#187090). - genirq/affinity: Remove const qualifier from node_to_cpumask argument (bsc#1174897 ltc#187090). - genirq/affinity: Spread vectors on node according to nr_cpu ratio (bsc#1174897 ltc#187090). - gfs2: Another gfs2_find_jhead fix (bsc#1174824). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bsc#1174825). - go7007: add sanity checking for endpoints (git-fixes). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: arizona: put pm_runtime in case of failure (git-fixes). - gpio: max77620: Fix missing release of interrupt (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes). - habanalabs: increase timeout during reset (git-fixes). - HID: alps: support devices with report id 2 (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override (git-fixes). - HID: input: Fix devices that return multiple bytes in battery report (git-fixes). - HID: steam: fixes race in handling device list (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hwmon: (adm1275) Make sure we are reading enough data for different chips (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D (git-fixes). - hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() (git-fixes). - i2c: also convert placeholder function to return errno (git-fixes). - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes). - i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411). - i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411). - i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - i2c: iproc: fix race between client unreg and isr (git-fixes). - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes). - i2c: rcar: avoid race when unregistering slave (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (git-fixes). - i2c: slave: add sanity check when unregistering (git-fixes). - i2c: slave: improve sanity check when registering (git-fixes). - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes). - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes). - i40iw: Report correct firmware version (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (git-fixes). - IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes). - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes). - IB/hfi1: Ensure pq is not left on waitlist (git-fixes). - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes). - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes). - IB/mad: Fix use after free when destroying MAD agent (git-fixes). - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes). - IB/mlx5: Fix 50G per lane indication (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes). - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes). - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes). - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes). - IB/rdmavt: Delete unused routine (git-fixes). - IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (bsc#1174770). - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ice: Clear and free XLT entries on reset (jsc#SLE-7926). - ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926). - ide: Remove uninitialized_var() usage (git-fixes). - ieee802154: fix one possible memleak in adf7242_probe (git-fixes). - igc: Fix PTP initialization (bsc#1160634). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - Input: elan_i2c - only increment wakeup count on touch (git-fixes). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ionic: fix up filter locks and debug msgs (bsc#1167773). - ionic: keep rss hash after fw update (bsc#1167773). - ionic: unlock queue mutex in error path (bsc#1167773). - ionic: update filter id after replay (bsc#1167773). - ionic: use mutex to protect queue operations (bsc#1167773). - ionic: use offset for ethtool regs data (bsc#1167773). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17). - ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1175195). - iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI workaround for enum cpuhp_state (git-fixes). - kABI workaround for struct kvm_device (git-fixes). Just change an variable to "const" type in kvm_device. - kABI workaround for struct kvm_vcpu_arch (git-fixes). Add a struct variable to the end of kvm_vcpu_arch and kvm_vcpu_arch is embedded into kvm_vcpu at the end. It is usually used by pointer and allocated dynamically, so this change should be fine even for external kvm module. - kABI/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols. - kABI/severities: ignore qla2xxx as all symbols are internal - kABI: genetlink: remove genl_bind (kabi). - kABI: restore signature of xfrm_policy_bysel_ctx() and xfrm_policy_byid() (bsc#1174645). - kernel.h: remove duplicate include of asm/div64.h (git-fixes). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - kobject: Avoid premature parent object freeing in kobject_cleanup() (git-fixes). - KVM: Allow kvm_device_ops to be const (bsc#1172197 jsc#SLE-13593). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Correct CPSR on exception entry (bsc#1133021). - KVM: arm/arm64: Factor out hypercall handling from PSCI code (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Annotate hyp NMI-related functions as __always_inline (bsc#1175190). - KVM: arm64: Correct PSTATE on exception entry (bsc#1133021). - KVM: arm64: Document PV-time interface (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Fix 32bit PC wrap-around (bsc#1133021). - KVM: arm64: Implement PV_TIME_FEATURES call (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts (bsc#1133021). - KVM: arm64: Provide VCPU attributes for stolen time (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Select TASK_DELAY_ACCT+TASKSTATS rather than SCHEDSTATS (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm64: Stop writing aarch32's CSSELR into ACTLR (bsc#1133021). - KVM: arm64: Support stolen time reporting via shared structure (bsc#1172197 jsc#SLE-13593). - KVM: arm64: Use the correct timer structure to access the physical counter (bsc#1133021). - KVM: arm: vgic: Fix limit condition when writing to GICD_IACTIVER (bsc#1133021). - KVM: Implement kvm_put_guest() (bsc#1172197 jsc#SLE-13593). - KVM: Play nice with read-only memslots when querying host page size (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - KVM: Reinstall old memslots if arch preparation fails (bsc#1133021). - KVM: s390: Remove false WARN_ON_ONCE for the PQAP instruction (bsc#1133021). - KVM: x86: Fix APIC page invalidation race (bsc#1133021). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: gpio: Fix semantic error (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: lm36274: fix use-after-free on unbind (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - libbpf: Wrap source argument of BPF_CORE_READ macro in parentheses (bsc#1155518). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - locktorture: Print ratio of acquisitions, not failures (bsc#1149032). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: fix misplaced while instead of if (git-fixes). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - Mark the SLE15-SP2 kernel properly released. There perhaps was a typo, when SUSE_KERNEL_RELEASED missed the trailing "D" - this leads to our kernels being marked as "Unreleased kernel". SUSE_KERNEL_RELEASED is defined in rpm/kernel-binary.spec.in. To fix that, it should be enough to switch from SUSE_KERNEL_RELEASE to SUSE_KERNEL_RELEASED. - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: camss: fix memory leaks on error handling paths in probe (git-fixes). - media: cxusb-analog: fix V4L2 dependency (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: marvell-ccic: Add missed v4l2_async_notifier_cleanup() (git-fixes). - media: media-request: Fix crash if memory allocation fails (git-fixes). - media: nuvoton-cir: remove setting tx carrier functions (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes). - media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes). - media: sur40: Remove uninitialized_var() usage (git-fixes). - media: vpss: clean up resources in init (git-fixes). - media: vsp1: dl: Fix NULL pointer dereference on unbind (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488). - mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm: Fix protection usage propagation (bsc#1174002). - mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes). - mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - mtd: rawnand: fsl_upm: Remove unused mtd var (git-fixes). - mtd: rawnand: qcom: avoid write to unavailable register (git-fixes). - mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28). - mwifiex: Fix firmware filename for sd8977 chipset (git-fixes). - mwifiex: Fix firmware filename for sd8997 chipset (git-fixes). - mwifiex: Prevent memory corruption handling keys (git-fixes). - ndctl/papr_scm,uapi: Add support for PAPR nvdimm specific methods (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - net, sk_msg: Clear sk_user_data pointer on clone if tagged (bsc#1155518). - net, sk_msg: Do not use RCU_INIT_POINTER on sk_user_data (bsc#1155518). - net/bpfilter: Initialize pos in __bpfilter_process_sockopt (bsc#1155518). - net/bpfilter: split __bpfilter_process_sockopt (bsc#1155518). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464). - net/mlx5: E-switch, Destroy TSAR when fail to enable the mode (jsc#SLE-8464). - net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17). - net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17). - net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (jsc#SLE-8464). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid memory access violation by validating req_id properly (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: fix continuous keep-alive resets (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: Make missed_tx stat incremental (git-fixes). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: Prevent reset after device destruction (git-fixes). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: hns3: fix error handling for desc filling (git-fixes). - net: hns3: fix for not calculating TX BD send size correctly (git-fixes). - net: hns3: fix return value error when query MAC link status fail (git-fixes). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: lan78xx: replace bogus endpoint lookup (git-fixes). - net: mvneta: fix use of state->speed (networking-stable-20_07_17). - net: phy: Check harder for errors in get_phy_id() (git-fixes). - net: phy: fix memory leak in device-create error path (git-fixes). - net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17). - netdevsim: fix unbalaced locking in nsim_create() (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - ntb: Fix static check warning in perf_clear_test (git-fixes). - ntb: Fix the default port and peer numbers for legacy drivers (git-fixes). - ntb: hw: remove the code that sets the DMA mask (git-fixes). - ntb: ntb_pingpong: Choose doorbells based on port number (git-fixes). - ntb: ntb_test: Fix bug when counting remote files (git-fixes). - ntb: ntb_tool: reading the link file should not end in a NULL byte (git-fixes). - ntb: perf: Do not require one more memory window than number of peers (git-fixes). - ntb: perf: Fix race condition when run with ntb_test (git-fixes). - ntb: perf: Fix support for hardware that does not have port numbers (git-fixes). - ntb: Revert the change to use the NTB device dev for DMA allocations (git-fixes). - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes). - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme-multipath: set bdi capabilities once (bsc#1159058). - nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058). - nvme-rdma: Add warning on state change failure at (bsc#1159058). - nvme-tcp: Add warning on state change failure at (bsc#1159058). - nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058). - nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes). - nvme: always search for namespace head (bsc#1159058). - nvme: avoid an Identify Controller command for each namespace (bsc#1159058). - nvme: check namespace head shared property (bsc#1159058). - nvme: clean up nvme_scan_work (bsc#1159058). - nvme: cleanup namespace identifier reporting in (bsc#1159058). - nvme: consolidate chunk_sectors settings (bsc#1159058). - nvme: consolodate io settings (bsc#1159058). - nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058). - nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058). - nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058). - nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058). - nvme: Fix controller creation races with teardown flow (bsc#1159058). - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058). - nvme: fix identify error status silent ignore (git-fixes, bsc#1159058). - nvme: fix possible hang when ns scanning fails during error (bsc#1159058). - nvme: kABI fixes for nvme_ctrl (bsc#1159058). - nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058). - nvme: provide num dword helper (bsc#1159058). - nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058). - nvme: refine the Qemu Identify CNS quirk (bsc#1159058). - nvme: release ida resources (bsc#1159058). - nvme: release namespace head reference on error (bsc#1159058). - nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058). - nvme: remove unused parameter (bsc#1159058). - nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058). - nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058). - nvme: revalidate after verifying identifiers (bsc#1159058). - nvme: revalidate namespace stream parameters (bsc#1159058). - nvme: unlink head after removing last namespace (bsc#1159058). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (git-fixes). - openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register (git-fixes). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix runtime PM imbalance on error (git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - PCI: tegra: Revert tegra124 raw_violation_fixup (git-fixes). - phy: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes). - phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY (git-fixes). - phy: renesas: rcar-gen3-usb2: move irq registration to init (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - platform/chrome: cros_ec_ishtp: Fix a double-unlock issue (git-fixes). - platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: ISST: Add new PCI device ids (git-fixes). - PM: wakeup: Show statistics for deleted wakeup sources again (git-fixes). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395). - powerpc/iommu: Allow bypass-only for DMA (bsc#1156395). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/papr_scm: Add support for fetching nvdimm 'fuel-gauge' metric (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm health information from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Fetch nvdimm performance stats from PHYP (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Implement support for PAPR_PDSM_HEALTH (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Improve error logging and handling papr_scm_ndctl() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/papr_scm: Mark papr_scm_ndctl() as static (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc: Document details on H_SCM_HEALTH hcall (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - qed: suppress "do not support RoCE & iWARP" flooding on HW init (git-fixes). - qed: suppress false-positives interrupt error messages on HW init (git-fixes). - r8169: fix jumbo configuration for RTL8168evl (bsc#1175296). - r8169: fix jumbo packet handling on resume from suspend (bsc#1175296). - r8169: fix resume on cable plug-in (bsc#1175296). - r8169: fix rtl_hw_jumbo_disable for RTL8168evl (bsc#1175296). - r8169: move disabling interrupt coalescing to RTL8169/RTL8168 init (bsc#1175296). - r8169: read common register for PCI commit (bsc#1175296). - random32: move the pseudo-random 32-bit definitions to prandom.h (git-fixes). - random32: remove net_rand_state from the latent entropy gcc plugin (git-fixes). - random: fix circular include dependency on arm64 after addition of percpu.h (git-fixes). - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes). - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes). - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes). - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes). - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes). - RDMA/cm: Remove a race freeing timewait_info (git-fixes). - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes). - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes). - RDMA/core: Fix double destruction of uobject (git-fixes). - RDMA/core: Fix double put of resource (git-fixes). - RDMA/core: Fix missing error check on dev_set_name() (git-fixes). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes). - RDMA/core: Fix race between destroy and release FD object (git-fixes). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes). - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes). - RDMA/counter: Query a counter before release (git-fixes). - RDMA/efa: Set maximum pkeys device attribute (git-fixes). - RDMA/hns: Bugfix for querying qkey (git-fixes). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes). - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes). - RDMA/iwcm: Fix iwcm work deallocation (git-fixes). - RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes). - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes). - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes). - RDMA/mlx5: Add init2init as a modify command (git-fixes). - RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446). - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes). - RDMA/mlx5: Fix prefetch memory leak if get_prefetchable_mr fails (jsc#SLE-8446). - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes). - RDMA/mlx5: Fix typo in enum name (git-fixes). - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes). - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes). - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes). - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes). - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes). - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes). - RDMA/rxe: Set default vendor ID (git-fixes). - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes). - RDMA/siw: Fix failure handling during device creation (git-fixes). - RDMA/siw: Fix passive connection establishment (git-fixes). - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes). - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes). - RDMA/siw: Fix reporting vendor_part_id (git-fixes). - RDMA/siw: Fix setting active_mtu attribute (git-fixes). - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes). - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes). - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - remoteproc: qcom: q6v5: Update running state before requesting stop (git-fixes). - remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load (git-fixes). - remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (git-fixes). - Revert "drm/amd/display: Expose connector VRR range via debugfs" (bsc#1152489) * refreshed for context changes - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (git-fixes). - Revert "i2c: cadence: Fix the hold bit setting" (git-fixes). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (git-fixes). - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - rhashtable: Document the right function parameters (bsc#1174880). - rhashtable: drop duplicated word in (bsc#1174880). - rhashtable: Drop raw RCU deref in nested_table_free (bsc#1174880). - rhashtable: Fix unprotected RCU dereference in __rht_ptr (bsc#1174880). - rhashtable: Restore RCU marking on rhash_lock_head (bsc#1174880). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/modules.fips: * add ecdh_generic (boo#1173813) - rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - rtw88: fix LDPC field for RA info (git-fixes). - rtw88: fix short GI capability based on current bandwidth (git-fixes). - sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28). - sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (jsc#SLE-13654). - scsi: ipr: remove unneeded semicolon (jsc#SLE-13654). - scsi: ipr: Use scnprintf() for avoiding potential buffer overflow (jsc#SLE-13654). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - seq_buf: Export seq_buf_printf (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: 8250: fix null-ptr-deref in serial8250_start_tx() (git-fixes). - serial: 8250_mtk: Fix high-speed baud rates clamping (git-fixes). - serial: 8250_pci: Move Pericom IDs to pci_ids.h (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X (git-fixes). - serial: mxs-auart: add missed iounmap() in probe failure and remove (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - serial: tegra: fix CREAD handling for PIO (git-fixes). - soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834). - soc/tegra: pmc: Enable PMIC wake event on Tegra210 (bsc#1175116). - soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: mediatek: use correct SPI_CFG2_REG MACRO (git-fixes). - spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411). - spi: rockchip: Fix error in SPI slave pio read (git-fixes). - spi: spi-geni-qcom: Actually use our FIFO (git-fixes). - spi: spidev: Align buffers for DMA (git-fixes). - spi: stm32: fixes suspend/resume management (git-fixes). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - staging: rtl8712: handle firmware load failure (git-fixes). - staging: vchiq_arm: Add a matching unregister call (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28). - tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor() (git-fixes). - tpm: Require that all digests are present in TCG_PCR_EVENT2 structures (git-fixes). - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - ubsan: check panic_on_warn (bsc#1174805). - uio_pdrv_genirq: Remove warning when irq is not specified (bsc#1174762). - update upstream reference - usb: bdc: Halt controller on suspend (git-fixes). - usb: core: fix quirks_param_set() writing to a const pointer (git-fixes). - usb: dwc2: gadget: Make use of GINTMSK2 (git-fixes). - usb: dwc3: pci: add support for the Intel Jasper Lake (git-fixes). - usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant (git-fixes). - usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: check for return value in hso_serial_common_create() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: iowarrior: fix up report size handling for some devices (git-fixes). - usb: mtu3: clear dual mode of u3port when disable device (git-fixes). - usb: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - usb: serial: cp210x: re-enable auto-RTS on open (git-fixes). - usb: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - usb: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: tegra: Fix allocation for the FPCI context (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (git-fixes). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (git-fixes). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (git-fixes). - watchdog: initialize device before misc_register (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - wl1251: fix always return 0 error (git-fixes). - x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes). - xen/pvcalls-back: test for errors when calling backend_connect() (bsc#1065600). - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645). - xfrm: policy: match with both mark and mask on user interfaces (bsc#1174645). - xfs: do not eat an EIO/ENOSPC writeback error when scrubbing data fork (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xfs: preserve rmapbt swapext block reservation from freed blocks (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2486=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2486=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2486=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2486=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2486=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2486=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 kernel-default-extra-5.3.18-24.12.1 kernel-default-extra-debuginfo-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 kernel-default-livepatch-5.3.18-24.12.1 kernel-default-livepatch-devel-5.3.18-24.12.1 kernel-livepatch-5_3_18-24_12-default-1-5.3.1 kernel-livepatch-5_3_18-24_12-default-debuginfo-1-5.3.1 kernel-livepatch-SLE15-SP2_Update_2-debugsource-1-5.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 reiserfs-kmp-default-5.3.18-24.12.1 reiserfs-kmp-default-debuginfo-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.12.1 kernel-obs-build-debugsource-5.3.18-24.12.1 kernel-syms-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.12.1 kernel-preempt-debugsource-5.3.18-24.12.1 kernel-preempt-devel-5.3.18-24.12.1 kernel-preempt-devel-debuginfo-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.12.1 kernel-source-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.12.1 kernel-default-base-5.3.18-24.12.1.9.4.1 kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 kernel-default-devel-5.3.18-24.12.1 kernel-default-devel-debuginfo-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.12.1 kernel-preempt-debuginfo-5.3.18-24.12.1 kernel-preempt-debugsource-5.3.18-24.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.12.1 kernel-macros-5.3.18-24.12.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.12.1 cluster-md-kmp-default-debuginfo-5.3.18-24.12.1 dlm-kmp-default-5.3.18-24.12.1 dlm-kmp-default-debuginfo-5.3.18-24.12.1 gfs2-kmp-default-5.3.18-24.12.1 gfs2-kmp-default-debuginfo-5.3.18-24.12.1 kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 ocfs2-kmp-default-5.3.18-24.12.1 ocfs2-kmp-default-debuginfo-5.3.18-24.12.1 References: https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-16166.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154488 https://bugzilla.suse.com/1154492 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1171634 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172197 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173468 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173813 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174002 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174247 https://bugzilla.suse.com/1174362 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174645 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174737 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174762 https://bugzilla.suse.com/1174770 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174777 https://bugzilla.suse.com/1174805 https://bugzilla.suse.com/1174824 https://bugzilla.suse.com/1174825 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174865 https://bugzilla.suse.com/1174880 https://bugzilla.suse.com/1174897 https://bugzilla.suse.com/1174906 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175009 https://bugzilla.suse.com/1175010 https://bugzilla.suse.com/1175011 https://bugzilla.suse.com/1175012 https://bugzilla.suse.com/1175013 https://bugzilla.suse.com/1175014 https://bugzilla.suse.com/1175015 https://bugzilla.suse.com/1175016 https://bugzilla.suse.com/1175017 https://bugzilla.suse.com/1175018 https://bugzilla.suse.com/1175019 https://bugzilla.suse.com/1175020 https://bugzilla.suse.com/1175021 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175116 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175175 https://bugzilla.suse.com/1175176 https://bugzilla.suse.com/1175180 https://bugzilla.suse.com/1175181 https://bugzilla.suse.com/1175182 https://bugzilla.suse.com/1175183 https://bugzilla.suse.com/1175184 https://bugzilla.suse.com/1175185 https://bugzilla.suse.com/1175186 https://bugzilla.suse.com/1175187 https://bugzilla.suse.com/1175188 https://bugzilla.suse.com/1175189 https://bugzilla.suse.com/1175190 https://bugzilla.suse.com/1175191 https://bugzilla.suse.com/1175192 https://bugzilla.suse.com/1175195 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175263 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175296 https://bugzilla.suse.com/1175344 https://bugzilla.suse.com/1175345 https://bugzilla.suse.com/1175346 https://bugzilla.suse.com/1175347 https://bugzilla.suse.com/1175367 https://bugzilla.suse.com/1175377 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175546 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175691 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175774 https://bugzilla.suse.com/1175775 https://bugzilla.suse.com/1175834 https://bugzilla.suse.com/1175873 From sle-updates at lists.suse.com Fri Sep 4 04:13:54 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 12:13:54 +0200 (CEST) Subject: SUSE-SU-2020:2487-1: important: Security update for the Linux Kernel Message-ID: <20200904101354.67465F794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2487-1 Rating: important References: #1051510 #1058115 #1065600 #1065729 #1071995 #1082555 #1083647 #1085030 #1089895 #1090036 #1103990 #1103991 #1103992 #1104745 #1109837 #1111666 #1112178 #1112374 #1113956 #1114279 #1124278 #1127354 #1127355 #1127371 #1133021 #1137325 #1142685 #1144333 #1145929 #1148868 #1150660 #1151794 #1151927 #1152489 #1152624 #1154824 #1157169 #1158265 #1158983 #1159037 #1159058 #1159199 #1160388 #1160947 #1161016 #1162002 #1162063 #1163309 #1163403 #1163897 #1164284 #1164780 #1164871 #1165183 #1165478 #1165741 #1166780 #1166860 #1166861 #1166862 #1166864 #1166866 #1166867 #1166868 #1166870 #1166940 #1166969 #1166978 #1166985 #1167104 #1167288 #1167574 #1167851 #1167867 #1168081 #1168202 #1168332 #1168486 #1168670 #1168760 #1168762 #1168763 #1168764 #1168765 #1168789 #1168881 #1168884 #1168952 #1168959 #1169020 #1169057 #1169194 #1169390 #1169514 #1169525 #1169625 #1169762 #1169771 #1169795 #1170011 #1170056 #1170125 #1170145 #1170284 #1170345 #1170442 #1170457 #1170522 #1170592 #1170617 #1170618 #1170620 #1170621 #1170770 #1170778 #1170791 #1170901 #1171078 #1171098 #1171118 #1171124 #1171189 #1171191 #1171195 #1171202 #1171205 #1171214 #1171217 #1171218 #1171219 #1171220 #1171244 #1171293 #1171417 #1171424 #1171527 #1171529 #1171530 #1171558 #1171599 #1171600 #1171601 #1171602 #1171604 #1171605 #1171606 #1171607 #1171608 #1171609 #1171610 #1171611 #1171612 #1171613 #1171614 #1171615 #1171616 #1171617 #1171618 #1171619 #1171620 #1171621 #1171622 #1171623 #1171624 #1171625 #1171626 #1171662 #1171679 #1171691 #1171692 #1171694 #1171695 #1171732 #1171736 #1171739 #1171743 #1171753 #1171759 #1171817 #1171835 #1171841 #1171868 #1171904 #1171948 #1171949 #1171951 #1171952 #1171979 #1171982 #1171983 #1171988 #1172017 #1172096 #1172097 #1172098 #1172099 #1172101 #1172102 #1172103 #1172104 #1172127 #1172130 #1172185 #1172188 #1172199 #1172201 #1172202 #1172221 #1172247 #1172249 #1172251 #1172257 #1172317 #1172342 #1172343 #1172344 #1172366 #1172378 #1172391 #1172397 #1172453 #1172458 #1172484 #1172537 #1172538 #1172687 #1172719 #1172759 #1172775 #1172781 #1172782 #1172783 #1172871 #1172872 #1172999 #1173060 #1173074 #1173146 #1173265 #1173280 #1173284 #1173428 #1173514 #1173567 #1173573 #1173746 #1173818 #1173820 #1173825 #1173826 #1173833 #1173838 #1173839 #1173845 #1173857 #1174113 #1174115 #1174122 #1174123 #1174186 #1174187 #1174296 #1174343 #1174356 #1174409 #1174438 #1174462 Cross-References: CVE-2018-1000199 CVE-2019-19462 CVE-2019-20806 CVE-2019-20810 CVE-2019-20812 CVE-2019-20908 CVE-2019-9455 CVE-2020-0305 CVE-2020-0543 CVE-2020-10135 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-10781 CVE-2020-11669 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12659 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that solves 40 vulnerabilities and has 227 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or "CrossTalk" (bsc#1154824). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which caused a memory leak, aka CID-9453264ef586 (bnc#1172458). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: GED: add support for _Exx / _Lxx handler methods (bsc#1111666). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (bsc#1111666). - ACPI: NFIT: Fix unlock on error in scrub_show() (bsc#1171753). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix pm_profile_attr type (bsc#1111666). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - ACPI: video: Use native backlight on Acer Aspire 5783z (bsc#1111666). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (bsc#1111666). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add br_netfilter to kernel-default-base (bsc#1169020) - Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE. - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256 (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Add driver blacklist (bsc#1051510). - ALSA: hda: Add ElkhartLake HDMI codec vid (bsc#1111666). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (bsc#1111666). - ALSA: hda: Always use jackpoll helper for jack update after resume (bsc#1051510). - ALSA: hda: call runtime_allow() for all hda controllers (bsc#1051510). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/hdmi - enable runtime pm for newer AMD display audio (bsc#1111666). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Honor PM disablement in PM freeze and thaw_noirq ops (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda - let hs_mic be picked ahead of hp_mic (bsc#1111666). - ALSA: hda: Match both PCI ID and SSID for driver blacklist (bsc#1111666). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (bsc#1111666). - ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA (git-fixes). - ALSA: hda/realtek - Add HP new mute led supported for ALC236 (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (bsc#1111666). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Notebook (git-fixes). - ALSA: hda/realtek - Add supported new mute Led for HP (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295 (git-fixes). - ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295 (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (bsc#1111666). - ALSA: hda/realtek - Enable the headset mic on Asus FX505DT (bsc#1051510). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (bsc#1111666). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (bsc#1111666). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (bsc#1111666). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hda: Release resources at error in delayed probe (bsc#1051510). - ALSA: hda: Remove ASUS ROG Zenith from the blacklist (bsc#1051510). - ALSA: hda: Skip controller resume if not needed (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: lx6464es - add support for LX6464ESe pci express variant (bsc#1111666). - ALSA: opl3: fix infoleak in opl3 (bsc#1111666). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: disallow linking stream to itself (bsc#1111666). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add connector notifier delegation (bsc#1051510). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (bsc#1111666). - ALSA: usb-audio: add mapping for ASRock TRX40 Creator (git-fixes). - ALSA: usb-audio: Add mixer workaround for TRX40 and co (bsc#1051510). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (bsc#1111666). - ALSA: usb-audio: Add quirk for Focusrite Scarlett 2i2 (bsc#1051510). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb-audio: Add static mapping table for ALC1220-VB-based mobos (bsc#1051510). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (bsc#1111666). - ALSA: usb-audio: Apply async workaround for Scarlett 2i4 2nd gen (bsc#1051510). - ALSA: usb-audio: Check mapping at creating connector controls, too (bsc#1051510). - ALSA: usb-audio: Clean up quirk entries with macros (bsc#1111666). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not create jack controls for PCM terminals (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Filter error from connector kctl ops, too (bsc#1051510). - ALSA: usb-audio: Fix inconsistent card PM state after resume (bsc#1111666). - ALSA: usb-audio: Fix packet size calculation (bsc#1111666). - ALSA: usb-audio: Fix racy list management in output queue (bsc#1111666). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: Improve frames size computation (bsc#1111666). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (bsc#1111666). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (bsc#1111666). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12423). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (bsc#1111666). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (bsc#1111666). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (bsc#1111666). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (bsc#1111666). - ax25: fix setsockopt(SO_BINDTODEVICE) (networking-stable-20_05_27). - b43: Fix connection problem with WPA3 (bsc#1111666). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - b43_legacy: Fix connection problem with WPA3 (bsc#1111666). - batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510). - batman-adv: Do not schedule OGM for disabled interface (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert "bcache: shrink btree node cache after bch_btree_check()" (git fixes (block drivers)). - be2net: fix link failure after ethtool offline test (git-fixes). - blk-mq: honor IO scheduler for multiqueue devices (bsc#1165478). - blk-mq: simplify blk_mq_make_request() (bsc#1165478). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - Bluetooth: Add SCO fallback for invalid LMP parameters error (bsc#1111666). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix AER reset logic on 57500 chips (git-fixes). - bnxt_en: Fix ethtool selftest crash under error conditions (git-fixes). - bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails (git-fixes). - bnxt_en: Fix ipv6 RFS filter matching logic (git-fixes). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: fix NULL dereference in case SR-IOV configuration fails (git-fixes). - bnxt_en: Fix VF anti-spoof filter setup (networking-stable-20_05_12). - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features() (networking-stable-20_05_12). - bnxt_en: Improve AER slot reset (networking-stable-20_05_12). - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF (bsc#1104745). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bnxt_en: Return error if bnxt_alloc_ctx_mem() fails (bsc#1104745 ). - bnxt_en: Return error when allocating zero size context memory (bsc#1104745). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - bpf: Fix sk_psock refcnt leak when receiving message (bsc#1083647). - bpf: Forbid XADD on spilled pointers for unprivileged users (bsc#1083647). - brcmfmac: abort and release host after error (bsc#1051510). - brcmfmac: fix wrong location to get firmware feature (bsc#1111666). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: add new helper btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: Always use a cached extent_state in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - Btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - btrfs: fix extent_state leak in btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled after disable (bsc#1172247). - btrfs: relocation: add error injection points for cancelling balance (bsc#1171417). - btrfs: relocation: Check cancel request after each data page read (bsc#1171417). - btrfs: relocation: Check cancel request after each extent found (bsc#1171417). - btrfs: relocation: Clear the DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417). - btrfs: relocation: Fix reloc root leakage and the NULL pointer reference caused by the leakage (bsc#1171417). - btrfs: relocation: Work around dead relocation stage loop (bsc#1171417). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: Return EAGAIN if we can't start no snpashot write in check_can_nocow (bsc#1174438). - Btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - btrfs: Use newly introduced btrfs_lock_and_flush_ordered_range (bsc#1174438). - Btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads (bsc#1111666). - can: add missing attribute validation for termination (networking-stable-20_03_14). - carl9170: remove P2P_GO support (bsc#1111666). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: check if file lock exists before sending unlock request (bsc#1168789). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1167104). - ceph: demote quotarealm lookup warning to a debug message (bsc#1171692). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - ceph: request expedited service on session's last cap flush (bsc#1167104). - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages (bsc#1173857). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - char/random: Add a newline at the end of the file (jsc#SLE-12423). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - CIFS: ignore cached share root handle closing errors (bsc#1166780). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620, bsc#1170621). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (bsc#1111666). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - config: Enable CONFIG_RCU_BOOST - configfs: Fix bool initialization/comparison (bsc#1051510). - copy_{to,from}_user(): consolidate object size checks (git fixes). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - cpuidle: Do not unset the driver if it is there already (bsc#1051510). - crypto: algboss - do not wait during notifier callback (bsc#1111666). - crypto: algif_skcipher - Cap recv SG list at ctx->used (bsc#1111666). - crypto: arm64/sha-ce - implement export/import (bsc#1051510). - crypto: caam - update xts sector size for large input length (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (bsc#1111666). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - Crypto/chcr: fix for ccm(aes) failed test (bsc#1111666). - crypto: chelsio/chtls: properly set tp->lsndtime (bsc#1111666). - crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510). - crypto: talitos - fix IPsec cipher in length (git-fixes). - crypto: talitos - reorder code in talitos_edesc_alloc() (git-fixes). - crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510). - cxgb4: fix MPS index overwrite when setting MAC address (bsc#1127355). - cxgb4: fix Txq restart check during backpressure (bsc#1127354 bsc#1127371). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - devlink: fix return value after hitting end in region read (bsc#1109837). - devlink: validate length of param values (bsc#1109837). - devlink: validate length of region addr/len (bsc#1109837). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (bsc#1111666). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm-raid1: fix invalid return value from dm_mirror (bsc#1172378). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - driver-core, libnvdimm: Let device subsystems add local lockdep coverage (bsc#1171753). - drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172249, bsc#1172251). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617, bsc#1170618). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drivers: w1: add hwmon support structures (jsc#SLE-11048). - drivers: w1: add hwmon temp support for w1_therm (jsc#SLE-11048). - drivers: w1: refactor w1_slave_show to make the temp reading functionality separate (jsc#SLE-11048). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm: amd/display: fix Kconfig help text (bsc#1113956) * only fix DEBUG_KERNEL_DC - drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) (bsc#1111666). - drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event (bsc#1111666). - drm/amd/powerplay: force the trim of the mclk dpm_levels if OD is (bsc#1113956) - drm/atomic: Take the atomic toys away from X (bsc#1112178) * context changes - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm: bridge: adv7511: Extend list of audio sample rates (bsc#1111666). - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1113956) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm: encoder_slave: fix refcouting error for modules (bsc#1111666). - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/etnaviv: fix perfmon domain interation (bsc#1113956) - drm/etnaviv: rework perfmon query infrastructure (bsc#1112178) - drm/i915: Apply Wa_1406680159:icl,ehl as an engine workaround (bsc#1112178) * rename gt/intel_workarounds.c to intel_workarounds.c * context changes - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1112178) * rename display/intel_hdmi.c to intel_hdmi.c * context changes - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1112178) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (bsc#1111666). - drm/mediatek: Check plane visibility in atomic_update (bsc#1113956) * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1111666). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (bsc#1111666). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (bsc#1111666). - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1113956) - drm/radeon: fix double free (bsc#1113956) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1113956) - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - drm/sun4i: dsi: Allow binding the host without a panel (bsc#1113956) - drm/sun4i: dsi: Avoid hotplug race with DRM driver bind (bsc#1113956) - drm/sun4i: dsi: Remove incorrect use of runtime PM (bsc#1113956) * context changes - drm/sun4i: dsi: Remove unused drv from driver context (bsc#1113956) * context changes * keep include of sun4i_drv.h - drm/sun4i: hdmi ddc clk: Fix size of m divider (bsc#1111666). - drm/tegra: hub: Do not enable orphaned window group (bsc#1111666). - drm/vkms: Hold gem object while still in-use (bsc#1113956) * context changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - e1000: Distribute switch variables for initialization (bsc#1111666). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - e1000e: Relax condition to trigger reset for ME workaround (bsc#1111666). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - efi/random: Increase size of firmware supplied randomness (jsc#SLE-12423). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12423). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12423). - efi: Reorder pr_notice() with add_device_randomness() call (jsc#SLE-12423). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix a data race at inode->i_blocks (bsc#1171835). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fat: fix uninit-memory access for partial initialized inode (bsc#1051510). - fat: work around race with userspace's read via blockdev while mounting (bsc#1051510). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fdt: add support for rng-seed (jsc#SLE-12423). - fdt: Update CRC check for rng-seed (jsc#SLE-12423). - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (bsc#1111666). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - Fix boot crash with MD (bsc#1174343) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gpu: host1x: Detach driver on unregister (bsc#1111666). - gpu: ipu-v3: pre: do not trigger update if buffer address does not change (bsc#1111666). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172249, bsc#1172251). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (bsc#1111666). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (bsc#1111666). - hwmon: (max6697) Make sure the OVERT mask is set correctly (bsc#1111666). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (bsc#1111666). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: eg20t: Load module automatically if ID matches (bsc#1111666). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: jz4780: silence log flood on txabrt (bsc#1051510). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (bsc#1111666). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - i40e: reduce stack usage in i40e_set_fc (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (bsc#1103991). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (bsc#1111666). - iio:humidity:hdc100x Fix alignment and data leak issues (bsc#1111666). - iio:magnetometer:ak8974: Fix alignment and data leak issues (bsc#1111666). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (bsc#1111666). - iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio:pressure:ms5611 Fix buffer element alignment (bsc#1111666). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (bsc#1111666). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172249, bsc#1172251). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (bsc#1111666). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (bsc#1111666). - Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - intel_th: Fix a NULL dereference when hub driver is not loaded (bsc#1111666). - intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ip6_tunnel: Allow rcv/xmit even if remote address is a local address (bsc#1166978). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: fix restrict IPV6_ADDRFORM operation (bsc#1171662). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: call dev_change_flags when ipvlan mode is reset (git-fixes). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - ixgbe: do not check firmware errors (bsc#1170284). - ixgbevf: Remove limit of 10 entries for unicast filter list (git-fixes). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kabi fix for (bsc#1168202). - kabi fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12423). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - kernfs: fix barrier usage in __kernfs_new_node() (bsc#1111666). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - KVM: x86: Fix APIC page invalidation race (bsc#1174122). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - libceph: do not omit recovery_deletes in target_copy() (bsc#1174113). - libceph: ignore pool overlay and cache logic on redirects (bsc#1173146). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock (bsc#1171753). - libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant (bsc#1171753). - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() (bsc#1171753). - libnvdimm: cover up changes in struct nvdimm_bus (bsc#1171753). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Initialize bad block for volatile namespaces (bnc#1151927 5.3.6).++ kernel-source-rt.spec (revision 4)Release: <RELEASE>.g93af9dfProvides: %name-srchash-93af9df3581407689c1ac5b0aa06fcfb62b08f1c - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locks: print unsigned ino in /proc/locks (bsc#1171951). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1172687 bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211: add option for setting control flags (bsc#1111666). - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - mac80211: set IEEE80211_TX_CTRL_PORT_CTRL_PROTO for nl80211 TX (bsc#1111666). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - mailbox: imx: Disable the clock on devm_mbox_controller_register() failure (git-fixes). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (bsc#1166985)). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - media: dib0700: fix rc endpoint lookup (bsc#1051510). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: go7007: Fix URB type for interrupt handling (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: si2157: Better check for running tuner in init (bsc#1111666). - media: tda10071: fix unsigned sign extension overflow (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - media: usbtv: fix control-message timeouts (bsc#1051510). - media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510). - media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510). - media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510). - mei: release me_cl object reference (bsc#1051510). - mfd: dln2: Fix sanity checking for endpoints (bsc#1051510). - misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue (git-fixes). - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue (git-fixes). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: pci: Return error on PCI reset timeout (git-fixes). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed (git-fixes). - mlxsw: spectrum_dpipe: Add missing error path (git-fixes). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mlxsw: spectrum_mr: Fix list iteration in error path (bsc#1112374). - mlxsw: spectrum: Prevent force of 56G (git-fixes). - mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead (git-fixes). - mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (git-fixes). - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase (git-fixes). - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky (git-fixes). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: block: Fix request completion in the CQE timeout path (bsc#1111666). - mmc: block: Fix use-after-free issue for rpmb (bsc#1111666). - mmc: core: Check request type before completing the request (git-fixes). - mmc: core: Fix recursive locking issue in CQE recovery path (git-fixes). - mmc: cqhci: Avoid false "cqhci: CQE stuck on" by not open-coding timeout loop (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: fix compilation of user API (bsc#1051510). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (bsc#1111666). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (bsc#1111666). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - mm: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mvpp2: remove misleading comment (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (git-fixes). - net: ena: add missing ethtool TX timestamping indication (git-fixes). - net: ena: avoid memory access violation by validating req_id properly (git-fixes). - net: ena: do not wake up tx queue when down (git-fixes). - net: ena: ena-com.c: prevent NULL pointer dereference (git-fixes). - net: ena: ethtool: use correct value for crc32 hash (git-fixes). - net: ena: fix continuous keep-alive resets (git-fixes). - net: ena: fix corruption of dev_idx_to_host_tbl (git-fixes). - net: ena: fix default tx interrupt moderation interval (git-fixes). - net: ena: fix incorrect default RSS key (git-fixes). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (git-fixes). - net: ena: fix issues in setting interrupt moderation params in ethtool (git-fixes). - net: ena: fix potential crash when rxfh key is NULL (git-fixes). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (git-fixes). - net: ena: fix uses of round_jiffies() (git-fixes). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (git-fixes). - net: ena: reimplement set/get_coalesce() (git-fixes). - net: ena: rss: do not allocate key when not supported (git-fixes). - net: ena: rss: fix failure to get indirection table (git-fixes). - net: ena: rss: store hash function as values and not bits (git-fixes). - net/ethernet: add Google GVE driver (jsc#SLE-10538) - net: fec: add phy_reset_after_clk_enable() support (git-fixes). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net: hns3: fix "tc qdisc del" failed issue (bsc#1109837). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set (git-fixes). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Avoid panic when setting vport rate (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: ethtool, Fix a typo in WOL function names (git-fixes). - net/mlx5e: Fix traffic duplication in ethtool steering (git-fixes). - net/mlx5e: Remove unnecessary clear_bit()s (git-fixes). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (networking-stable-20_06_07). - net/mlx5: Fix failing fw tracer allocation on s390 (bsc#1103990 ). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net: mvmdio: allow up to four clocks to be specified for orion-mdio (git-fixes). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: mvpp2: prs: Do not override the sign bit in SRAM parser shift (git-fixes). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (networking-stable-20_05_27). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (bsc#1109837). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: usb: qmi_wwan: add Telit 0x1050 composition (networking-stable-20_06_07). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - nfc: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfp: abm: fix a memory leak bug (bsc#1109837). - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K (git-fixes). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - nfs: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - nfs: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - nfs: Fix memory leaks and corruption in readdir (git-fixes). - nfs: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - nfs: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - nfs/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - nfs/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - nfs: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() (bsc#1173857). - nl80211: fix NL80211_ATTR_CHANNEL_WIDTH attribute type (bsc#1111666). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme: fail cancelled commands with NVME_SC_HOST_PATH_ERROR (bsc#1158983 bsc#1172538). - nvme-fc: Fail transport errors with NVME_SC_HOST_PATH (bsc#1158983 bsc#1172538). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - nvme-tcp: fail command with NVME_SC_HOST_PATH_ERROR send failed (bsc#1158983 bsc#1172538). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - ocfs2: no need try to truncate file beyond i_size (bsc#1171841). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: ensure the reorder timer callback runs on the correct CPU (git-fixes). - padata: Remove broken queue flushing (git-fixes). - padata: reorder work kABI fixup (git-fixes). - Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()" (git fixes (block drivers)). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510). - PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Generalize multi-function power dependency device links (bsc#1111666). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201, bsc#1172202). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871, bsc#1172872). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172201, bsc#1172202). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871, bsc#1172872). - PCI: hv: Introduce hv_msi_entry (bsc#1172871, bsc#1172872). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871, bsc#1172872). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871, bsc#1172872). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871, bsc#1172872). - PCI: pciehp: Fix indefinite wait on sysfs requests (git-fixes). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI: pciehp: Support interrupts sent from D3hot (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510). - pcm_native: result of put_user() needs to be checked (bsc#1111666). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/intel/uncore: Handle invalid event coding for free-running counter (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - platform/x86: dell-laptop: do not register micmute LED if there is no token (bsc#1111666). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (bsc#1111666). - PM / Domains: Allow genpd users to specify default active wakeup behavior (git-fixes). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - power: vexpress: add suppress_bind_attrs to true (bsc#1111666). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - pxa168fb: fix release function mismatch in probe failure (bsc#1051510). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - qed: reduce maximum stack frame size (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - r8152: support additional Microsoft Surface Ethernet Adapter variant (networking-stable-20_05_27). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1111666) - RDMA/efa: Set maximum pkeys device attribute (bsc#1111666) - RDMA/efa: Support remote read access in MR registration (bsc#1111666) - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1111666) - README.BRANCH: Add Takashi Iwai as primary maintainer. - README.BRANCH: Replace Matt Fleming with Davidlohr Bueso as maintainer. - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (bsc#1111666). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert "ALSA: hda/realtek: Fix pop noise on ALC225" (git-fixes). - Revert "bcache: ignore pending signals when creating gc and allocator thread" (git fixes (block drivers)). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (bsc#1111666). - Revert "dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues" (git fixes (block drivers)). - Revert "drm/panel: simple: Add support for Sharp LQ150X1LG11 panels" (bsc#1114279) * offset changes - Revert "HID: i2c-hid: add Trekstor Primebook C11B to descriptor override" Depends on 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert "HID: i2c-hid: override HID descriptors for certain devices" This broke i2c-hid.ko's build, there is no way around it without a big file rename or renaming the kernel module. - Revert "i2c-hid: properly terminate i2c_hid_dmi_desc_override_table" Fixed 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()" (bsc#1172221). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (bsc#1103992). - Revert "thermal: mediatek: fix register index error" (bsc#1111666). - Revert "tools lib traceevent: Remove unneeded qsort and uses memmove" - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/cpum_cf: Add new extended counters for IBM z15 (bsc#1169762 LTC#185291). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: do not set affinity for floating irqs (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: aacraid: fix a signedness bug (bsc#1174296). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: hisi_sas: fix calls to dma_set_mask_and_coherent() (bsc#1174296). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164780). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: lpfc: Fix inconsistent indenting (bsc#1158983). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1158983). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1158983). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164780). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164780). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164780). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164780). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164780). - scsi: lpfc: remove duplicate unloading checks (bsc#1164780). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164780). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164780). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1158983). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: megaraid_sas: Fix a compilation warning (bsc#1174296). - scsi: mpt3sas: Fix double free in attach error handling (bsc#1174296). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1174296). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/powerpc: Fix build errors in powerpc ptrace selftests (boo#1124278). - Separate one more kABI fixup from the functional change: - seq_file: fix problem when seeking mid-record (bsc#1170125). - serdev: ttyport: restore client ops on deregistration (bsc#1051510). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: use "smp_mb()" to avoid sending spi data error (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fix initial SPI_SR value in spi-fsl-dspi (bsc#1111666). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: pxa2xx: Apply CS clk quirk to BXT (bsc#1111666). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spidev: fix a race between spidev_release and spidev_remove (bsc#1111666). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (bsc#1111666). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (bsc#1111666). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: comedi: verify array index is correct before using it (bsc#1111666). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510). - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510). - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - SUNRPC: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - supported.conf: Add br_netfilter to base (bsc#1169020). - svcrdma: Fix double svc_rdma_send_ctxt_put() in an error path (bsc#1103992). - svcrdma: Fix leak of transport addresses (git-fixes). - svcrdma: Fix trace point use-after-free race (bsc#1103992 ). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510). - timers: Add a function to start/reduce a timer (networking-stable-20_05_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (bsc#1111666). - tpm_tis: Remove the HID IFX0102 (bsc#1111666). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tty: rocket, avoid OOB access (git-fixes). - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510). - tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510). - tun: Do not put_page() for all negative return values from XDP program (bsc#1109837). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - ubifs: remove broken lazytime support (bsc#1173826). - Update config files: Build w1 bus on arm64 (jsc#SLE-11048) - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (bsc#1111666). - USB: cdc-acm: restore capability check order (git-fixes). - usb: chipidea: core: add wakeup support for extcon (bsc#1111666). - USB: core: Fix misleading driver bug report (bsc#1051510). - usb: dwc2: Fix shutdown callback in platform (bsc#1111666). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - usb: dwc3: gadget: introduce cancelled_list (git-fixes). - usb: dwc3: gadget: never call ->complete() from ->ep_queue() (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510). - usb: gadget: fix potential double-free in m66592_probe (bsc#1111666). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (bsc#1111666). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (bsc#1111666). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (bsc#1111666). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (bsc#1111666). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - USBnet: silence an unnecessary warning (bsc#1170770). - usbnet: smsc95xx: Fix use-after-free after removal (bsc#1111666). - USB: ohci-sm501: Add missed iounmap() in remove (bsc#1111666). - USB: serial: ch341: add new Product ID for CH340 (bsc#1111666). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (bsc#1111666). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510). - USB: serial: iuu_phoenix: fix memory corruption (bsc#1111666). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add GosunCn GM500 series (bsc#1111666). - USB: serial: option: add Quectel EG95 LTE modem (bsc#1111666). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174123). - vfs: Fix EOVERFLOW testing in put_compat_statfs64 (bnc#1151927 5.3.6). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - w1: Add subsystem kernel public interface (jsc#SLE-11048). - w1: Fix slave count on 1-Wire bus (resend) (jsc#SLE-11048). - w1: keep balance of mutex locks and refcnts (jsc#SLE-11048). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - w1: use put_device() if device_register() fail (jsc#SLE-11048). - watchdog: reset last_hw_keepalive time at start (git-fixes). - watchdog: sp805: fix restart handler (bsc#1111666). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: add general initialization/size checks (bsc#1111666). - wil6210: check rx_buff_mgmt before accessing it (bsc#1111666). - wil6210: ignore HALP ICR if already handled (bsc#1111666). - wil6210: make sure Rx ring sizes are correlated (git-fixes). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/apic: Install an empty physflat_init_apic_ldr (bsc#1163309). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/hyperv: Allow guests to enable InvariantTSC (bsc#1170621, bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170617, bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170617, bsc#1170618). - x86: hyperv: report value of misc_features (git fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170617, bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170617, bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes). - xfs: clear PF_MEMALLOC before exiting xfsaild thread (git-fixes). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-2487=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): cluster-md-kmp-rt-4.12.14-14.28.1 cluster-md-kmp-rt-debuginfo-4.12.14-14.28.1 dlm-kmp-rt-4.12.14-14.28.1 dlm-kmp-rt-debuginfo-4.12.14-14.28.1 gfs2-kmp-rt-4.12.14-14.28.1 gfs2-kmp-rt-debuginfo-4.12.14-14.28.1 kernel-rt-4.12.14-14.28.1 kernel-rt-base-4.12.14-14.28.1 kernel-rt-base-debuginfo-4.12.14-14.28.1 kernel-rt-debuginfo-4.12.14-14.28.1 kernel-rt-debugsource-4.12.14-14.28.1 kernel-rt-devel-4.12.14-14.28.1 kernel-rt-devel-debuginfo-4.12.14-14.28.1 kernel-rt_debug-debuginfo-4.12.14-14.28.1 kernel-rt_debug-debugsource-4.12.14-14.28.1 kernel-rt_debug-devel-4.12.14-14.28.1 kernel-rt_debug-devel-debuginfo-4.12.14-14.28.1 kernel-syms-rt-4.12.14-14.28.1 ocfs2-kmp-rt-4.12.14-14.28.1 ocfs2-kmp-rt-debuginfo-4.12.14-14.28.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (noarch): kernel-devel-rt-4.12.14-14.28.1 kernel-source-rt-4.12.14-14.28.1 References: https://www.suse.com/security/cve/CVE-2018-1000199.html https://www.suse.com/security/cve/CVE-2019-19462.html https://www.suse.com/security/cve/CVE-2019-20806.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20812.html https://www.suse.com/security/cve/CVE-2019-20908.html https://www.suse.com/security/cve/CVE-2019-9455.html https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-10690.html https://www.suse.com/security/cve/CVE-2020-10711.html https://www.suse.com/security/cve/CVE-2020-10720.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10751.html https://www.suse.com/security/cve/CVE-2020-10757.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-11669.html https://www.suse.com/security/cve/CVE-2020-12114.html https://www.suse.com/security/cve/CVE-2020-12464.html https://www.suse.com/security/cve/CVE-2020-12652.html https://www.suse.com/security/cve/CVE-2020-12653.html https://www.suse.com/security/cve/CVE-2020-12654.html https://www.suse.com/security/cve/CVE-2020-12655.html https://www.suse.com/security/cve/CVE-2020-12656.html https://www.suse.com/security/cve/CVE-2020-12657.html https://www.suse.com/security/cve/CVE-2020-12659.html https://www.suse.com/security/cve/CVE-2020-12769.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13143.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1051510 https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1082555 https://bugzilla.suse.com/1083647 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1089895 https://bugzilla.suse.com/1090036 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103991 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104745 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1114279 https://bugzilla.suse.com/1124278 https://bugzilla.suse.com/1127354 https://bugzilla.suse.com/1127355 https://bugzilla.suse.com/1127371 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1137325 https://bugzilla.suse.com/1142685 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1145929 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1150660 https://bugzilla.suse.com/1151794 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1152624 https://bugzilla.suse.com/1154824 https://bugzilla.suse.com/1157169 https://bugzilla.suse.com/1158265 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159037 https://bugzilla.suse.com/1159058 https://bugzilla.suse.com/1159199 https://bugzilla.suse.com/1160388 https://bugzilla.suse.com/1160947 https://bugzilla.suse.com/1161016 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1163309 https://bugzilla.suse.com/1163403 https://bugzilla.suse.com/1163897 https://bugzilla.suse.com/1164284 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1164871 https://bugzilla.suse.com/1165183 https://bugzilla.suse.com/1165478 https://bugzilla.suse.com/1165741 https://bugzilla.suse.com/1166780 https://bugzilla.suse.com/1166860 https://bugzilla.suse.com/1166861 https://bugzilla.suse.com/1166862 https://bugzilla.suse.com/1166864 https://bugzilla.suse.com/1166866 https://bugzilla.suse.com/1166867 https://bugzilla.suse.com/1166868 https://bugzilla.suse.com/1166870 https://bugzilla.suse.com/1166940 https://bugzilla.suse.com/1166969 https://bugzilla.suse.com/1166978 https://bugzilla.suse.com/1166985 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1167288 https://bugzilla.suse.com/1167574 https://bugzilla.suse.com/1167851 https://bugzilla.suse.com/1167867 https://bugzilla.suse.com/1168081 https://bugzilla.suse.com/1168202 https://bugzilla.suse.com/1168332 https://bugzilla.suse.com/1168486 https://bugzilla.suse.com/1168670 https://bugzilla.suse.com/1168760 https://bugzilla.suse.com/1168762 https://bugzilla.suse.com/1168763 https://bugzilla.suse.com/1168764 https://bugzilla.suse.com/1168765 https://bugzilla.suse.com/1168789 https://bugzilla.suse.com/1168881 https://bugzilla.suse.com/1168884 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169020 https://bugzilla.suse.com/1169057 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169390 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169525 https://bugzilla.suse.com/1169625 https://bugzilla.suse.com/1169762 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1169795 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170056 https://bugzilla.suse.com/1170125 https://bugzilla.suse.com/1170145 https://bugzilla.suse.com/1170284 https://bugzilla.suse.com/1170345 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170457 https://bugzilla.suse.com/1170522 https://bugzilla.suse.com/1170592 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170618 https://bugzilla.suse.com/1170620 https://bugzilla.suse.com/1170621 https://bugzilla.suse.com/1170770 https://bugzilla.suse.com/1170778 https://bugzilla.suse.com/1170791 https://bugzilla.suse.com/1170901 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1171098 https://bugzilla.suse.com/1171118 https://bugzilla.suse.com/1171124 https://bugzilla.suse.com/1171189 https://bugzilla.suse.com/1171191 https://bugzilla.suse.com/1171195 https://bugzilla.suse.com/1171202 https://bugzilla.suse.com/1171205 https://bugzilla.suse.com/1171214 https://bugzilla.suse.com/1171217 https://bugzilla.suse.com/1171218 https://bugzilla.suse.com/1171219 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1171244 https://bugzilla.suse.com/1171293 https://bugzilla.suse.com/1171417 https://bugzilla.suse.com/1171424 https://bugzilla.suse.com/1171527 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1171599 https://bugzilla.suse.com/1171600 https://bugzilla.suse.com/1171601 https://bugzilla.suse.com/1171602 https://bugzilla.suse.com/1171604 https://bugzilla.suse.com/1171605 https://bugzilla.suse.com/1171606 https://bugzilla.suse.com/1171607 https://bugzilla.suse.com/1171608 https://bugzilla.suse.com/1171609 https://bugzilla.suse.com/1171610 https://bugzilla.suse.com/1171611 https://bugzilla.suse.com/1171612 https://bugzilla.suse.com/1171613 https://bugzilla.suse.com/1171614 https://bugzilla.suse.com/1171615 https://bugzilla.suse.com/1171616 https://bugzilla.suse.com/1171617 https://bugzilla.suse.com/1171618 https://bugzilla.suse.com/1171619 https://bugzilla.suse.com/1171620 https://bugzilla.suse.com/1171621 https://bugzilla.suse.com/1171622 https://bugzilla.suse.com/1171623 https://bugzilla.suse.com/1171624 https://bugzilla.suse.com/1171625 https://bugzilla.suse.com/1171626 https://bugzilla.suse.com/1171662 https://bugzilla.suse.com/1171679 https://bugzilla.suse.com/1171691 https://bugzilla.suse.com/1171692 https://bugzilla.suse.com/1171694 https://bugzilla.suse.com/1171695 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171736 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171753 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171817 https://bugzilla.suse.com/1171835 https://bugzilla.suse.com/1171841 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1171948 https://bugzilla.suse.com/1171949 https://bugzilla.suse.com/1171951 https://bugzilla.suse.com/1171952 https://bugzilla.suse.com/1171979 https://bugzilla.suse.com/1171982 https://bugzilla.suse.com/1171983 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172017 https://bugzilla.suse.com/1172096 https://bugzilla.suse.com/1172097 https://bugzilla.suse.com/1172098 https://bugzilla.suse.com/1172099 https://bugzilla.suse.com/1172101 https://bugzilla.suse.com/1172102 https://bugzilla.suse.com/1172103 https://bugzilla.suse.com/1172104 https://bugzilla.suse.com/1172127 https://bugzilla.suse.com/1172130 https://bugzilla.suse.com/1172185 https://bugzilla.suse.com/1172188 https://bugzilla.suse.com/1172199 https://bugzilla.suse.com/1172201 https://bugzilla.suse.com/1172202 https://bugzilla.suse.com/1172221 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172249 https://bugzilla.suse.com/1172251 https://bugzilla.suse.com/1172257 https://bugzilla.suse.com/1172317 https://bugzilla.suse.com/1172342 https://bugzilla.suse.com/1172343 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172366 https://bugzilla.suse.com/1172378 https://bugzilla.suse.com/1172391 https://bugzilla.suse.com/1172397 https://bugzilla.suse.com/1172453 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172537 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173146 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173567 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173857 https://bugzilla.suse.com/1174113 https://bugzilla.suse.com/1174115 https://bugzilla.suse.com/1174122 https://bugzilla.suse.com/1174123 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174187 https://bugzilla.suse.com/1174296 https://bugzilla.suse.com/1174343 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 From sle-updates at lists.suse.com Fri Sep 4 07:13:31 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 15:13:31 +0200 (CEST) Subject: SUSE-RU-2020:2488-1: moderate: Recommended update for fwupdate Message-ID: <20200904131331.3BD1FFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2488-1 Rating: moderate References: #1174543 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of fwupdate fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2488=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2488=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2488=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2488=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): fwupdate-0.5-7.2.1 fwupdate-debuginfo-0.5-7.2.1 fwupdate-debugsource-0.5-7.2.1 fwupdate-efi-0.5-7.2.1 fwupdate-efi-debuginfo-0.5-7.2.1 libfwup0-0.5-7.2.1 libfwup0-debuginfo-0.5-7.2.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): fwupdate-0.5-7.2.1 fwupdate-debuginfo-0.5-7.2.1 fwupdate-debugsource-0.5-7.2.1 fwupdate-efi-0.5-7.2.1 fwupdate-efi-debuginfo-0.5-7.2.1 libfwup0-0.5-7.2.1 libfwup0-debuginfo-0.5-7.2.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): fwupdate-0.5-7.2.1 fwupdate-debuginfo-0.5-7.2.1 fwupdate-debugsource-0.5-7.2.1 fwupdate-efi-0.5-7.2.1 fwupdate-efi-debuginfo-0.5-7.2.1 libfwup0-0.5-7.2.1 libfwup0-debuginfo-0.5-7.2.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): fwupdate-0.5-7.2.1 fwupdate-debuginfo-0.5-7.2.1 fwupdate-debugsource-0.5-7.2.1 fwupdate-efi-0.5-7.2.1 fwupdate-efi-debuginfo-0.5-7.2.1 libfwup0-0.5-7.2.1 libfwup0-debuginfo-0.5-7.2.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Fri Sep 4 07:14:20 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 15:14:20 +0200 (CEST) Subject: SUSE-RU-2020:2489-1: moderate: Recommended update for fwupdate Message-ID: <20200904131420.676EBFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for fwupdate ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2489-1 Rating: moderate References: #1174543 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of fwupdate fixes the following issue: - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2489=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2489=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): fwupdate-12-11.5.1 fwupdate-debuginfo-12-11.5.1 fwupdate-debugsource-12-11.5.1 fwupdate-devel-12-11.5.1 fwupdate-efi-12-11.5.1 fwupdate-efi-debuginfo-12-11.5.1 libfwup1-12-11.5.1 libfwup1-debuginfo-12-11.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 x86_64): fwupdate-12-11.5.1 fwupdate-debuginfo-12-11.5.1 fwupdate-debugsource-12-11.5.1 fwupdate-devel-12-11.5.1 fwupdate-efi-12-11.5.1 fwupdate-efi-debuginfo-12-11.5.1 libfwup1-12-11.5.1 libfwup1-debuginfo-12-11.5.1 References: https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Fri Sep 4 10:14:51 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:14:51 +0200 (CEST) Subject: SUSE-SU-2020:2531-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1) Message-ID: <20200904161451.7AC7BF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2531-1 Rating: important References: #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_37 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2530=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-2531=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2514=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_34-default-5-2.2 kernel-livepatch-4_12_14-197_37-default-5-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_17-default-5-2.2 References: https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:15:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:15:58 +0200 (CEST) Subject: SUSE-SU-2020:2525-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15) Message-ID: <20200904161558.3C7DDF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2525-1 Rating: important References: #1165631 #1173942 #1174247 Cross-References: CVE-2020-11668 CVE-2020-14331 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_55 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2525=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_55-default-2-2.2 kernel-livepatch-4_12_14-150_55-default-debuginfo-2-2.2 References: https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:16:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:16:57 +0200 (CEST) Subject: SUSE-SU-2020:2506-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP4) Message-ID: <20200904161657.315EFF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2506-1 Rating: important References: #1173100 #1173659 #1173661 #1173869 #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_45 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2512=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2506=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le x86_64): kgraft-patch-4_12_14-122_7-default-6-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_45-default-6-2.2 References: https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:18:36 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:18:36 +0200 (CEST) Subject: SUSE-SU-2020:2505-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15) Message-ID: <20200904161836.95D5EF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2505-1 Rating: important References: #1173100 #1173659 #1173661 #1173663 #1173869 #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-0155 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_35 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2527=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-2528=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2520=1 SUSE-SLE-Module-Live-Patching-15-2020-2521=1 SUSE-SLE-Module-Live-Patching-15-2020-2522=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2511=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2503=1 SUSE-SLE-Live-Patching-12-SP4-2020-2504=1 SUSE-SLE-Live-Patching-12-SP4-2020-2505=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_21-default-8-2.2 kernel-livepatch-4_12_14-197_26-default-6-2.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_35-default-8-2.2 kernel-livepatch-4_12_14-150_35-default-debuginfo-8-2.2 kernel-livepatch-4_12_14-150_38-default-8-2.2 kernel-livepatch-4_12_14-150_38-default-debuginfo-8-2.2 kernel-livepatch-4_12_14-150_41-default-6-2.2 kernel-livepatch-4_12_14-150_41-default-debuginfo-6-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le x86_64): kgraft-patch-4_12_14-120-default-6-15.2 kgraft-patch-4_12_14-120-default-debuginfo-6-15.2 kgraft-patch-SLE12-SP5_Update_0-debugsource-6-15.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_32-default-8-2.2 kgraft-patch-4_12_14-95_37-default-7-2.2 kgraft-patch-4_12_14-95_40-default-6-2.2 References: https://www.suse.com/security/cve/CVE-2019-0155.html https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173663 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:20:13 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:20:13 +0200 (CEST) Subject: SUSE-SU-2020:2507-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP4) Message-ID: <20200904162013.0E60FF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2507-1 Rating: important References: #1173659 #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-16746 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_48 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2507=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_48-default-5-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:21:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:21:24 +0200 (CEST) Subject: SUSE-SU-2020:2524-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 15) Message-ID: <20200904162124.9E0AFF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2524-1 Rating: important References: #1165631 #1173659 #1173942 #1174186 #1174247 Cross-References: CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_52 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2524=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_52-default-2-2.2 kernel-livepatch-4_12_14-150_52-default-debuginfo-2-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:22:34 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:22:34 +0200 (CEST) Subject: SUSE-SU-2020:2513-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP5) Message-ID: <20200904162234.2AB5CF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2513-1 Rating: important References: #1173100 #1173659 #1173869 #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-14895 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_12 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2529=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-2523=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2513=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_29-default-6-2.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_47-default-6-2.2 kernel-livepatch-4_12_14-150_47-default-debuginfo-6-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le x86_64): kgraft-patch-4_12_14-122_12-default-6-2.2 References: https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:23:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:23:57 +0200 (CEST) Subject: SUSE-SU-2020:2502-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) Message-ID: <20200904162357.8E972F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2502-1 Rating: important References: #1165631 #1173659 #1173942 #1174247 Cross-References: CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_127 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2500=1 SUSE-SLE-SAP-12-SP3-2020-2501=1 SUSE-SLE-SAP-12-SP3-2020-2502=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2494=1 SUSE-SLE-SAP-12-SP2-2020-2495=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2500=1 SUSE-SLE-SERVER-12-SP3-2020-2501=1 SUSE-SLE-SERVER-12-SP3-2020-2502=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2494=1 SUSE-SLE-SERVER-12-SP2-2020-2495=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_121-default-2-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-2-2.2 kgraft-patch-4_4_180-94_124-default-2-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-2-2.2 kgraft-patch-4_4_180-94_127-default-2-2.2 kgraft-patch-4_4_180-94_127-default-debuginfo-2-2.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_135-default-2-2.2 kgraft-patch-4_4_121-92_138-default-2-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_121-default-2-2.2 kgraft-patch-4_4_180-94_121-default-debuginfo-2-2.2 kgraft-patch-4_4_180-94_124-default-2-2.2 kgraft-patch-4_4_180-94_124-default-debuginfo-2-2.2 kgraft-patch-4_4_180-94_127-default-2-2.2 kgraft-patch-4_4_180-94_127-default-debuginfo-2-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_135-default-2-2.2 kgraft-patch-4_4_121-92_138-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:25:03 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:25:03 +0200 (CEST) Subject: SUSE-SU-2020:2492-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) Message-ID: <20200904162503.595A4F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2492-1 Rating: important References: #1173100 #1173659 #1173661 #1173869 #1173942 #1173963 #1174247 Cross-References: CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2492=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2492=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_125-default-7-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_125-default-7-2.2 References: https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:26:23 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:26:23 +0200 (CEST) Subject: SUSE-SU-2020:2509-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP4) Message-ID: <20200904162623.66883F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2509-1 Rating: important References: #1165631 #1173659 #1174186 #1174247 Cross-References: CVE-2019-16746 CVE-2020-14331 CVE-2020-15780 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_54 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2509=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_54-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:27:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:27:28 +0200 (CEST) Subject: SUSE-SU-2020:2499-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) Message-ID: <20200904162728.89086F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2499-1 Rating: important References: #1173659 #1173942 #1174247 Cross-References: CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_116 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2499=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2493=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2499=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2493=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_116-default-3-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-3-2.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_129-default-4-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_116-default-3-2.2 kgraft-patch-4_4_180-94_116-default-debuginfo-3-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_129-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:28:26 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:28:26 +0200 (CEST) Subject: SUSE-SU-2020:2497-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP3) Message-ID: <20200904162826.492B6F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2497-1 Rating: important References: #1173100 #1173659 #1173661 #1173663 #1173867 #1173869 #1173942 #1173963 #1174247 Cross-References: CVE-2019-0155 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-18680 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_107 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-18680: Fixed a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c (bsc#1173867). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2497=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2497=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_107-default-7-2.2 kgraft-patch-4_4_180-94_107-default-debuginfo-7-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_107-default-7-2.2 kgraft-patch-4_4_180-94_107-default-debuginfo-7-2.2 References: https://www.suse.com/security/cve/CVE-2019-0155.html https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-18680.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173663 https://bugzilla.suse.com/1173867 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:29:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:29:57 +0200 (CEST) Subject: SUSE-SU-2020:2526-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1) Message-ID: <20200904162957.B8B9AF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2526-1 Rating: important References: #1173100 #1173659 #1173661 #1173663 #1173869 #1173934 #1173942 #1173963 #1174186 #1174247 Cross-References: CVE-2019-0155 CVE-2019-14895 CVE-2019-14901 CVE-2019-15117 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_18 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-15117: Fixed an OOB memory access in the USB sound mixer (bsc#1173934). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2526=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_18-default-8-2.2 References: https://www.suse.com/security/cve/CVE-2019-0155.html https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-15117.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173663 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173934 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:32:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:32:28 +0200 (CEST) Subject: SUSE-SU-2020:2517-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP5) Message-ID: <20200904163228.2E0EFF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2517-1 Rating: important References: #1165631 #1174186 #1174247 Cross-References: CVE-2020-14331 CVE-2020-15780 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_26 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2533=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2516=1 SUSE-SLE-Live-Patching-12-SP5-2020-2517=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_45-default-2-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_23-default-2-2.2 kgraft-patch-4_12_14-122_26-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:33:27 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:33:27 +0200 (CEST) Subject: SUSE-SU-2020:2491-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) Message-ID: <20200904163327.B3FEDF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2491-1 Rating: important References: #1173100 #1173659 #1173661 #1173663 #1173664 #1173665 #1173666 #1173867 #1173869 #1173942 #1173963 #1174247 Cross-References: CVE-2019-0155 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-18680 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP2-LTSS ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-18680: Fixed a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c (bsc#1173867). - CVE-2019-14816: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173666). - CVE-2019-14814: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173664). - CVE-2019-14815: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173665). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2496=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2491=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2496=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2491=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_103-default-9-2.2 kgraft-patch-4_4_180-94_103-default-debuginfo-9-2.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): kgraft-patch-4_4_121-92_120-default-9-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_103-default-9-2.2 kgraft-patch-4_4_180-94_103-default-debuginfo-9-2.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le x86_64): kgraft-patch-4_4_121-92_120-default-9-2.2 References: https://www.suse.com/security/cve/CVE-2019-0155.html https://www.suse.com/security/cve/CVE-2019-14814.html https://www.suse.com/security/cve/CVE-2019-14815.html https://www.suse.com/security/cve/CVE-2019-14816.html https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-14901.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-18680.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173661 https://bugzilla.suse.com/1173663 https://bugzilla.suse.com/1173664 https://bugzilla.suse.com/1173665 https://bugzilla.suse.com/1173666 https://bugzilla.suse.com/1173867 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:35:17 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:35:17 +0200 (CEST) Subject: SUSE-SU-2020:2508-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP4) Message-ID: <20200904163517.D8E2BF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2508-1 Rating: important References: #1172437 #1173659 #1174186 #1174247 Cross-References: CVE-2019-16746 CVE-2020-10757 CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed a privilege escalation in the mremap handling of DAX Huge Pages (bsc#1172437). - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2508=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_51-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2020-10757.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1172437 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:36:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:36:24 +0200 (CEST) Subject: SUSE-SU-2020:2534-1: important: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) Message-ID: <20200904163624.E423FF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2534-1 Rating: important References: #1165631 #1174247 Cross-References: CVE-2020-14331 CVE-2020-1749 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_48 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2534=1 SUSE-SLE-Module-Live-Patching-15-SP1-2020-2535=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2518=1 SUSE-SLE-Live-Patching-12-SP5-2020-2519=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-2510=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_48-default-2-2.2 kernel-livepatch-4_12_14-197_51-default-2-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_29-default-2-2.2 kgraft-patch-4_12_14-122_32-default-2-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_57-default-2-2.2 References: https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-1749.html https://bugzilla.suse.com/1165631 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:37:18 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:37:18 +0200 (CEST) Subject: SUSE-SU-2020:2498-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) Message-ID: <20200904163718.8C0EEF403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2498-1 Rating: important References: #1173100 #1173659 #1173869 #1173942 #1173963 #1174247 Cross-References: CVE-2019-14895 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_113 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2498=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2498=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_113-default-6-2.2 kgraft-patch-4_4_180-94_113-default-debuginfo-6-2.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_113-default-6-2.2 kgraft-patch-4_4_180-94_113-default-debuginfo-6-2.2 References: https://www.suse.com/security/cve/CVE-2019-14895.html https://www.suse.com/security/cve/CVE-2019-16746.html https://www.suse.com/security/cve/CVE-2019-19447.html https://www.suse.com/security/cve/CVE-2019-9458.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1173100 https://bugzilla.suse.com/1173659 https://bugzilla.suse.com/1173869 https://bugzilla.suse.com/1173942 https://bugzilla.suse.com/1173963 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:40:48 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:40:48 +0200 (CEST) Subject: SUSE-RU-2020:2490-1: important: Recommended update for transactional-update Message-ID: <20200904164048.B6106F3D7@maintenance.suse.de> SUSE Recommended Update: Recommended update for transactional-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2490-1 Rating: important References: #1162320 Affected Products: SUSE Linux Enterprise Module for Transactional Server 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for transactional-update fixes the following issue: - Mount efivarfs on EFI systems. (bsc#1162320) If the EFI variables are not available, some incorrect parameters will be attached to grub2-install, writing the binary to a wrong location. Due to this, the system fails at reboot with a missing symbol error. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Transactional Server 15-SP1: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP1-2020-2490=1 Package List: - SUSE Linux Enterprise Module for Transactional Server 15-SP1 (aarch64 ppc64le s390x x86_64): transactional-update-2.15-3.6.2 transactional-update-debuginfo-2.15-3.6.2 transactional-update-debugsource-2.15-3.6.2 - SUSE Linux Enterprise Module for Transactional Server 15-SP1 (noarch): transactional-update-zypp-config-2.15-3.6.2 References: https://bugzilla.suse.com/1162320 From sle-updates at lists.suse.com Fri Sep 4 10:41:28 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:41:28 +0200 (CEST) Subject: SUSE-SU-2020:2537-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) Message-ID: <20200904164128.ECE5BF3D7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2537-1 Rating: important References: #1174247 Cross-References: CVE-2020-14331 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.3.18-24_9 fixes one issue. The following security issue was fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2537=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_9-default-2-2.3 kernel-livepatch-5_3_18-24_9-default-debuginfo-2-2.3 kernel-livepatch-SLE15-SP2_Update_1-debugsource-2-2.3 References: https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 10:42:09 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 18:42:09 +0200 (CEST) Subject: SUSE-SU-2020:2515-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP5) Message-ID: <20200904164209.851F2F3D7@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2515-1 Rating: important References: #1174186 #1174247 Cross-References: CVE-2020-14331 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_20 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2536=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2532=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2515=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-22-default-2-5.2 kernel-livepatch-5_3_18-22-default-debuginfo-2-5.2 kernel-livepatch-SLE15-SP2_Update_0-debugsource-2-5.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_40-default-4-2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_20-default-4-2.2 References: https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1174186 https://bugzilla.suse.com/1174247 From sle-updates at lists.suse.com Fri Sep 4 13:13:41 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:13:41 +0200 (CEST) Subject: SUSE-SU-2020:2544-1: moderate: Security update for MozillaFirefox Message-ID: <20200904191341.709BDF794@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2544-1 Rating: moderate References: #1173991 #1174284 #1175686 Cross-References: CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading. (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2544=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2544=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2544=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2544=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2544=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2544=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2544=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2544=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2544=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2544=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2544=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2544=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2544=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2544=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2544=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2544=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2544=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 References: https://www.suse.com/security/cve/CVE-2020-15663.html https://www.suse.com/security/cve/CVE-2020-15664.html https://www.suse.com/security/cve/CVE-2020-15670.html https://bugzilla.suse.com/1173991 https://bugzilla.suse.com/1174284 https://bugzilla.suse.com/1175686 From sle-updates at lists.suse.com Fri Sep 4 13:14:46 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:14:46 +0200 (CEST) Subject: SUSE-RU-2020:2542-1: moderate: Recommended update for python-kiwi Message-ID: <20200904191446.4C44EF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2542-1 Rating: moderate References: #1096738 #1165730 #1172908 #1173226 #1173356 #1174009 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for python-kiwi contains the following fixes: - Bump version up to 9.21.7: This version upgrade includes several fixes: * Skip filesystem check for XFS prior xfs_grow running xfs_repair check isn't strictly necessary before resizing, and in some cases it may even prevent resizing by giving an error that would be cleared through mounting the fs (e.g. when the fs wasn't cleanly umounted, and thus letting xfs recover and replay its journal). Given that xfs can only grow online (while being mounted), this is sufficient to ensure that the fs is in a state where it can be resized. This is related to bsc#1174009. (bsc#1174009) * Fixed grub setup in EFI/BOOT directory kiwi copied the same grub.cfg file as it exists in boot/grub2 to the efi path. This is wrong as the setup in the efi boot directory is used to enable normal grub loading and not providing the user grub configuration. In addition the changes here makes sure that the early grub boot code is placed into the system in any EFI case except for secure boot when shim-install is present. If shim-install is present it also creates the early grub boot setup such that kiwi doesn't have to do it. This Fixes #1491 and Fixes bsc#1172908. (bsc#1172908) * Use rsync in inplace transfer mode Using the --inplace option in rsync helps to save space on syncing the rootfs data and prevents e.g OBS workers from running out of VM space when transfering root filesystem data. Also using --inplace allows to keep hardlinks intact. This is related to bsc#1096738. (bsc#1096738) * Don't keep copy of grub2-install in the system To prevent shim-install from calling grub2-install in uefi mode kiwi temporary replaces the tool by a noop. This acts as a workaround for an issue in shim-install. However the workaround left a file copy of grub2-install in the system which should not happen. This commit Fixes bsc#1173226 and Fixes #1490. (bsc#1173226) * Fixes live ISOs This commit fixes iso images. Due to a change introduced in c7ed1cf live ISOs were no longer booting as the rootfs.img filesystem was copied to the squashfs container while being still mounted. Because of that, at boot time, it refused to mount. This commit adds umount method for the filesystem base class, so it can be umounted before deleting the instance. Fixes #1489 and bsc#1173356. (bsc#1173356) * Support grub timeout_style parameter Grub supports a style setting that influences the display of the menu depending on the configured timeout value. With this patch kiwi allows to specify the style via a new bootloader parameter named timeout_style="hidden|countdown". If not set the grub default applies which shows the menu in any case. This Fixes bsc#1165730 and Fixes #1404. (bsc#1165730) * Use auto video mode as default for grub An explicit video mode 800x600 was used for grub if no video mode setup exists in the XML description. For grub this should better result in the auto mode. Related to bsc#1165730. (bsc#1165730) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2542=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2542=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2542=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2542=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dracut-kiwi-lib-9.21.7-3.33.5 dracut-kiwi-live-9.21.7-3.33.5 dracut-kiwi-oem-dump-9.21.7-3.33.5 dracut-kiwi-oem-repart-9.21.7-3.33.5 dracut-kiwi-overlay-9.21.7-3.33.5 kiwi-man-pages-9.21.7-3.33.5 kiwi-tools-9.21.7-3.33.5 kiwi-tools-debuginfo-9.21.7-3.33.5 python-kiwi-debugsource-9.21.7-3.33.5 python3-kiwi-9.21.7-3.33.5 - SUSE Linux Enterprise Server for SAP 15 (x86_64): kiwi-pxeboot-9.21.7-3.33.5 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dracut-kiwi-lib-9.21.7-3.33.5 dracut-kiwi-live-9.21.7-3.33.5 dracut-kiwi-oem-dump-9.21.7-3.33.5 dracut-kiwi-oem-repart-9.21.7-3.33.5 dracut-kiwi-overlay-9.21.7-3.33.5 kiwi-man-pages-9.21.7-3.33.5 kiwi-tools-9.21.7-3.33.5 kiwi-tools-debuginfo-9.21.7-3.33.5 python-kiwi-debugsource-9.21.7-3.33.5 python3-kiwi-9.21.7-3.33.5 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dracut-kiwi-lib-9.21.7-3.33.5 dracut-kiwi-live-9.21.7-3.33.5 dracut-kiwi-oem-dump-9.21.7-3.33.5 dracut-kiwi-oem-repart-9.21.7-3.33.5 dracut-kiwi-overlay-9.21.7-3.33.5 kiwi-man-pages-9.21.7-3.33.5 kiwi-tools-9.21.7-3.33.5 kiwi-tools-debuginfo-9.21.7-3.33.5 python-kiwi-debugsource-9.21.7-3.33.5 python3-kiwi-9.21.7-3.33.5 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): kiwi-pxeboot-9.21.7-3.33.5 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dracut-kiwi-lib-9.21.7-3.33.5 dracut-kiwi-live-9.21.7-3.33.5 dracut-kiwi-oem-dump-9.21.7-3.33.5 dracut-kiwi-oem-repart-9.21.7-3.33.5 dracut-kiwi-overlay-9.21.7-3.33.5 kiwi-man-pages-9.21.7-3.33.5 kiwi-tools-9.21.7-3.33.5 kiwi-tools-debuginfo-9.21.7-3.33.5 python-kiwi-debugsource-9.21.7-3.33.5 python3-kiwi-9.21.7-3.33.5 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): kiwi-pxeboot-9.21.7-3.33.5 References: https://bugzilla.suse.com/1096738 https://bugzilla.suse.com/1165730 https://bugzilla.suse.com/1172908 https://bugzilla.suse.com/1173226 https://bugzilla.suse.com/1173356 https://bugzilla.suse.com/1174009 From sle-updates at lists.suse.com Fri Sep 4 13:16:06 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:16:06 +0200 (CEST) Subject: SUSE-RU-2020:2545-1: moderate: Recommended update for yast2, yast2-packager, yast2-pkg-bindings Message-ID: <20200904191606.AE365F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2, yast2-packager, yast2-pkg-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2545-1 Rating: moderate References: #1162514 #1172477 #1173133 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2, yast2-packager, yast2-pkg-bindings contains the following fixes: Changes in yast2: - Do not start an UI while evaluating current language settings. (bsc#1173133) - Improve actions to stop and start a system service. (bsc#1162514) Changes in yast2-pkg-bindings: - Extensions to handle raw repository name. (bsc#1172477) Changes in yast2-packager: - Handle variable expansion in repository name. (bsc#1172477) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2545=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-2545=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-4.1.79-3.22.1 yast2-logs-4.1.79-3.22.1 yast2-packager-4.1.51-3.20.14 yast2-pkg-bindings-4.1.3-3.8.8 yast2-pkg-bindings-debuginfo-4.1.3-3.8.8 yast2-pkg-bindings-debugsource-4.1.3-3.8.8 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-4.1.79-3.22.1 yast2-packager-4.1.51-3.20.14 References: https://bugzilla.suse.com/1162514 https://bugzilla.suse.com/1172477 https://bugzilla.suse.com/1173133 From sle-updates at lists.suse.com Fri Sep 4 13:17:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:17:07 +0200 (CEST) Subject: SUSE-RU-2020:2539-1: important: Recommended update for golang-github-QubitProducts-exporter_exporter Message-ID: <20200904191707.45971F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-QubitProducts-exporter_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2539-1 Rating: important References: #1175946 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This Maintenance update for SUSE Manager fixes the following issue: - Add requires for fillup, groupadd, useradd, systemd (bsc#1175946) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2020-2539=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-1.6.1 References: https://bugzilla.suse.com/1175946 From sle-updates at lists.suse.com Fri Sep 4 13:17:57 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:17:57 +0200 (CEST) Subject: SUSE-RU-2020:2543-1: moderate: Recommended update for yast2-storage-ng Message-ID: <20200904191757.536F5F794@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2543-1 Rating: moderate References: #1115749 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage-ng provides the following fix: - Do not append a suffix to LVM Volume Group names unless it is needed. (bsc#1115749) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2543=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2020-2543=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.1.96-3.30.6 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.1.96-3.30.6 References: https://bugzilla.suse.com/1115749 From sle-updates at lists.suse.com Fri Sep 4 13:18:47 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:18:47 +0200 (CEST) Subject: SUSE-SU-2020:2541-1: important: Security update for the Linux Kernel Message-ID: <20200904191847.582EAF794@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2541-1 Rating: important References: #1065600 #1065729 #1071995 #1074701 #1083548 #1085030 #1085235 #1085308 #1087078 #1087082 #1094912 #1100394 #1102640 #1105412 #1111666 #1112178 #1113956 #1120163 #1133021 #1144333 #1152148 #1163524 #1165629 #1166965 #1169790 #1170232 #1171688 #1171988 #1172073 #1172108 #1172247 #1172418 #1172428 #1172781 #1172782 #1172783 #1172871 #1172872 #1172873 #1172963 #1173485 #1173798 #1173954 #1174003 #1174026 #1174070 #1174161 #1174205 #1174387 #1174484 #1174547 #1174549 #1174550 #1174625 #1174658 #1174685 #1174689 #1174699 #1174734 #1174757 #1174771 #1174840 #1174841 #1174843 #1174844 #1174845 #1174852 #1174873 #1174887 #1174904 #1174926 #1174968 #1175062 #1175063 #1175064 #1175065 #1175066 #1175067 #1175112 #1175127 #1175128 #1175149 #1175199 #1175213 #1175228 #1175232 #1175284 #1175393 #1175394 #1175396 #1175397 #1175398 #1175399 #1175400 #1175401 #1175402 #1175403 #1175404 #1175405 #1175406 #1175407 #1175408 #1175409 #1175410 #1175411 #1175412 #1175413 #1175414 #1175415 #1175416 #1175417 #1175418 #1175419 #1175420 #1175421 #1175422 #1175423 #1175440 #1175493 #1175515 #1175518 #1175526 #1175550 #1175654 #1175666 #1175667 #1175668 #1175669 #1175670 #1175767 #1175768 #1175769 #1175770 #1175771 #1175772 #1175786 #1175873 Cross-References: CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 130 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547). - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64/sve: should not depend on (bsc#1175401). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: Fix use-after-free in blkdev_get() (bsc#1174843). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak (bsc#1172247). - btrfs: file: reserve qgroup space after the hole punch range is locked (bsc#1172247). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: inode: move qgroup reserved space release to the callers of insert_reserved_file_extent() (bsc#1172247). - btrfs: inode: refactor the parameters of insert_reserved_file_extent() (bsc#1172247). - btrfs: make btrfs_ordered_extent naming consistent with btrfs_file_extent_item (bsc#1172247). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: qgroup: allow to unreserve range without releasing other ranges (bsc#1120163). - btrfs: qgroup: fix data leak caused by race between writeback and truncate (bsc#1172247). - btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT (bsc#1120163). - btrfs: qgroup: try to flush qgroup space when we get -EDQUOT (bsc#1120163). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - bus: hisi_lpc: Add .remove method to avoid driver unbind crash (bsc#1174658). - bus: hisi_lpc: Do not fail probe for unrecognised child devices (bsc#1174658). - bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free (bsc#1174658). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1174549 - console: newport_con: fix an issue about leak related system resources (git-fixes). - constrants: fix malformed XML Closing tag of an element is "", not "". Fixes: 8b37de2eb835 ("rpm/constraints.in: Increase memory for kernel-docs") - Created new preempt kernel flavor (jsc#SLE-11309) Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - crypto: rockchip - fix scatterlist nents error (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: talitos - check AES key size (git-fixes). - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dlm: remove BUG() before panic() (bsc#1174844). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) * refresh for context changes - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) * refreshed for context changes - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) * move drm_mipi_dbi.c -> tinydrm/mipi-drm.c * refresh for context changes - drm/debugfs: fix plain echo to connector "force" attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) * updated names of get/put functions - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - efi/memreserve: deal with memreserve entries in unmapped memory (bsc#1174685). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1174840). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fat: do not allow to mount if the FAT length == 0 (bsc#1174845). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. (bsc#1112178) * move files drivers/video/fbdev/core -> drivers/video/console * refresh for context changes - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - HID: hiddev: fix mess in hiddev_open() (git-fixes). - HISI LPC: Re-Add ACPI child enumeration support (bsc#1174658). - HISI LPC: Stop using MFD APIs (bsc#1174658). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - io-mapping: indicate mapping failure (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kabi: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel-docs: Change Requires on python-Sphinx to earlier than version 3 References: bsc#1166965 From 3 on the internal API that the build system uses was rewritten in an incompatible way. See https://github.com/sphinx-doc/sphinx/issues/7421 and https://bugzilla.suse.com/show_bug.cgi?id=1166965#c16 for some details. - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - kvm: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - lib: logic_pio: Add logic_pio_unregister_range() (bsc#1174658). - lib: logic_pio: Avoid possible overlap for unregistering regions (bsc#1174658). - lib: logic_pio: Fix RCU usage (bsc#1174658). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: hns3: add autoneg and change speed support for fibre port (bsc#1174070). - net: hns3: add support for FEC encoding control (bsc#1174070). - net: hns3: add support for multiple media type (bsc#1174070). - net: hns3: fix a not link up issue when fibre port supports autoneg (bsc#1174070). - net: hns3: fix for FEC configuration (bsc#1174070). - net: hns3: fix port capbility updating issue (bsc#1174070). - net: hns3: fix port setting handle for fibre port (bsc#1174070). - net: hns3: fix selftest fail issue for fibre port with autoneg on (bsc#1174070). - net: hns3: restore the MAC autoneg state after reset (bsc#1174070). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - NTB: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - NTB: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: Fix "try" semantics of bus and slot reset (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - propagate_one(): mnt_set_mountpoint() needs mount_lock (bsc#1174841). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (bsc#1111666). - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (bsc#1113956) * refresh for context changes - Revert "ocfs2: avoid inode removal while nfsd is accessing it" This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert "ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963)." This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert "ocfs2: load global_inode_alloc (bsc#1172963)." This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert pciehp patches that broke booting (bsc#1174887) - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/constraints.in: Increase memory for kernel-docs References: https://build.opensuse.org/request/show/792664 - rpm: drop execute permissions on source files Sometimes a source file with execute permission appears in upstream repository and makes it into our kernel-source packages. This is caught by OBS build checks and may even result in build failures. Sanitize the source tree by removing execute permissions from all C source and header files. - rpm/kabi.pl: account for namespace field being moved last Upstream is moving the namespace field in Module.symvers last in order to preserve backwards compatibility with kmod tools (depmod, etc). Fix the kabi.pl script to expect the namespace field last. Since split() ignores trailing empty fields and delimeters, switch to using tr to count how many fields/tabs are in a line. Also, in load_symvers(), pass LIMIT of -1 to split() so it does not strip trailing empty fields, as namespace is an optional field. - rpm/kernel-binary.spec.in: do not run klp-symbols for configs with no modules Starting with 5.8-rc1, s390x/zfcpdump builds fail because rpm/klp-symbols script does not find .tmp_versions directory. This is missing because s390x/zfcpdump is built without modules (CONFIG_MODULES disabled). As livepatching cannot work without modules, the cleanest solution is setting %klp_symbols to 0 if CONFIG_MODULES is disabled. (We cannot simply add another condition to the place where %klp_symbols is set as it can be already set to 1 from prjconf.) - rpm/kernel-binary.spec.in: restrict livepatch metapackage to default flavor It has been reported that the kernel-*-livepatch metapackage got erroneously enabled for SLE15-SP3's new -preempt flavor, leading to a unresolvable dependency to a non-existing kernel-livepatch-x.y.z-preempt package. As SLE12 and SLE12-SP1 have run out of livepatching support, the need to build said metapackage for the -xen flavor is gone and the only remaining flavor for which they're still wanted is -default. Restrict the build of the kernel-*-livepatch metapackage to the -default flavor. - rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup Co-Authored-By: Adam Spiers - rpm/kernel-obs-build.spec.in: Enable overlayfs Overlayfs is needed for podman or docker builds when no more specific driver can be used (like lvm or btrfs). As the default build fs is ext4 currently, we need overlayfs kernel modules to be available. - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rpm/mkspec-dtb: add mt76 based dtb package - rpm/package-descriptions: garbege collection remove old ARM and Xen flavors. - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scripts/git_sort/git_sort.py: add bluetooth/bluetooth-next.git repository - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - Update patch reference for a tipc fix patch (bsc#1175515) - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable USB generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - USB: xhci: define IDs for various ASMedia host controllers (git-fixes). - USB: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - USB: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - USB: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - vt_compat_ioctl(): clean up, use compat_ptr() properly (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2541=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.41.1 kernel-source-azure-4.12.14-8.41.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.41.1 kernel-azure-base-4.12.14-8.41.1 kernel-azure-base-debuginfo-4.12.14-8.41.1 kernel-azure-debuginfo-4.12.14-8.41.1 kernel-azure-devel-4.12.14-8.41.1 kernel-syms-azure-4.12.14-8.41.1 References: https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-16166.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1074701 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085235 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1087078 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1094912 https://bugzilla.suse.com/1100394 https://bugzilla.suse.com/1102640 https://bugzilla.suse.com/1105412 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1120163 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1166965 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172247 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174070 https://bugzilla.suse.com/1174161 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174547 https://bugzilla.suse.com/1174549 https://bugzilla.suse.com/1174550 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174658 https://bugzilla.suse.com/1174685 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174734 https://bugzilla.suse.com/1174757 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174840 https://bugzilla.suse.com/1174841 https://bugzilla.suse.com/1174843 https://bugzilla.suse.com/1174844 https://bugzilla.suse.com/1174845 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174873 https://bugzilla.suse.com/1174887 https://bugzilla.suse.com/1174904 https://bugzilla.suse.com/1174926 https://bugzilla.suse.com/1174968 https://bugzilla.suse.com/1175062 https://bugzilla.suse.com/1175063 https://bugzilla.suse.com/1175064 https://bugzilla.suse.com/1175065 https://bugzilla.suse.com/1175066 https://bugzilla.suse.com/1175067 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175393 https://bugzilla.suse.com/1175394 https://bugzilla.suse.com/1175396 https://bugzilla.suse.com/1175397 https://bugzilla.suse.com/1175398 https://bugzilla.suse.com/1175399 https://bugzilla.suse.com/1175400 https://bugzilla.suse.com/1175401 https://bugzilla.suse.com/1175402 https://bugzilla.suse.com/1175403 https://bugzilla.suse.com/1175404 https://bugzilla.suse.com/1175405 https://bugzilla.suse.com/1175406 https://bugzilla.suse.com/1175407 https://bugzilla.suse.com/1175408 https://bugzilla.suse.com/1175409 https://bugzilla.suse.com/1175410 https://bugzilla.suse.com/1175411 https://bugzilla.suse.com/1175412 https://bugzilla.suse.com/1175413 https://bugzilla.suse.com/1175414 https://bugzilla.suse.com/1175415 https://bugzilla.suse.com/1175416 https://bugzilla.suse.com/1175417 https://bugzilla.suse.com/1175418 https://bugzilla.suse.com/1175419 https://bugzilla.suse.com/1175420 https://bugzilla.suse.com/1175421 https://bugzilla.suse.com/1175422 https://bugzilla.suse.com/1175423 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175526 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175666 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175668 https://bugzilla.suse.com/1175669 https://bugzilla.suse.com/1175670 https://bugzilla.suse.com/1175767 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175786 https://bugzilla.suse.com/1175873 From sle-updates at lists.suse.com Fri Sep 4 13:32:38 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:32:38 +0200 (CEST) Subject: SUSE-RU-2020:2546-1: moderate: Recommended update for virt-manager Message-ID: <20200904193238.F2A5CF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2546-1 Rating: moderate References: #1158277 #1169708 #1172356 #1174176 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for virt-manager fixes the following issues: - bsc#1174176 - IDE: "Only 2 disks for bus 'NONE' are supported" - bsc#1169708 - Virtualization/virt-manager: Bug yast2 virt-install internal error - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached - bsc#1158277 - XEN: Additional network device can not be added into PV guest system using virt-manager Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2546=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): virt-install-1.5.1-22.3.1 virt-manager-1.5.1-22.3.1 virt-manager-common-1.5.1-22.3.1 References: https://bugzilla.suse.com/1158277 https://bugzilla.suse.com/1169708 https://bugzilla.suse.com/1172356 https://bugzilla.suse.com/1174176 From sle-updates at lists.suse.com Fri Sep 4 13:33:50 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:33:50 +0200 (CEST) Subject: SUSE-RU-2020:2549-1: moderate: Recommended update for OpenStack clients Message-ID: <20200904193350.9AA6FF794@maintenance.suse.de> SUSE Recommended Update: Recommended update for OpenStack clients ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2549-1 Rating: moderate References: #1121610 #1174571 #917818 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: Updated OpenStack clients to the latest OpenStack release named Ussuri. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2020-2549=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2549=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2549=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2549=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2549=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2549=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2549=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2549=1 Package List: - SUSE Manager Tools 15 (noarch): python3-pyinotify-0.9.6-4.5.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-decorator-4.4.2-7.3.13 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): python3-systemd-234-5.3.5 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-Sphinx-1.7.6-3.10.6 python3-alabaster-0.7.10-3.2.1 python3-barbicanclient-4.10.0-5.3.5 python3-cinderclient-7.0.0-8.4.5 python3-cliff-3.1.0-7.4.6 python3-cmd2-0.8.9-7.4.3 python3-contextlib2-0.6.0-3.2.13 python3-debtcollector-2.0.1-8.4.6 python3-decorator-4.4.2-7.3.13 python3-designateclient-4.0.0-5.3.5 python3-glanceclient-3.1.1-8.3.5 python3-heatclient-2.1.0-8.3.6 python3-imagesize-0.7.1-3.2.1 python3-ironicclient-4.1.0-5.3.6 python3-keystoneauth1-4.0.0-9.3.6 python3-keystoneclient-4.0.0-9.4.5 python3-magnumclient-3.0.0-7.3.6 python3-monascaclient-2.1.0-5.3.6 python3-monotonic-1.5-7.3.13 python3-neutronclient-7.1.1-7.3.6 python3-novaclient-17.0.0-8.4.6 python3-octaviaclient-2.0.1-5.3.6 python3-openstacksdk-0.46.0-7.4.5 python3-os-client-config-2.1.0-8.4.7 python3-os-service-types-1.7.0-8.4.5 python3-osc-lib-2.0.0-8.4.6 python3-oslo.concurrency-4.0.2-8.4.6 python3-oslo.config-8.0.2-8.4.5 python3-oslo.context-2.20.0-4.6.1 python3-oslo.i18n-4.0.1-8.4.5 python3-oslo.log-4.1.1-8.4.5 python3-oslo.serialization-3.1.1-8.4.5 python3-oslo.utils-4.1.1-8.4.4 python3-osprofiler-3.1.0-7.4.6 python3-pyinotify-0.9.6-4.5.1 python3-python-subunit-1.3.0-6.2.4 python3-rfc3986-1.4.0-7.4.4 python3-snowballstemmer-1.2.1-3.2.1 python3-sphinx_rtd_theme-0.2.4-3.2.1 python3-sphinxcontrib-1.0.1-4.2.1 python3-sphinxcontrib-apidoc-0.3.0-5.3.3 python3-sphinxcontrib-svg2pdfconverter-1.0.1-5.3.15 python3-sphinxcontrib-websupport-1.0.1-4.2.1 python3-statsd-3.3.0-5.3.13 python3-stestr-2.6.0-8.4.10 python3-stevedore-1.32.0-7.4.4 python3-swiftclient-3.9.0-7.4.5 python3-voluptuous-0.10.5-3.2.1 python3-wcwidth-0.1.8-3.5.11 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-Sphinx-1.7.6-3.10.6 python2-alabaster-0.7.10-3.2.1 python2-imagesize-0.7.1-3.2.1 python2-monotonic-1.5-7.3.13 python2-rfc3986-1.4.0-7.4.4 python2-snowballstemmer-1.2.1-3.2.1 python2-sphinx_rtd_theme-0.2.4-3.2.1 python2-sphinxcontrib-1.0.1-4.2.1 python2-sphinxcontrib-websupport-1.0.1-4.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-Sphinx-1.7.6-3.10.6 python2-alabaster-0.7.10-3.2.1 python2-imagesize-0.7.1-3.2.1 python2-snowballstemmer-1.2.1-3.2.1 python2-sphinx_rtd_theme-0.2.4-3.2.1 python2-sphinxcontrib-1.0.1-4.2.1 python2-sphinxcontrib-websupport-1.0.1-4.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): python3-Sphinx-1.7.6-3.10.6 python3-alabaster-0.7.10-3.2.1 python3-imagesize-0.7.1-3.2.1 python3-snowballstemmer-1.2.1-3.2.1 python3-sphinx_rtd_theme-0.2.4-3.2.1 python3-sphinxcontrib-1.0.1-4.2.1 python3-sphinxcontrib-websupport-1.0.1-4.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): python3-Sphinx-1.7.6-3.10.6 python3-alabaster-0.7.10-3.2.1 python3-imagesize-0.7.1-3.2.1 python3-snowballstemmer-1.2.1-3.2.1 python3-sphinx_rtd_theme-0.2.4-3.2.1 python3-sphinxcontrib-1.0.1-4.2.1 python3-sphinxcontrib-websupport-1.0.1-4.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-decorator-4.4.2-7.3.13 python3-monotonic-1.5-7.3.13 References: https://bugzilla.suse.com/1121610 https://bugzilla.suse.com/1174571 https://bugzilla.suse.com/917818 From sle-updates at lists.suse.com Fri Sep 4 13:34:58 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:34:58 +0200 (CEST) Subject: SUSE-RU-2020:2548-1: moderate: Recommended update for sapconf Message-ID: <20200904193458.0D23BFCEB@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapconf ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:2548-1 Rating: moderate References: #1124453 #1139176 #1150868 #1150870 #1166925 #1168067 #1168840 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for sapconf fixes the following issues: - Additions: * Added support for multique schedulers to sapconf (please refer to the man page of sapconf) * Added log rotation to prevent increasing disk space caused by log files (bsc#1166925) - Removed: * Removed tuned from sapconf as it's no longer needed Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2548=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2548=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2548=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2548=1 Package List: - SUSE OpenStack Cloud 7 (noarch): sapconf-5.0.0-33.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): sapconf-5.0.0-33.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): sapconf-5.0.0-33.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): sapconf-5.0.0-33.26.1 References: https://bugzilla.suse.com/1124453 https://bugzilla.suse.com/1139176 https://bugzilla.suse.com/1150868 https://bugzilla.suse.com/1150870 https://bugzilla.suse.com/1166925 https://bugzilla.suse.com/1168067 https://bugzilla.suse.com/1168840 From sle-updates at lists.suse.com Fri Sep 4 13:36:24 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:36:24 +0200 (CEST) Subject: SUSE-OU-2020:2550-1: moderate: Optional update for terraform-provider-google Message-ID: <20200904193624.295D6FCEB@maintenance.suse.de> SUSE Optional Update: Optional update for terraform-provider-google ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2550-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has 0 optional fixes can now be installed. Description: This update includes the terraform-provider-google in the Public Cloud Modules available for 15-SP1 and 15-SP2. (jsc#ECO-2340) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2550=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2550=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): terraform-provider-google-2.20.3-3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): terraform-provider-google-2.20.3-3.3.1 References: From sle-updates at lists.suse.com Fri Sep 4 13:37:07 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:37:07 +0200 (CEST) Subject: SUSE-OU-2020:2551-1: Optional update for meson Message-ID: <20200904193707.E3F31F794@maintenance.suse.de> SUSE Optional Update: Optional update for meson ______________________________________________________________________________ Announcement ID: SUSE-OU-2020:2551-1 Rating: low References: #1173025 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for meson doesn't fix any user visible issues, but fixes internal test cases only (bsc#1173025) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2551=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): meson-0.54.2-3.3.1 References: https://bugzilla.suse.com/1173025 From sle-updates at lists.suse.com Fri Sep 4 13:37:55 2020 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 4 Sep 2020 21:37:55 +0200 (CEST) Subject: SUSE-SU-2020:2540-1: important: Security update for the Linux Kernel Message-ID: <20200904193755.E12F3F403@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2540-1 Rating: important References: #1065600 #1065729 #1071995 #1074701 #1083548 #1085030 #1085235 #1085308 #1087078 #1087082 #1094912 #1100394 #1102640 #1105412 #1111666 #1112178 #1113956 #1120163 #1133021 #1144333 #1152148 #1163524 #1165629 #1166965 #1169790 #1170232 #1171688 #1172073 #1172108 #1172247 #1172418 #1172428 #1172781 #1172782 #1172783 #1172871 #1172872 #1172873 #1172963 #1173485 #1173798 #1173954 #1174003 #1174026 #1174070 #1174161 #1174205 #1174247 #1174387 #1174484 #1174547 #1174550 #1174625 #1174658 #1174685 #1174689 #1174699 #1174734 #1174757 #1174771 #1174840 #1174841 #1174843 #1174844 #1174845 #1174852 #1174873 #1174887 #1174904 #1174926 #1174968 #1175062 #1175063 #1175064 #1175065 #1175066 #1175067 #1175112 #1175127 #1175128 #1175149 #1175199 #1175213 #1175228 #1175232 #1175284 #1175393 #1175394 #1175396 #1175397 #1175398 #1175399 #1175400 #1175401 #1175402 #1175403 #1175404 #1175405 #1175406 #1175407 #1175408 #1175409 #1175410 #1175411 #1175412 #1175413 #1175414 #1175415 #1175416 #1175417 #1175418 #1175419 #1175420 #1175421 #1175422 #1175423 #1175440 #1175493 #1175515 #1175518 #1175526 #1175550 #1175654 #1175666 #1175667 #1175668 #1175669 #1175670 #1175767 #1175768 #1175769 #1175770 #1175771 #1175772 #1175786 #1175873 Cross-References: CVE-2018-3639 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 129 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix NULL pointer dereference during suspend (git-fixes). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (bsc#1111666). - ALSA: hda/realtek - Add quirk for Lenovo Carbon X1 8th gen (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (bsc#1111666). - ALSA: hda/realtek - Add quirk for MSI GL63 (bsc#1111666). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek - change to suitable link model for ASUS platform (bsc#1111666). - ALSA: hda/realtek - Check headset type by unplug and resume (bsc#1111666). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (bsc#1111666). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (bsc#1111666). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 (bsc#1111666). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (bsc#1111666). - ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) (bsc#1111666). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (bsc#1111666). - ALSA: hda/realtek - Fixed HP right speaker no sound (bsc#1111666). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (bsc#1111666). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) series with ALC289 (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: hda: Workaround for spurious wakeups on some Intel platforms (git-fixes). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P62