December 2020 - openSUSE Security Announce

openSUSE-SU-2020:2186-1: important: Security update for xorg-x11-server
by opensuse-security＠opensuse.org 07 Dec '20

07 Dec '20

openSUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2186-1 Rating: important References: #1174908 #1177596 Cross-References: CVE-2020-14360 CVE-2020-25712 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2186=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): xorg-x11-server-1.20.3-lp151.4.9.1 xorg-x11-server-debuginfo-1.20.3-lp151.4.9.1 xorg-x11-server-debugsource-1.20.3-lp151.4.9.1 xorg-x11-server-extra-1.20.3-lp151.4.9.1 xorg-x11-server-extra-debuginfo-1.20.3-lp151.4.9.1 xorg-x11-server-sdk-1.20.3-lp151.4.9.1 xorg-x11-server-source-1.20.3-lp151.4.9.1 xorg-x11-server-wayland-1.20.3-lp151.4.9.1 xorg-x11-server-wayland-debuginfo-1.20.3-lp151.4.9.1 References: https://www.suse.com/security/cve/CVE-2020-14360.html https://www.suse.com/security/cve/CVE-2020-25712.html https://bugzilla.suse.com/1174908 https://bugzilla.suse.com/1177596

1 0

openSUSE-SU-2020:2187-1: important: Security update for MozillaThunderbird
by opensuse-security＠opensuse.org 07 Dec '20

07 Dec '20

openSUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2187-1 Rating: important References: #1178894 Cross-References: CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: TODO - Mozilla Thunderbird 78.5.0 * new: OpenPGP: Added option to disable attaching the public key to a signed message (bmo#1654950) * new: MailExtensions: "compose_attachments" context added to Menus API (bmo#1670822) * new: MailExtensions: Menus API now available on displayed messages (bmo#1670825) * changed: MailExtensions: browser.tabs.create will now wait for "mail-delayed-startup-finished" event (bmo#1674407) * fixed: OpenPGP: Support for inline PGP messages improved (bmo#1672851) * fixed: OpenPGP: Message security dialog showed unverified keys as unavailable (bmo#1675285) * fixed: Chat: New chat contact menu item did not function (bmo#1663321) * fixed: Various theme and usability improvements (bmo#1673861) * fixed: Various security fixes MFSA 2020-52 (bsc#1178894) * CVE-2020-26951 (bmo#1667113) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012 (bmo#1642028) Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled without displaying the security UI * CVE-2020-26956 (bmo#1666300) XSS through paste (manual and clipboard API) * CVE-2020-26958 (bmo#1669355) Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959 (bmo#1669466) Use-after-free in WebRequestService * CVE-2020-26960 (bmo#1670358) Potential use-after-free in uses of nsTArray * CVE-2020-15999 (bmo#1672223) Heap buffer overflow in freetype * CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965 (bmo#1661617) Software keyboards may have remembered typed passwords * CVE-2020-26966 (bmo#1663571) Single-word search queries were also broadcast to local network * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, bmo#1671923) Memory safety bugs fixed in Thunderbird 78.5 - Mozilla Thunderbird 78.4.3 * fixed: User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme (bmo#1659282) * fixed: Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme (bmo#1675970) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2187=1 Package List: - openSUSE Leap 15.1 (x86_64): MozillaThunderbird-78.5.0-lp151.2.59.1 MozillaThunderbird-debuginfo-78.5.0-lp151.2.59.1 MozillaThunderbird-debugsource-78.5.0-lp151.2.59.1 MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1 MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1 References: https://www.suse.com/security/cve/CVE-2020-15999.html https://www.suse.com/security/cve/CVE-2020-16012.html https://www.suse.com/security/cve/CVE-2020-26951.html https://www.suse.com/security/cve/CVE-2020-26953.html https://www.suse.com/security/cve/CVE-2020-26956.html https://www.suse.com/security/cve/CVE-2020-26958.html https://www.suse.com/security/cve/CVE-2020-26959.html https://www.suse.com/security/cve/CVE-2020-26960.html https://www.suse.com/security/cve/CVE-2020-26961.html https://www.suse.com/security/cve/CVE-2020-26965.html https://www.suse.com/security/cve/CVE-2020-26966.html https://www.suse.com/security/cve/CVE-2020-26968.html https://bugzilla.suse.com/1178894

1 0

openSUSE-SU-2020:2181-1: important: Security update for chromium
by opensuse-security＠opensuse.org 07 Dec '20

07 Dec '20

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2181-1 Rating: important References: #1179576 Cross-References: CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Update to 87.0.4280.88 (boo#1179576) - CVE-2020-16037: Use after free in clipboard - CVE-2020-16038: Use after free in media - CVE-2020-16039: Use after free in extensions - CVE-2020-16040: Insufficient data validation in V8 - CVE-2020-16041: Out of bounds read in networking - CVE-2020-16042: Uninitialized Use in V8 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-2181=1 Package List: - openSUSE Leap 15.2 (x86_64): chromedriver-87.0.4280.88-lp152.2.57.1 chromedriver-debuginfo-87.0.4280.88-lp152.2.57.1 chromium-87.0.4280.88-lp152.2.57.1 chromium-debuginfo-87.0.4280.88-lp152.2.57.1 References: https://www.suse.com/security/cve/CVE-2020-16037.html https://www.suse.com/security/cve/CVE-2020-16038.html https://www.suse.com/security/cve/CVE-2020-16039.html https://www.suse.com/security/cve/CVE-2020-16040.html https://www.suse.com/security/cve/CVE-2020-16041.html https://www.suse.com/security/cve/CVE-2020-16042.html https://bugzilla.suse.com/1179576

1 0

openSUSE-SU-2020:2177-1: moderate: Security update for pngcheck
by opensuse-security＠opensuse.org 06 Dec '20

06 Dec '20

openSUSE Security Update: Security update for pngcheck ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2177-1 Rating: moderate References: #1179528 Cross-References: CVE-2020-27818 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pngcheck fixes the following issues: - CVE-2020-27818: Fixed a global buffer overflow in check_chunk_name function via crafted pngfile (boo#1179528). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-2177=1 Package List: - openSUSE Leap 15.2 (x86_64): pngcheck-2.3.0-lp152.4.3.1 pngcheck-debuginfo-2.3.0-lp152.4.3.1 References: https://www.suse.com/security/cve/CVE-2020-27818.html https://bugzilla.suse.com/1179528

1 0

openSUSE-SU-2020:2178-1: important: Security update for opera
by opensuse-security＠opensuse.org 06 Dec '20

06 Dec '20

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2178-1 Rating: important References: Cross-References: CVE-2020-16013 CVE-2020-16017 Affected Products: openSUSE Leap 15.2:NonFree openSUSE Leap 15.1:NonFree ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to version 72.0.3815.400 - DNA-88996 [Mac] Vertical spacing of sidebar items incorrect - DNA-89698 [Mac] text on bookmark bar not visible when application is not focused - DNA-89746 Add product-name switch to Opera launcher and installer - DNA-89779 Implement multi-window behavior for pinned Player - DNA-89924 Music continue to play after the disabling Player from Sidebar - DNA-89994 Fix progress bar shape and color - DNA-89995 Fix font sizes, weights and colors of text in control panel - DNA-90010 Payment Methods in Settings mention Google account - DNA-90022 [Mac][BigSur] Crash at -[BrowserWindowController window:willPositionSheet:usingRect:] - DNA-90025 Player stays in the autopause after reloading panel �� part 2 - DNA-90096 Sidebar click stat not collected for Player - DNA-90143 Adding a stat for Player sidebar clicks to the Avro schema - Update to version 72.0.3815.378 - CHR-8192 Update chromium on desktop-stable-86-3815 to 86.0.4240.198 - DNA-86550 XHRUint8Array test time out - DNA-88631 Unintended volume drop - DNA-88708 [Snap] Inproper area snapped - DNA-88726 [Mac] Overlay ��pause�� icon when Opera auto-pauses the Player - DNA-88903 Detach video button should not be visible - DNA-88938 Make home page reflect service configuration - DNA-88943 Learn more link on home page doesnt work - DNA-88944 Apple Music service slow to open - DNA-88948 Fetch audio focus request id from MediaSession - DNA-88949 Detach video button missing - DNA-88966 No accessiblity titles for services icons in home page - DNA-88967 Investigate creating a single BrowserSidebarModel instance - DNA-88995 Overlay ��pause�� is displayed when it shouldn��t - DNA-89017 Error when signing out of YouTube Music - DNA-89054 Audio is not resumed when muting audio in tab - DNA-89094 DCHECK when pressing Reload button - DNA-89095 Manage service data through PlayerService - DNA-89100 [Player] Crash �� many scenarios - DNA-89187 Reload button doesn��t work properly - DNA-89189 Update icons and buttons - DNA-89217 Enable #player-service on developer stream - DNA-89220 SidebarCarouselTests.* failing - DNA-89230 Crash at v8::Context::Enter() - DNA-89244 Define default widths per service - DNA-89245 Improve Spotify logo layout in home page buttons - DNA-89248 Crash at opera::WebPageBrowserSidebarItemContentViewViews ::UpdatePlayerService() - DNA-89278 [Sidebar] No notification for downloads and workspaces - DNA-89285 [Engine] Unable to launch skype with Opera - DNA-89292 Do not block page loads waiting for sitecheck data - DNA-89316 Should be able to navigate directly to playerServices section in settings - DNA-89339 Make popup appear with tooltip-like behavior - DNA-89340 Implement control panel looks in light and dark mode - DNA-89341 Make the control panel buttons work - DNA-89342 Add support for the DNA to the rollout system - DNA-89344 Show Music Service icon in the control panel - DNA-89360 Make ��Settings�� menu entry go to settings - DNA-89366 Make opera://feedback/babe attachable by the webdriver - DNA-89419 Crash at base::Value::GetAsDictionary (base::DictionaryValue const**) const - DNA-89469 Autopause does not work - DNA-89477 Do not wait with starting the player if the interrupting session is short - DNA-89480 Crash when hovering player panel - DNA-89484 Crash at base::internal::CheckedObserverAdapter ::IsMarkedForRemoval() - DNA-89489 Put control panel behind feature flag - DNA-89514 Implement feedback button for Player - DNA-89516 Do not auto-pause the Player when there is no sound - DNA-89553 Make the control panel show current song - DNA-89557 No accessibility title for rating and close buttons inside feedback dialog - DNA-89561 Make the control panel show artwork that represents current track - DNA-89575 Handle longer track and artist names - DNA-89577 Make progress bar work correctly - DNA-89630 Controler pop-up is too high (and service logo too) - DNA-89634 Panel width is reset when it shouldn��t - DNA-89654 Request higher resolution images for HiDPI - DNA-89655 Enable #player-service-control-panel on Developer stream - DNA-89671 No accessiblity titles for control panel elements - DNA-89672 String change ��A world of music�� - DNA-89679 Player �� don��t show control panel when Player in sidebar is opened - DNA-89722 Album cover arts are not visible - DNA-89766 Address bar does not respond to actions - DNA-89776 Control panel does not disappear after hovering elsewhere - DNA-89778 Implement multi-window behavior when no Player is pinned - DNA-89795 Player is enable after Opera restart (when in Settings was turned off) - DNA-89803 Artwork is cropped to the right - DNA-89812 Sidebar panel should hide when toggle between windows - DNA-89820 Incorrect music services for Philippines - DNA-89846 Do not show the control panel if there is nothing to show - DNA-89878 Clarify notification dot for messengers - DNA-89901 [Mac][Player] Zombie crash at exit - DNA-89952 Crash at opera::BrowserSidebarPlayerItemContentViewViews ::LoadPlayerServiceURL() - DNA-89964 Player stays in the autopause after reloading panel - DNA-89971 Multi window behaviour is not respected anymore - DNA-89976 Disallow docking for Player - DNA-89986 Enable #player-service and #player-service-control-panel on all streams - DNA-90006 Change services order in RU/UA/BY - The update to chromium 86.0.4240.198 fixes following issues: CVE-2020-16013, CVE-2020-16017 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2:NonFree: zypper in -t patch openSUSE-2020-2178=1 - openSUSE Leap 15.1:NonFree: zypper in -t patch openSUSE-2020-2178=1 Package List: - openSUSE Leap 15.2:NonFree (x86_64): opera-72.0.3815.400-lp152.2.24.1 - openSUSE Leap 15.1:NonFree (x86_64): opera-72.0.3815.400-lp151.2.36.1 References: https://www.suse.com/security/cve/CVE-2020-16013.html https://www.suse.com/security/cve/CVE-2020-16017.html

1 0

openSUSE-SU-2020:2173-1: moderate: Security update for python-cryptography
by opensuse-security＠opensuse.org 06 Dec '20

06 Dec '20

openSUSE Security Update: Security update for python-cryptography ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2173-1 Rating: moderate References: #1178168 Cross-References: CVE-2020-25659 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-2173=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): python-cryptography-debuginfo-2.8-lp152.2.3.1 python-cryptography-debugsource-2.8-lp152.2.3.1 python2-cryptography-2.8-lp152.2.3.1 python2-cryptography-debuginfo-2.8-lp152.2.3.1 python3-cryptography-2.8-lp152.2.3.1 python3-cryptography-debuginfo-2.8-lp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2020-25659.html https://bugzilla.suse.com/1178168

1 0

openSUSE-SU-2020:2169-1: important: Security update for python-pip
by opensuse-security＠opensuse.org 05 Dec '20

05 Dec '20

openSUSE Security Update: Security update for python-pip ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2169-1 Rating: important References: #1176262 Cross-References: CVE-2019-20916 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-pip fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-2169=1 Package List: - openSUSE Leap 15.2 (noarch): python2-pip-10.0.1-lp152.4.6.1 python2-pip-wheel-10.0.1-lp152.4.6.1 python3-pip-10.0.1-lp152.4.6.1 python3-pip-wheel-10.0.1-lp152.4.6.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262

1 0

openSUSE-SU-2020:2170-1: important: Security update for java-1_8_0-openjdk
by opensuse-security＠opensuse.org 05 Dec '20

05 Dec '20

openSUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2170-1 Rating: important References: #1179441 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u275 (icedtea 3.17.1) * JDK-8214440, bsc#1179441: Fix StartTLS functionality that was broken in openjdk272. (bsc#1179441) * JDK-8223940: Private key not supported by chosen signature algorithm * JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding * JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) * PR3815: Fix new s390 size_t issue in g1ConcurrentMarkObjArrayProcessor.cpp This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-2170=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): java-1_8_0-openjdk-1.8.0.275-lp152.2.6.2 java-1_8_0-openjdk-accessibility-1.8.0.275-lp152.2.6.2 java-1_8_0-openjdk-debuginfo-1.8.0.275-lp152.2.6.2 java-1_8_0-openjdk-debugsource-1.8.0.275-lp152.2.6.2 java-1_8_0-openjdk-demo-1.8.0.275-lp152.2.6.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.275-lp152.2.6.2 java-1_8_0-openjdk-devel-1.8.0.275-lp152.2.6.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.275-lp152.2.6.2 java-1_8_0-openjdk-headless-1.8.0.275-lp152.2.6.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.275-lp152.2.6.2 java-1_8_0-openjdk-src-1.8.0.275-lp152.2.6.2 - openSUSE Leap 15.2 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.275-lp152.2.6.2 References: https://bugzilla.suse.com/1179441

1 0

openSUSE-SU-2020:2168-1: moderate: Security update for rclone
by opensuse-security＠opensuse.org 05 Dec '20

05 Dec '20

openSUSE Security Update: Security update for rclone ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2168-1 Rating: moderate References: #1179005 Cross-References: CVE-2020-28924 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rclone fixes the following issues: rclone was updated to version 1.53.3: * Bug Fixes - Fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 boo#1179005 (Nick Craig-Wood) - Check https://github.com/rclone/passwordcheck for a tool check for weak passwords generated by rclone * VFS - Fix vfs/refresh calls with fs= parameter (Nick Craig-Wood) * Sharefile - Fix backend due to API swapping integers for strings (Nick Craig-Wood) Update to 1.53.2: * Bug Fixes - accounting + Fix incorrect speed and transferTime in core/stats (Nick Craig-Wood) + Stabilize display order of transfers on Windows (Nick Craig-Wood) - operations + Fix use of --suffix without --backup-dir (Nick Craig-Wood) + Fix spurious "--checksum is in use but the source and destination have no hashes in common" (Nick Craig-Wood) - build + Work around GitHub actions brew problem (Nick Craig-Wood) + Stop using set-env and set-path in the GitHub actions (Nick Craig-Wood) * Mount - mount2: Fix the swapped UID / GID values (Russell Cattelan) * VFS - Detect and recover from a file being removed externally from the cache (Nick Craig-Wood) - Fix a deadlock vulnerability in downloaders.Close (Leo Luan) - Fix a race condition in retryFailedResets (Leo Luan) - Fix missed concurrency control between some item operations and reset (Leo Luan) - Add exponential backoff during ENOSPC retries (Leo Luan) - Add a missed update of used cache space (Leo Luan) - Fix --no-modtime to not attempt to set modtimes (as documented) (Nick Craig-Wood) * Local - Fix sizes and syncing with --links option on Windows (Nick Craig-Wood) * Chunker - Disable ListR to fix missing files on GDrive (workaround) (Ivan Andreev) - Fix upload over crypt (Ivan Andreev) * Fichier - Increase maximum file size from 100GB to 300GB (gyutw) * Jottacloud - Remove clientSecret from config when upgrading to token based authentication (buengese) - Avoid double url escaping of device/mountpoint (albertony) - Remove DirMove workaround as it's not required anymore - also (buengese) * Mailru - Fix uploads after recent changes on server (Ivan Andreev) - Fix range requests after june changes on server (Ivan Andreev) - Fix invalid timestamp on corrupted files (fixes) (Ivan Andreev) * Onedrive - Fix disk usage for sharepoint (Nick Craig-Wood) * S3 - Add missing regions for AWS (Anagh Kumar Baranwal) * Seafile - Fix accessing libraries > 2GB on 32 bit systems (Muffin King) * SFTP - Always convert the checksum to lower case (buengese) * Union - Create root directories if none exist (Nick Craig-Wood) Update to version 1.53.1: * Bug Fixes - accounting: Remove new line from end of --stats-one-line display * VFS - Fix spurious error "vfs cache: failed to _ensure cache EOF" - Log an ERROR if we fail to set the file to be sparse * Local - Log an ERROR if we fail to set the file to be sparse * Drive - Re-adds special oauth help text * Opendrive - Do not retry 400 errors Update to version 1.53.0 * New Features - The VFS layer was heavily reworked for this release - see below for more details - Interactive mode -i/--interactive for destructive operations (fishbullet) - Add --bwlimit-file flag to limit speeds of individual file transfers (Nick Craig-Wood) - Transfers are sorted by start time in the stats and progress output (Max Sum) - Make sure backends expand ~ and environment vars in file names they use (Nick Craig-Wood) - Add --refresh-times flag to set modtimes on hashless backends (Nick Craig-Wood) - rclone check + Add reporting of filenames for same/missing/changed (Nick Craig-Wood) + Make check command obey --dry-run/-i/--interactive (Nick Craig-Wood) + Make check do --checkers files concurrently (Nick Craig-Wood) + Retry downloads if they fail when using the --download flag (Nick Craig-Wood) + Make it show stats by default (Nick Craig-Wood) - rclone config + Set RCLONE_CONFIG_DIR for use in config files and subprocesses (Nick Craig-Wood) + Reject remote names starting with a dash. (jtagcat) - rclone cryptcheck: Add reporting of filenames for same/missing/changed (Nick Craig-Wood) - rclone dedupe: Make it obey the --size-only flag for duplicate detection (Nick Craig-Wood) - rclone link: Add --expire and --unlink flags (Roman Kredentser) - rclone mkdir: Warn when using mkdir on remotes which can't have empty directories (Nick Craig-Wood) - rclone rc: Allow JSON parameters to simplify command line usage (Nick Craig-Wood) - rclone serve ftp + Don't compile on < go1.13 after dependency update (Nick Craig-Wood) + Add error message if auth proxy fails (Nick Craig-Wood) + Use refactored goftp.io/server library for binary shrink (Nick Craig-Wood) - rclone serve restic: Expose interfaces so that rclone can be used as a library from within restic (Jack) - rclone sync: Add --track-renames-strategy leaf (Nick Craig-Wood) - rclone touch: Add ability to set nanosecond resolution times (Nick Craig-Wood) - rclone tree: Remove -i shorthand for --noindent as it conflicts with -i/--interactive (Nick Craig-Wood) * Bug Fixes * Mount - rc interface + Add call for unmount all (Chaitanya Bankanhal) + Make mount/mount remote control take vfsOpt option (Nick Craig-Wood) + Add mountOpt to mount/mount (Nick Craig-Wood) + Add VFS and Mount options to mount/listmounts (Nick Craig-Wood) - Catch panics in cgofuse initialization and turn into error messages (Nick Craig-Wood) - Always supply stat information in Readdir (Nick Craig-Wood) - Add support for reading unknown length files using direct IO (Windows) (Nick Craig-Wood) - Fix On Windows don't add -o uid/gid=-1 if user supplies -o uid/gid. (Nick Craig-Wood) - Fix volume name broken in recent refactor (Nick Craig-Wood) * VFS - Implement partial reads for --vfs-cache-mode full (Nick Craig-Wood) - Add --vfs-writeback option to delay writes back to cloud storage (Nick Craig-Wood) - Add --vfs-read-ahead parameter for use with --vfs-cache-mode full (Nick Craig-Wood) - Restart pending uploads on restart of the cache (Nick Craig-Wood) - Support synchronous cache space recovery upon ENOSPC (Leo Luan) - Allow ReadAt and WriteAt to run concurrently with themselves (Nick Craig-Wood) - Change modtime of file before upload to current (Rob Calistri) - Recommend --vfs-cache-modes writes on backends which can't stream (Nick Craig-Wood) - Add an optional fs parameter to vfs rc methods (Nick Craig-Wood) - Fix errors when using > 260 char files in the cache in Windows (Nick Craig-Wood) - Fix renaming of items while they are being uploaded (Nick Craig-Wood) - Fix very high load caused by slow directory listings (Nick Craig-Wood) - Fix renamed files not being uploaded with --vfs-cache-mode minimal (Nick Craig-Wood) - Fix directory locking caused by slow directory listings (Nick Craig-Wood) - Fix saving from chrome without --vfs-cache-mode writes (Nick Craig-Wood) * Crypt Add --crypt-server-side-across-configs flag (Nick Craig-Wood) Make any created backends be cached to fix rc problems (Nick Craig-Wood) * Azure Blob Don't compile on < go1.13 after dependency update (Nick Craig-Wood) * B2 Implement server side copy for files > 5GB (Nick Craig-Wood) Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) Note that b2's encoding now allows \ but rclone's hasn't changed (Nick Craig-Wood) Fix transfers when using download_url (Nick Craig-Wood) * Box - Implement rclone cleanup (buengese) - Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) - Allow authentication with access token (David) * Chunker - Make any created backends be cached to fix rc problems (Nick Craig-Wood) * Drive - Add rclone backend drives to list shared drives (teamdrives) (Nick Craig-Wood) - Implement rclone backend untrash (Nick Craig-Wood) - Work around drive bug which didn't set modtime of copied docs (Nick Craig-Wood) - Added --drive-starred-only to only show starred files (Jay McEntire) - Deprecate --drive-alternate-export as it is no longer needed (themylogin) - Fix duplication of Google docs on server side copy (Nick Craig-Wood) - Fix "panic: send on closed channel" when recycling dir entries (Nick Craig-Wood) * Dropbox - Add copyright detector info in limitations section in the docs (Alex Guerrero) - Fix rclone link by removing expires parameter (Nick Craig-Wood) * Fichier - Detect Flood detected: IP Locked error and sleep for 30s (Nick Craig-Wood) * FTP - Add explicit TLS support (Heiko Bornholdt) - Add support for --dump bodies and --dump auth for debugging (Nick Craig-Wood) - Fix interoperation with pure-ftpd (Nick Craig-Wood) * Google Cloud Storage - Add support for anonymous access (Kai L��ke) * Jottacloud - Bring back legacy authentification for use with whitelabel versions (buengese) - Switch to new api root - also implement a very ugly workaround for the DirMove failures (buengese) * Onedrive - Rework cancel of multipart uploads on rclone exit (Nick Craig-Wood) - Implement rclone cleanup (Nick Craig-Wood) - Add --onedrive-no-versions flag to remove old versions (Nick Craig-Wood) * Pcloud - Implement rclone link for public link creation (buengese) * Qingstor - Cancel in progress multipart uploads on rclone exit (Nick Craig-Wood) * S3 - Preserve metadata when doing multipart copy (Nick Craig-Wood) - Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) - Add rclone link for public link sharing (Roman Kredentser) - Add rclone backend restore command to restore objects from GLACIER (Nick Craig-Wood) - Add rclone cleanup and rclone backend cleanup to clean unfinished multipart uploads (Nick Craig-Wood) - Add rclone backend list-multipart-uploads to list unfinished multipart uploads (Nick Craig-Wood) - Add --s3-max-upload-parts support (Kamil Trzci��ski) - Add --s3-no-check-bucket for minimising rclone transactions and perms (Nick Craig-Wood) - Add --s3-profile and --s3-shared-credentials-file options (Nick Craig-Wood) - Use regional s3 us-east-1 endpoint (David) - Add Scaleway provider (Vincent Feltz) - Update IBM COS endpoints (Egor Margineanu) - Reduce the default --s3-copy-cutoff to < 5GB for Backblaze S3 compatibility (Nick Craig-Wood) - Fix detection of bucket existing (Nick Craig-Wood) * SFTP - Use the absolute path instead of the relative path for listing for improved compatibility (Nick Craig-Wood) - Add --sftp-subsystem and --sftp-server-command options (aus) * Swift - Fix dangling large objects breaking the listing (Nick Craig-Wood) - Fix purge not deleting directory markers (Nick Craig-Wood) - Fix update multipart object removing all of its own parts (Nick Craig-Wood) - Fix missing hash from object returned from upload (Nick Craig-Wood) * Tardigrade - Upgrade to uplink v1.2.0 (Kaloyan Raev) * Union - Fix writing with the all policy (Nick Craig-Wood) * WebDAV - Fix directory creation with 4shared (Nick Craig-Wood) - Update to version 1.52.3 * Bug Fixes - docs + Disable smart typography (eg en-dash) in MANUAL.* and man page (Nick Craig-Wood) + Update install.md to reflect minimum Go version (Evan Harris) + Update install from source instructions (Nick Craig-Wood) + make_manual: Support SOURCE_DATE_EPOCH (Morten Linderud) - log: Fix --use-json-log going to stderr not --log-file on Windows (Nick Craig-Wood) - serve dlna: Fix file list on Samsung Series 6+ TVs (Matteo Pietro Dazzi) - sync: Fix deadlock with --track-renames-strategy modtime (Nick Craig-Wood) * Cache - Fix moveto/copyto remote:file remote:file2 (Nick Craig-Wood) * Drive - Stop using root_folder_id as a cache (Nick Craig-Wood) - Make dangling shortcuts appear in listings (Nick Craig-Wood) - Drop "Disabling ListR" messages down to debug (Nick Craig-Wood) - Workaround and policy for Google Drive API (Dmitry Ustalov) * FTP - Add note to docs about home vs root directory selection (Nick Craig-Wood) * Onedrive - Fix reverting to Copy when Move would have worked (Nick Craig-Wood) - Avoid comma rendered in URL in onedrive.md (Kevin) * Pcloud - Fix oauth on European region "eapi.pcloud.com" (Nick Craig-Wood) * S3 - Fix bucket Region auto detection when Region unset in config (Nick Craig-Wood) - Update to version 1.52.2 * Bug Fixes - build + Fix docker release build action (Nick Craig-Wood) + Fix custom timezone in Docker image (NoLooseEnds) - check: Fix misleading message which printed errors instead of differences (Nick Craig-Wood) - errors: Add WSAECONNREFUSED and more to the list of retriable Windows errors (Nick Craig-Wood) - rcd: Fix incorrect prometheus metrics (Gary Kim) - serve restic: Fix flags so they use environment variables (Nick Craig-Wood) - serve webdav: Fix flags so they use environment variables (Nick Craig-Wood) - sync: Fix --track-renames-strategy modtime (Nick Craig-Wood) * Drive - Fix not being able to delete a directory with a trashed shortcut (Nick Craig-Wood) - Fix creating a directory inside a shortcut (Nick Craig-Wood) - Fix --drive-impersonate with cached root_folder_id (Nick Craig-Wood) * SFTP - Fix SSH key PEM loading (Zac Rubin) * Swift - Speed up deletes by not retrying segment container deletes (Nick Craig-Wood) * Tardigrade - Upgrade to uplink v1.1.1 (Caleb Case) * WebDAV - Fix free/used display for rclone about/df for certain backends (Nick Craig-Wood) - Update to version 1.52.1 * VFS - Fix OS vs Unix path confusion - fixes ChangeNotify on Windows (Nick Craig-Wood) * Drive - Fix missing items when listing using --fast-list / ListR (Nick Craig-Wood) * Putio - Fix panic on Object.Open (Cenk Alti) * S3 - Fix upload of single files into buckets without create permission (Nick Craig-Wood) - Fix --header-upload (Nick Craig-Wood) * Tardigrade - Fix listing bug by upgrading to v1.0.7 - Set UserAgent to rclone (Caleb Case) - Update to version 1.52.0 * New backends - Tardigrade backend for use with storj.io (Caleb Case) - Union re-write to have multiple writable remotes (Max Sum) - Seafile for Seafile server (Fred @creativeprojects) * New commands - backend: command for backend specific commands (see backends) (Nick Craig-Wood) - cachestats: Deprecate in favour of rclone backend stats cache: (Nick Craig-Wood) - dbhashsum: Deprecate in favour of rclone hashsum DropboxHash (Nick Craig-Wood) * New Features - Add --header-download and --header-upload flags for setting HTTP headers when uploading/downloading (Tim Gallant) - Add --header flag to add HTTP headers to every HTTP transaction (Nick Craig-Wood) - Add --check-first to do all checking before starting transfers (Nick Craig-Wood) - Add --track-renames-strategy for configurable matching criteria for --track-renames (Bernd Schoolmann) - Add --cutoff-mode hard,soft,catious (Shing Kit Chan & Franklyn Tackitt) - Filter flags (eg --files-from -) can read from stdin (fishbullet) - Add --error-on-no-transfer option (Jon Fautley) - Implement --order-by xxx,mixed for copying some small and some big files (Nick Craig-Wood) - Allow --max-backlog to be negative meaning as large as possible (Nick Craig-Wood) - Added --no-unicode-normalization flag to allow Unicode filenames to remain unique (Ben Zenker) - Allow --min-age/--max-age to take a date as well as a duration (Nick Craig-Wood) - Add rename statistics for file and directory renames (Nick Craig-Wood) - Add statistics output to JSON log (reddi) - Make stats be printed on non-zero exit code (Nick Craig-Wood) - When running --password-command allow use of stdin (S��bastien Gross) - Stop empty strings being a valid remote path (Nick Craig-Wood) - accounting: support WriterTo for less memory copying (Nick Craig-Wood) - build + Update to use go1.14 for the build (Nick Craig-Wood) + Add -trimpath to release build for reproduceable builds (Nick Craig-Wood) + Remove GOOS and GOARCH from Dockerfile (Brandon Philips) - config + Fsync the config file after writing to save more reliably (Nick Craig-Wood) + Add --obscure and --no-obscure flags to config create/update (Nick Craig-Wood) + Make config show take remote: as well as remote (Nick Craig-Wood) - copyurl: Add --no-clobber flag (Denis) - delete: Added --rmdirs flag to delete directories as well (Kush) - filter: Added --files-from-raw flag (Ankur Gupta) - genautocomplete: Add support for fish shell (Matan Rosenberg) - log: Add support for syslog LOCAL facilities (Patryk Jakuszew) - lsjson: Add --hash-type parameter and use it in lsf to speed up hashing (Nick Craig-Wood) - rc + Add -o/--opt and -a/--arg for more structured input (Nick Craig-Wood) + Implement backend/command for running backend specific commands remotely (Nick Craig-Wood) + Add mount/mount command for starting rclone mount via the API (Chaitanya) - rcd: Add Prometheus metrics support (Gary Kim) - serve http + Added a --template flag for user defined markup (calistri) + Add Last-Modified headers to files and directories (Nick Craig-Wood) - serve sftp: Add support for multiple host keys by repeating --key flag (Maxime Suret) - touch: Add --localtime flag to make --timestamp localtime not UTC (Nick Craig-Wood) * Bug Fixes - accounting + Restore "Max number of stats groups reached" log line (Micha�� Matczuk) + Correct exitcode on Transfer Limit Exceeded flag. (Anuar Serdaliyev) + Reset bytes read during copy retry (Ankur Gupta) + Fix race clearing stats (Nick Craig-Wood) - copy: Only create empty directories when they don't exist on the remote (Ishuah Kariuki) - dedupe: Stop dedupe deleting files with identical IDs (Nick Craig-Wood) - oauth + Use custom http client so that --no-check-certificate is honored by oauth token fetch (Mark Spieth) + Replace deprecated oauth2.NoContext (Lars Lehtonen) - operations + Fix setting the timestamp on Windows for multithread copy (Nick Craig-Wood) + Make rcat obey --ignore-checksum (Nick Craig-Wood) + Make --max-transfer more accurate (Nick Craig-Wood) - rc + Fix dropped error (Lars Lehtonen) + Fix misplaced http server config (Xiaoxing Ye) + Disable duplicate log (ElonH) - serve dlna + Cds: don't specify childCount at all when unknown (Dan Walters) + Cds: use modification time as date in dlna metadata (Dan Walters) - serve restic: Fix tests after restic project removed vendoring (Nick Craig-Wood) - sync + Fix incorrect "nothing to transfer" message using --delete-before (Nick Craig-Wood) + Only create empty directories when they don't exist on the remote (Ishuah Kariuki) * Mount - Add --async-read flag to disable asynchronous reads (Nick Craig-Wood) - Ignore --allow-root flag with a warning as it has been removed upstream (Nick Craig-Wood) - Warn if --allow-non-empty used on Windows and clarify docs (Nick Craig-Wood) - Constrain to go1.13 or above otherwise bazil.org/fuse fails to compile (Nick Craig-Wood) - Fix fail because of too long volume name (evileye) - Report 1PB free for unknown disk sizes (Nick Craig-Wood) - Map more rclone errors into file systems errors (Nick Craig-Wood) - Fix disappearing cwd problem (Nick Craig-Wood) - Use ReaddirPlus on Windows to improve directory listing performance (Nick Craig-Wood) - Send a hint as to whether the filesystem is case insensitive or not (Nick Craig-Wood) - Add rc command mount/types (Nick Craig-Wood) - Change maximum leaf name length to 1024 bytes (Nick Craig-Wood) * VFS - Add --vfs-read-wait and --vfs-write-wait flags to control time waiting for a sequential read/write (Nick Craig-Wood) - Change default --vfs-read-wait to 20ms (it was 5ms and not configurable) (Nick Craig-Wood) - Make df output more consistent on a rclone mount. (Yves G) - Report 1PB free for unknown disk sizes (Nick Craig-Wood) - Fix race condition caused by unlocked reading of Dir.path (Nick Craig-Wood) - Make File lock and Dir lock not overlap to avoid deadlock (Nick Craig-Wood) - Implement lock ordering between File and Dir to eliminate deadlocks (Nick Craig-Wood) - Factor the vfs cache into its own package (Nick Craig-Wood) - Pin the Fs in use in the Fs cache (Nick Craig-Wood) - Add SetSys() methods to Node to allow caching stuff on a node (Nick Craig-Wood) - Ignore file not found errors from Hash in Read.Release (Nick Craig-Wood) - Fix hang in read wait code (Nick Craig-Wood) * Local - Speed up multi thread downloads by using sparse files on Windows (Nick Craig-Wood) - Implement --local-no-sparse flag for disabling sparse files (Nick Craig-Wood) - Implement rclone backend noop for testing purposes (Nick Craig-Wood) - Fix "file not found" errors on post transfer Hash calculation (Nick Craig-Wood) * Cache - Implement rclone backend stats command (Nick Craig-Wood) - Fix Server Side Copy with Temp Upload (Brandon McNama) - Remove Unused Functions (Lars Lehtonen) - Disable race tests until bbolt is fixed (Nick Craig-Wood) - Move methods used for testing into test file (greatroar) - Add Pin and Unpin and canonicalised lookup (Nick Craig-Wood) - Use proper import path go.etcd.io/bbolt (Robert-Andr�� Mauchin) * Crypt - Calculate hashes for uploads from local disk (Nick Craig-Wood) + This allows crypted Jottacloud uploads without using local disk + This means crypted s3/b2 uploads will now have hashes - Added rclone backend decode/encode commands to replicate functionality of cryptdecode (Anagh Kumar Baranwal) - Get rid of the unused Cipher interface as it obfuscated the code (Nick Craig-Wood) * Azure Blob - Implement streaming of unknown sized files so rcat is now supported (Nick Craig-Wood) - Implement memory pooling to control memory use (Nick Craig-Wood) - Add --azureblob-disable-checksum flag (Nick Craig-Wood) - Retry InvalidBlobOrBlock error as it may indicate block concurrency problems (Nick Craig-Wood) - Remove unused Object.parseTimeString() (Lars Lehtonen) - Fix permission error on SAS URL limited to container (Nick Craig-Wood) * B2 - Add support for --header-upload and --header-download (Tim Gallant) - Ignore directory markers at the root also (Nick Craig-Wood) - Force the case of the SHA1 to lowercase (Nick Craig-Wood) - Remove unused largeUpload.clearUploadURL() (Lars Lehtonen) * Box - Add support for --header-upload and --header-download (Tim Gallant) - Implement About to read size used (Nick Craig-Wood) - Add token renew function for jwt auth (David Bramwell) - Added support for interchangeable root folder for Box backend (Sunil Patra) - Remove unnecessary iat from jws claims (David) * Drive - Follow shortcuts by default, skip with --drive-skip-shortcuts (Nick Craig-Wood) - Implement rclone backend shortcut command for creating shortcuts (Nick Craig-Wood) - Added rclone backend command to change service_account_file and chunk_size (Anagh Kumar Baranwal) - Fix missing files when using --fast-list and --drive-shared-with-me (Nick Craig-Wood) - Fix duplicate items when using --drive-shared-with-me (Nick Craig-Wood) - Extend --drive-stop-on-upload-limit to respond to teamDriveFileLimitExceeded. (harry) - Don't delete files with multiple parents to avoid data loss (Nick Craig-Wood) - Server side copy docs use default description if empty (Nick Craig-Wood) * Dropbox - Make error insufficient space to be fatal (harry) - Add info about required redirect url (Elan Ruusam��e) * Fichier - Add support for --header-upload and --header-download (Tim Gallant) - Implement custom pacer to deal with the new rate limiting (buengese) * FTP - Fix lockup when using concurrency limit on failed connections (Nick Craig-Wood) - Fix lockup on failed upload when using concurrency limit (Nick Craig-Wood) - Fix lockup on Close failures when using concurrency limit (Nick Craig-Wood) - Work around pureftp sending spurious 150 messages (Nick Craig-Wood) * Google Cloud Storage - Add support for --header-upload and --header-download (Nick Craig-Wood) - Add ARCHIVE storage class to help (Adam Stroud) - Ignore directory markers at the root (Nick Craig-Wood) * Googlephotos - Make the start year configurable (Daven) - Add support for --header-upload and --header-download (Tim Gallant) - Create feature/favorites directory (Brandon Philips) - Fix "concurrent map write" error (Nick Craig-Wood) - Don't put an image in error message (Nick Craig-Wood) * HTTP - Improved directory listing with new template from Caddy project (calisro) * Jottacloud - Implement --jottacloud-trashed-only (buengese) - Add support for --header-upload and --header-download (Tim Gallant) - Use RawURLEncoding when decoding base64 encoded login token (buengese) - Implement cleanup (buengese) - Update docs regarding cleanup, removed remains from old auth, and added warning about special mountpoints. (albertony) * Mailru - Describe 2FA requirements (valery1707) * Onedrive - Implement --onedrive-server-side-across-configs (Nick Craig-Wood) - Add support for --header-upload and --header-download (Tim Gallant) - Fix occasional 416 errors on multipart uploads (Nick Craig-Wood) - Added maximum chunk size limit warning in the docs (Harry) - Fix missing drive on config (Nick Craig-Wood) - Make error quotaLimitReached to be fatal (harry) * Opendrive - Add support for --header-upload and --header-download (Tim Gallant) * Pcloud - Added support for interchangeable root folder for pCloud backend (Sunil Patra) - Add support for --header-upload and --header-download (Tim Gallant) - Fix initial config "Auth state doesn't match" message (Nick Craig-Wood) * Premiumizeme - Add support for --header-upload and --header-download (Tim Gallant) - Prune unused functions (Lars Lehtonen) * Putio - Add support for --header-upload and --header-download (Nick Craig-Wood) - Make downloading files use the rclone http Client (Nick Craig-Wood) - Fix parsing of remotes with leading and trailing / (Nick Craig-Wood) * Qingstor - Make rclone cleanup remove pending multipart uploads older than 24h (Nick Craig-Wood) - Try harder to cancel failed multipart uploads (Nick Craig-Wood) - Prune multiUploader.list() (Lars Lehtonen) - Lint fix (Lars Lehtonen) * S3 - Add support for --header-upload and --header-download (Tim Gallant) - Use memory pool for buffer allocations (Maciej Zimnoch) - Add SSE-C support for AWS, Ceph, and MinIO (Jack Anderson) - Fail fast multipart upload (Micha�� Matczuk) - Report errors on bucket creation (mkdir) correctly (Nick Craig-Wood) - Specify that Minio supports URL encoding in listings (Nick Craig-Wood) - Added 500 as retryErrorCode (Micha�� Matczuk) - Use --low-level-retries as the number of SDK retries (Aleksandar Jankovi��) - Fix multipart abort context (Aleksandar Jankovic) - Replace deprecated session.New() with session.NewSession() (Lars Lehtonen) - Use the provided size parameter when allocating a new memory pool (Joachim Brandon LeBlanc) - Use rclone's low level retries instead of AWS SDK to fix listing retries (Nick Craig-Wood) - Ignore directory markers at the root also (Nick Craig-Wood) - Use single memory pool (Micha�� Matczuk) - Do not resize buf on put to memBuf (Micha�� Matczuk) - Improve docs for --s3-disable-checksum (Nick Craig-Wood) - Don't leak memory or tokens in edge cases for multipart upload (Nick Craig-Wood) * Seafile - Implement 2FA (Fred) * SFTP - Added --sftp-pem-key to support inline key files (calisro) - Fix post transfer copies failing with 0 size when using set_modtime=false (Nick Craig-Wood) * Sharefile - Add support for --header-upload and --header-download (Tim Gallant) * Sugarsync - Add support for --header-upload and --header-download (Tim Gallant) * Swift - Add support for --header-upload and --header-download (Nick Craig-Wood) - Fix cosmetic issue in error message (Martin Michlmayr) * Union - Implement multiple writable remotes (Max Sum) - Fix server-side copy (Max Sum) - Implement ListR (Max Sum) - Enable ListR when upstreams contain local (Max Sum) * WebDAV - Add support for --header-upload and --header-download (Tim Gallant) - Fix X-OC-Mtime header for Transip compatibility (Nick Craig-Wood) - Report full and consistent usage with about (Yves G) * Yandex - Add support for --header-upload and --header-download (Tim Gallant) - Update to version 1.51.0 * See https://rclone.org/changelog/#v1-51-0-2020-02-01 for the complete changelog. - Update to version 1.50.2 * Bug Fixes - accounting: Fix memory leak on retries operations (Nick Craig-Wood) * Drive - Fix listing of the root directory with drive.files scope (Nick Craig-Wood) - Fix --drive-root-folder-id with team/shared drives (Nick Craig-Wood) - Update to version 1.50.1 * Bug Fixes - hash: Fix accidentally changed hash names for DropboxHash and CRC-32 (Nick Craig-Wood) - fshttp: Fix error reporting on tpslimit token bucket errors (Nick Craig-Wood) - fshttp: Don��t print token bucket errors on context cancelled (Nick Craig-Wood) * Local - Fix listings of . on Windows (Nick Craig-Wood) * Onedrive - Fix DirMove/Move after Onedrive change (Xiaoxing Ye) - Update to version 1.50.0 * New backends - Citrix Sharefile (Nick Craig-Wood) - Chunker - an overlay backend to split files into smaller parts (Ivan Andreev) - Mail.ru Cloud (Ivan Andreev) * New Features - encodings (Fabian M��ller & Nick Craig-Wood) + All backends now use file name encoding to ensure any file name can be written to any backend. + See the restricted file name docs for more info and the local backend docs. + Some file names may look different in rclone if you are using any control characters in names or unicode FULLWIDTH symbols. - build + Update to use go1.13 for the build (Nick Craig-Wood) + Drop support for go1.9 (Nick Craig-Wood) + Build rclone with GitHub actions (Nick Craig-Wood) + Convert python scripts to python3 (Nick Craig-Wood) + Swap Azure/go-ansiterm for mattn/go-colorable (Nick Craig-Wood) + Dockerfile fixes (Matei David) + Add plugin support for backends and commands (Richard Patel) - config + Use alternating Red/Green in config to make more obvious (Nick Craig-Wood) - contrib + Add sample DLNA server Docker Compose manifest. (pataquets) + Add sample WebDAV server Docker Compose manifest. (pataquets) - copyurl + Add --auto-filename flag for using file name from URL in destination path (Denis) - serve dlna: + Many compatability improvements (Dan Walters) + Support for external srt subtitles (Dan Walters) - rc + Added command core/quit (Saksham Khanna) * Bug Fixes - sync + Make --update/-u not transfer files that haven��t changed (Nick Craig-Wood) + Free objects after they come out of the transfer pipe to save memory (Nick Craig-Wood) + Fix --files-from without --no-traverse doing a recursive scan (Nick Craig-Wood) - operations + Fix accounting for server side copies (Nick Craig-Wood) + Display ��All duplicates removed�� only if dedupe successful (Sezal Agrawal) + Display ��Deleted X extra copies�� only if dedupe successful (Sezal Agrawal) - accounting + Only allow up to 100 completed transfers in the accounting list to save memory (Nick Craig-Wood) + Cull the old time ranges when possible to save memory (Nick Craig-Wood) + Fix panic due to server-side copy fallback (Ivan Andreev) + Fix memory leak noticeable for transfers of large numbers of objects (Nick Craig-Wood) + Fix total duration calculation (Nick Craig-Wood) - cmd + Fix environment variables not setting command line flags (Nick Craig-Wood) + Make autocomplete compatible with bash��s posix mode for macOS (Danil Semelenov) + Make --progress work in git bash on Windows (Nick Craig-Wood) + Fix ��compopt: command not found�� on autocomplete on macOS (Danil Semelenov) - config + Fix setting of non top level flags from environment variables (Nick Craig-Wood) + Check config names more carefully and report errors (Nick Craig-Wood) + Remove error: can��t use --size-only and --ignore-size together. (Nick Craig-Wood) + filter: Prevent mixing options when --files-from is in use (Michele Caci) + serve sftp: Fix crash on unsupported operations (eg Readlink) (Nick Craig-Wood) * Mount - Allow files of unkown size to be read properly (Nick Craig-Wood) - Skip tests on <= 2 CPUs to avoid lockup (Nick Craig-Wood) - Fix panic on File.Open (Nick Craig-Wood) - Fix ��mount_fusefs: -o timeout=: option not supported�� on FreeBSD (Nick Craig-Wood) - Don��t pass huge filenames (>4k) to FUSE as it can��t cope (Nick Craig-Wood) * VFS - Add flag --vfs-case-insensitive for windows/macOS mounts (Ivan Andreev) - Make objects of unknown size readable through the VFS (Nick Craig-Wood) - Move writeback of dirty data out of close() method into its own method (FlushWrites) and remove close() call from Flush() (Brett Dutro) - Stop empty dirs disappearing when renamed on bucket based remotes (Nick Craig-Wood) - Stop change notify polling clearing so much of the directory cache (Nick Craig-Wood) * Azure Blob - Disable logging to the Windows event log (Nick Craig-Wood) * B2 - Remove unverified: prefix on sha1 to improve interop (eg with CyberDuck) (Nick Craig-Wood) * Box - Add options to get access token via JWT auth (David) * Drive - Disable HTTP/2 by default to work around INTERNAL_ERROR problems (Nick Craig-Wood) - Make sure that drive root ID is always canonical (Nick Craig-Wood) - Fix --drive-shared-with-me from the root with lsand --fast-list (Nick Craig-Wood) - Fix ChangeNotify polling for shared drives (Nick Craig-Wood) - Fix change notify polling when using appDataFolder (Nick Craig-Wood) * Dropbox - Make disallowed filenames errors not retry (Nick Craig-Wood) - Fix nil pointer exception on restricted files (Nick Craig-Wood) * Fichier - Fix accessing files > 2GB on 32 bit systems (Nick Craig-Wood) * FTP - Allow disabling EPSV mode (Jon Fautley) * HTTP - HEAD directory entries in parallel to speedup (Nick Craig-Wood) - Add --http-no-head to stop rclone doing HEAD in listings (Nick Craig-Wood) * Putio - Add ability to resume uploads (Cenk Alti) * S3 - Fix signature v2_auth headers (Anthony Rusdi) - Fix encoding for control characters (Nick Craig-Wood) - Only ask for URL encoded directory listings if we need them on Ceph (Nick Craig-Wood) - Add option for multipart failiure behaviour (Aleksandar Jankovic) - Support for multipart copy (��) - Fix nil pointer reference if no metadata returned for object (Nick Craig-Wood) * SFTP - Fix --sftp-ask-password trying to contact the ssh agent (Nick Craig-Wood) - Fix hashes of files with backslashes (Nick Craig-Wood) - Include more ciphers with --sftp-use-insecure-cipher (Carlos Ferreyra) * WebDAV - Parse and return Sharepoint error response (Henning Surmeier) - Update to version 1.49.4 * Bug Fixes - cmd/rcd: Address ZipSlip vulnerability (Richard Patel) - accounting: Fix file handle leak on errors (Nick Craig-Wood) - oauthutil: Fix security problem when running with two users on the same machine (Nick Craig-Wood) * FTP - Fix listing of an empty root returning: error dir not found (Nick Craig-Wood) * S3 - Fix SetModTime on GLACIER/ARCHIVE objects and implement set/get tier (Nick Craig-Wood) - Update to version 1.49.3 * Bug Fixes - accounting + Fix total duration calculation (Aleksandar Jankovic) + Fix ��file already closed�� on transfer retries (Nick Craig-Wood) - Update to version 1.49.2 * New Features - build: Add Docker workflow support (Alfonso Montero) * Bug Fixes - accounting: Fix locking in Transfer to avoid deadlock with --progress (Nick Craig-Wood) - docs: Fix template argument for mktemp in install.sh (Cnly) - operations: Fix -u/--update with google photos / files of unknown size (Nick Craig-Wood) - rc: Fix docs for config/create /update /password (Nick Craig-Wood) * Google Cloud Storage - Fix need for elevated permissions on SetModTime (Nick Craig-Wood) - Update to version 1.49.1 * Bug Fixes - config: Fix generated passwords being stored as empty password (Nick Craig-Wood) - rcd: Added missing parameter for web-gui info logs. (Chaitanya) * Googlephotos - Fix crash on error response (Nick Craig-Wood) * Onedrive - Fix crash on error response (Nick Craig-Wood) - Update to version 1.49.0 * New backends - 1fichier (Laura Hausmann) - Google Photos (Nick Craig-Wood) - Putio (Cenk Alti) - premiumize.me (Nick Craig-Wood) * New Features - Experimental web GUI (Chaitanya Bankanhal) - Implement --compare-dest & --copy-dest (yparitcher) - Implement --suffix without --backup-dir for backup to current dir (yparitcher) - config reconnect to re-login (re-run the oauth login) for the backend. (Nick Craig-Wood) - config userinfo to discover which user you are logged in as. (Nick Craig-Wood) - config disconnect to disconnect you (log out) from the backend. (Nick Craig-Wood) - Add --use-json-log for JSON logging (justinalin) - Add context propagation to rclone (Aleksandar Jankovic) - Reworking internal statistics interfaces so they work with rc jobs (Aleksandar Jankovic) - Add Higher units for ETA (AbelThar) - Update rclone logos to new design (Andreas Chlupka) - hash: Add CRC-32 support (Cenk Alti) - help showbackend: Fixed advanced option category when there are no standard options (buengese) - ncdu: Display/Copy to Clipboard Current Path (Gary Kim) - operations: + Run hashing operations in parallel (Nick Craig-Wood) + Don��t calculate checksums when using --ignore-checksum (Nick Craig-Wood) + Check transfer hashes when using --size-only mode (Nick Craig-Wood) + Disable multi thread copy for local to local copies (Nick Craig-Wood) + Debug successful hashes as well as failures (Nick Craig-Wood) - rc + Add ability to stop async jobs (Aleksandar Jankovic) + Return current settings if core/bwlimit called without parameters (Nick Craig-Wood) + Rclone-WebUI integration with rclone (Chaitanya Bankanhal) + Added command line parameter to control the cross origin resource sharing (CORS) in the rcd. (Security Improvement) (Chaitanya Bankanhal) + Add anchor tags to the docs so links are consistent (Nick Craig-Wood) + Remove _async key from input parameters after parsing so later operations won��t get confused (buengese) + Add call to clear stats (Aleksandar Jankovic) - rcd + Auto-login for web-gui (Chaitanya Bankanhal) + Implement --baseurl for rcd and web-gui (Chaitanya Bankanhal) - serve dlna + Only select interfaces which can multicast for SSDP (Nick Craig-Wood) + Add more builtin mime types to cover standard audio/video (Nick Craig-Wood) + Fix missing mime types on Android causing missing videos (Nick Craig-Wood) - serve ftp + Refactor to bring into line with other serve commands (Nick Craig-Wood) + Implement --auth-proxy (Nick Craig-Wood) - serve http: Implement --baseurl (Nick Craig-Wood) - serve restic: Implement --baseurl (Nick Craig-Wood) - serve sftp + Implement auth proxy (Nick Craig-Wood) + Fix detection of whether server is authorized (Nick Craig-Wood) - serve webdav + Implement --baseurl (Nick Craig-Wood) + Support --auth-proxy (Nick Craig-Wood) * Bug Fixes - Make ��bad record MAC�� a retriable error (Nick Craig-Wood) - copyurl: Fix copying files that return HTTP errors (Nick Craig-Wood) - march: Fix checking sub-directories when using --no-traverse (buengese) - rc + Fix unmarshalable http.AuthFn in options and put in test for marshalability (Nick Craig-Wood) + Move job expire flags to rc to fix initalization problem (Nick Craig-Wood) + Fix --loopback with rc/list and others (Nick Craig-Wood) - rcat: Fix slowdown on systems with multiple hashes (Nick Craig-Wood) - rcd: Fix permissions problems on cache directory with web gui download (Nick Craig-Wood) * Mount - Default --deamon-timout to 15 minutes on macOS and FreeBSD (Nick Craig-Wood) - Update docs to show mounting from root OK for bucket based (Nick Craig-Wood) - Remove nonseekable flag from write files (Nick Craig-Wood) * VFS - Make write without cache more efficient (Nick Craig-Wood) - Fix --vfs-cache-mode minimal and writes ignoring cached files (Nick Craig-Wood) * Local - Add --local-case-sensitive and --local-case-insensitive (Nick Craig-Wood) - Avoid polluting page cache when uploading local files to remote backends (Micha�� Matczuk) - Don��t calculate any hashes by default (Nick Craig-Wood) - Fadvise run syscall on a dedicated go routine (Micha�� Matczuk) * Azure Blob - Azure Storage Emulator support (Sandeep) - Updated config help details to remove connection string references (Sandeep) - Make all operations work from the root (Nick Craig-Wood) * B2 - Implement link sharing (yparitcher) - Enable server side copy to copy between buckets (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) * Drive - Fix server side copy of big files (Nick Craig-Wood) - Update API for teamdrive use (Nick Craig-Wood) - Add error for purge with --drive-trashed-only (ginvine) * Fichier - Make FolderID int and adjust related code (buengese) * Google Cloud Storage - Reduce oauth scope requested as suggested by Google (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) * HTTP - Add --http-headers flag for setting arbitrary headers (Nick Craig-Wood) * Jottacloud - Use new api for retrieving internal username (buengese) - Refactor configuration and minor cleanup (buengese) * Koofr - Support setting modification times on Koofr backend. (jaKa) * Opendrive - Refactor to use existing lib/rest facilities for uploads (Nick Craig-Wood) * Qingstor - Upgrade to v3 SDK and fix listing loop (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) * S3 - Add INTELLIGENT_TIERING storage class (Matti Niemenmaa) - Make all operations work from the root (Nick Craig-Wood) * SFTP - Add missing interface check and fix About (Nick Craig-Wood) - Completely ignore all modtime checks if SetModTime=false (Jon Fautley) - Support md5/sha1 with rsync.net (Nick Craig-Wood) - Save the md5/sha1 command in use to the config file for efficiency (Nick Craig-Wood) - Opt-in support for diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 (Yi FU) * Swift - Use FixRangeOption to fix 0 length files via the VFS (Nick Craig-Wood) - Fix upload when using no_chunk to return the correct size (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) - Fix segments leak during failed large file uploads. (nguyenhuuluan434) * WebDAV - Add --webdav-bearer-token-command (Nick Craig-Wood) - Refresh token when it expires with --webdav-bearer-token-command (Nick Craig-Wood) - Add docs for using bearer_token_command with oidc-agent (Paul Millar) - Fix executable permission - Update to version 1.48.0 * New commands - serve sftp: Serve an rclone remote over SFTP (Nick Craig-Wood) * New Features - Multi threaded downloads to local storage (Nick Craig-Wood) controlled with --multi-thread-cutoff and --multi-thread-streams - Use rclone.conf from rclone executable directory to enable portable use (albertony) - Allow sync of a file and a directory with the same name (forgems) this is common on bucket based remotes, eg s3, gcs - Add --ignore-case-sync for forced case insensitivity (garry415) - Implement --stats-one-line-date and --stats-one-line-date-format (Peter Berbec) - Log an ERROR for all commands which exit with non-zero status (Nick Craig-Wood) - Use go-homedir to read the home directory more reliably (Nick Craig-Wood) - Enable creating encrypted config through external script invocation (Wojciech Smigielski) - build: Drop support for go1.8 (Nick Craig-Wood) - config: Make config create/update encrypt passwords where necessary (Nick Craig-Wood) - copyurl: Honor --no-check-certificate (Stefan Breunig) - install: Linux skip man pages if no mandb (didil) - lsf: Support showing the Tier of the object (Nick Craig-Wood) - lsjson + Added EncryptedPath to output (calisro) + Support showing the Tier of the object (Nick Craig-Wood) + Add IsBucket field for bucket based remote listing of the root (Nick Craig-Wood) - rc + Add --loopback flag to run commands directly without a server (Nick Craig-Wood) + Add operations/fsinfo: Return information about the remote (Nick Craig-Wood) + Skip auth for OPTIONS request (Nick Craig-Wood) + cmd/providers: Add DefaultStr, ValueStr and Type fields (Nick Craig-Wood) + jobs: Make job expiry timeouts configurable (Aleksandar Jankovic) - serve dlna reworked and improved (Dan Walters) - serve ftp: add --ftp-public-ip flag to specify public IP (calistri) - serve restic: Add support for --private-repos in serve restic (Florian Apolloner) - serve webdav: Combine serve webdav and serve http (Gary Kim) - size: Ignore negative sizes when calculating total (Garry McNulty) * Bug Fixes - Make move and copy individual files obey --backup-dir (Nick Craig-Wood) - If --ignore-checksum is in effect, don��t calculate checksum (Nick Craig-Wood) - moveto: Fix case-insensitive same remote move (Gary Kim) - rc: Fix serving bucket based objects with --rc-serve (Nick Craig-Wood) - serve webdav: Fix serveDir not being updated with changes from webdav (Gary Kim) * Mount - Fix poll interval documentation (Animosity022) * VFS - Make WriteAt for non cached files work with non-sequential writes (Nick Craig-Wood) * Local - Only calculate the required hashes for big speedup (Nick Craig-Wood) - Log errors when listing instead of returning an error (Nick Craig-Wood) - Fix preallocate warning on Linux with ZFS (Nick Craig-Wood) * Crypt - Make rclone dedupe work through crypt (Nick Craig-Wood) - Fix wrapping of ChangeNotify to decrypt directories properly (Nick Craig-Wood) - Support PublicLink (rclone link) of underlying backend (Nick Craig-Wood) - Implement Optional methods SetTier, GetTier (Nick Craig-Wood) * B2 - Implement server side copy (Nick Craig-Wood) - Implement SetModTime (Nick Craig-Wood) * Drive - Fix move and copy from TeamDrive to GDrive (Fionera) - Add notes that cleanup works in the background on drive (Nick Craig-Wood) - Add --drive-server-side-across-configs to default back to old server side copy semantics by default (Nick Craig-Wood) - Add --drive-size-as-quota to show storage quota usage for file size (Garry McNulty) * FTP - Add FTP List timeout (Jeff Quinn) - Add FTP over TLS support (Gary Kim) - Add --ftp-no-check-certificate option for FTPS (Gary Kim) * Google Cloud Storage - Fix upload errors when uploading pre 1970 files (Nick Craig-Wood) * Jottacloud - Add support for selecting device and mountpoint. (buengese) * Mega - Add cleanup support (Gary Kim) * Onedrive - More accurately check if root is found (Cnly) * S3 - Suppport S3 Accelerated endpoints with --s3-use-accelerate-endpoint (Nick Craig-Wood) - Add config info for Wasabi��s EU Central endpoint (Robert Marko) - Make SetModTime work for GLACIER while syncing (Philip Harvey) * SFTP - Add About support (Gary Kim) - Fix about parsing of df results so it can cope with -ve results (Nick Craig-Wood) - Send custom client version and debug server version (Nick Craig-Wood) * WebDAV - Retry on 423 Locked errors (Nick Craig-Wood) This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-2168=1 Package List: - openSUSE Backports SLE-15-SP1 (ppc64le s390x x86_64): rclone-1.53.3-bp151.4.6.1 - openSUSE Backports SLE-15-SP1 (noarch): rclone-bash-completion-1.53.3-bp151.4.6.1 rclone-zsh-completion-1.53.3-bp151.4.6.1 References: https://www.suse.com/security/cve/CVE-2020-28924.html https://bugzilla.suse.com/1179005

1 0

openSUSE-SU-2020:2161-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 05 Dec '20

05 Dec '20

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2161-1 Rating: important References: #1149032 #1152489 #1153274 #1154353 #1155518 #1160634 #1167773 #1170139 #1171073 #1171558 #1172873 #1173504 #1174852 #1175721 #1175918 #1176109 #1176180 #1176200 #1176481 #1176586 #1176855 #1176983 #1177066 #1177070 #1177353 #1177397 #1177666 #1177703 #1177820 #1178182 #1178227 #1178286 #1178304 #1178401 #1178426 #1178589 #1178635 #1178653 #1178659 #1178661 #1178669 #1178686 #1178740 #1178755 #1178762 #1178782 #1178838 #1178853 #1178886 #1179001 #1179012 #1179014 #1179015 #1179045 #1179076 #1179082 #1179107 #1179140 #1179141 #1179160 #1179201 #1179211 #1179217 #1179424 #1179426 #1179427 #1179429 #1179432 Cross-References: CVE-2020-15436 CVE-2020-15437 CVE-2020-25669 CVE-2020-25705 CVE-2020-27777 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29369 CVE-2020-29371 CVE-2020-4788 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 57 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-29369: There was a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 bnc#1179432). - CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c, where uninitialized memory could leak to userspace, aka CID-bcf85fcedfdd (bnc#1179429). - CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141). - CVE-2020-25705: A flaw in the way reply ICMP packets are limited was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions may be vulnerable to this issue (bnc#1175721 bnc#1178782). - CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140). - CVE-2020-27777: Restricted RTAS requests from userspace (bsc#1179107). - CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589). - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666). - CVE-2020-28941: Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once (bnc#1178740). - CVE-2020-28915: A buffer over-read (at the framebuffer layer) in the fbcon code could be used by local attackers to read kernel memory, aka CID-6735b4632def (bnc#1178886). - CVE-2020-25669: Avoid a use-after-free in teardown paths in sunkbd (bsc#1178182). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes). - ACPI: dock: fix enum-conversion warning (git-fixes). - ACPICA: Add NHLT table signature (bsc#1176200). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes). - ALSA: hda/realtek - Add supported mute Led for HP (git-fixes). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes). - ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - Add bug reference to two hv_netvsc patches (bsc#1178853). - Convert trailing spaces and periods in path components (bsc#1179424). - Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076). - Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64. - EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001). - EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001). - EDAC/amd64: Gather hardware information early (bsc#1179001). - EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001). - EDAC/amd64: Make struct amd64_family_type global (bsc#1179001). - EDAC/amd64: Save max number of controllers to family type (bsc#1179001). - EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001). - Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module. - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180). - NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180). - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180). - RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449). - RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449). - RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449). - RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449). - RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464). - RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215). - RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes). - Revert "cdc-acm: hardening against malicious devices" (git-fixes). - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" (git-fixes). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes). - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: core: Change %pK for __user pointers to %px (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes). - arm64: bpf: Fix branch offset in JIT (git-fixes). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes). - arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes). - arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes). - arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes). - arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes). - arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes). - arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes). - arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes). - arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274). - bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274). - bnxt_en: return proper error codes in bnxt_show_temp (git-fixes). - bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518). - bpf: Zero-fill re-used per-cpu map element (bsc#1155518). - btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217). - btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217). - btrfs: fix relocation failure due to race with fallocate (bsc#1179217). - btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217). - btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217). - btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217). - btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: flexcan: flexcan_setup_stop_mode(): add missing "req_bit" to stop mode property comment (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179012). - ceph: check session state after bumping session->s_seq (bsc#1179012). - ceph: check the sesion state and return false in case it is closed (bsc#1179012). - ceph: downgrade warning from mdsmap decode to debug (bsc#1178653). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cfg80211: initialize wdev data earlier (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: remove bogus debug code (bsc#1179427). - clk: define to_clk_regmap() as inline function (git-fixes). - cosa: Add missing kfree in error path of cosa_write (git-fixes). - dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073). - dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073). - devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397). - efi/efivars: Set generic ops before loading SSDT (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Fix the deletion of variables in mixed mode (git-fixes). - efi/x86: Free efi_pgd with free_pages() (git-fixes). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - efi: EFI_EARLYCON should depend on EFI (git-fixes). - efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes). - efi: efibc: check for efivars write capability (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: revert "fix memory leak in efivarfs_create()" (git-fixes). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes). - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1149032). - gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes). - gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes). - gpio: pcie-idio-24: Fix irq mask when masking (git-fixes). - hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: Add XDP support (bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820). - hv_netvsc: record hardware hash in skb (bsc#1177820). - hwmon: (pwm-fan) Fix RPM calculation (git-fixes). - i2c: mediatek: move dma reset before i2c reset (git-fixes). - i2c: sh_mobile: implement atomic transfers (git-fixes). - igc: Fix not considering the TX delay for timestamps (bsc#1160634). - igc: Fix wrong timestamp latency numbers (bsc#1160634). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - iio: adc: mediatek: fix unset field (git-fixes). - iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes). - intel_idle: Customize IceLake server support (bsc#1178286). - ionic: check port ptr before use (bsc#1167773). - iwlwifi: mvm: write queue_sync_state only for sync (git-fixes). - kABI workaround for HD-audio (git-fixes). - kABI: revert use_mm name change (MM Functionality, bsc#1178426). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes). - kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - lan743x: fix "BUG: invalid wait context" when setting rx mode (git-fixes). - lan743x: fix issue causing intermittent kernel log warnings (git-fixes). - lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes). - lib/crc32test: remove extra local_irq_disable/enable (git-fixes). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - mac80211: always wind down STA state (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes). - mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755). - mm, memcg: fix inconsistent oom event behavior (bsc#1178659). - mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)). - mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235). - mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mm/memcontrol.c: add missed css_put() (bsc#1178661). - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426). - mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426). - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)). - mm: swap: make page_evictable() inline (git fixes (mm/vmscan)). - mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes). - modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076). - net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (bsc#1174852). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - nvme: do not update disk info for multipathed device (bsc#1171558). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321). - powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426). - qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160). - reboot: fix overflow parsing reboot cpu number (git-fixes). - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - rfkill: Fix use-after-free in rfkill_resume() (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342). - s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341). - sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)). - sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)). - sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227). - sched: Fix rq->nr_iowait ordering (git fixes (sched)). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: libiscsi: Fix NOP race condition (bsc#1176481). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - spi: lpspi: Fix use-after-free on unbind (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes). - timer: Fix wheel index calculation on last level (git-fixes). - timer: Prevent base->clk from moving backward (git-fixes). - tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes). - tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes). - tracing: Fix out of bounds write in get_trace_buf (git-fixes). - tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes). - tty: serial: fsl_lpuart: add LS1028A support (git-fixes). - tty: serial: imx: fix potential deadlock (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - uio: Fix use-after-free in uio_unregister_device() (git-fixes). - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - usb: core: driver: fix stray tabs in error messages (git-fixes). - usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes). - usb: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv_fb: include vmalloc.h (git-fixes). - virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: revert "xfs: fix rmap key and record comparison functions" (git-fixes). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes). - xhci: Fix sizeof() mismatch (git-fixes). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-2161=1 Package List: - openSUSE Leap 15.2 (x86_64): kernel-debug-5.3.18-lp152.54.1 kernel-debug-debuginfo-5.3.18-lp152.54.1 kernel-debug-debugsource-5.3.18-lp152.54.1 kernel-debug-devel-5.3.18-lp152.54.1 kernel-debug-devel-debuginfo-5.3.18-lp152.54.1 kernel-default-5.3.18-lp152.54.1 kernel-default-base-5.3.18-lp152.54.1.lp152.8.12.1 kernel-default-base-rebuild-5.3.18-lp152.54.1.lp152.8.12.1 kernel-default-debuginfo-5.3.18-lp152.54.1 kernel-default-debugsource-5.3.18-lp152.54.1 kernel-default-devel-5.3.18-lp152.54.1 kernel-default-devel-debuginfo-5.3.18-lp152.54.1 kernel-kvmsmall-5.3.18-lp152.54.1 kernel-kvmsmall-debuginfo-5.3.18-lp152.54.1 kernel-kvmsmall-debugsource-5.3.18-lp152.54.1 kernel-kvmsmall-devel-5.3.18-lp152.54.1 kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.54.1 kernel-obs-build-5.3.18-lp152.54.1 kernel-obs-build-debugsource-5.3.18-lp152.54.1 kernel-obs-qa-5.3.18-lp152.54.1 kernel-preempt-5.3.18-lp152.54.1 kernel-preempt-debuginfo-5.3.18-lp152.54.1 kernel-preempt-debugsource-5.3.18-lp152.54.1 kernel-preempt-devel-5.3.18-lp152.54.1 kernel-preempt-devel-debuginfo-5.3.18-lp152.54.1 kernel-syms-5.3.18-lp152.54.1 - openSUSE Leap 15.2 (noarch): kernel-devel-5.3.18-lp152.54.1 kernel-docs-5.3.18-lp152.54.2 kernel-docs-html-5.3.18-lp152.54.2 kernel-macros-5.3.18-lp152.54.1 kernel-source-5.3.18-lp152.54.1 kernel-source-vanilla-5.3.18-lp152.54.1 References: https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-15437.html https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-25705.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-28915.html https://www.suse.com/security/cve/CVE-2020-28941.html https://www.suse.com/security/cve/CVE-2020-28974.html https://www.suse.com/security/cve/CVE-2020-29369.html https://www.suse.com/security/cve/CVE-2020-29371.html https://www.suse.com/security/cve/CVE-2020-4788.html https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1160634 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1170139 https://bugzilla.suse.com/1171073 https://bugzilla.suse.com/1171558 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1173504 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1175721 https://bugzilla.suse.com/1175918 https://bugzilla.suse.com/1176109 https://bugzilla.suse.com/1176180 https://bugzilla.suse.com/1176200 https://bugzilla.suse.com/1176481 https://bugzilla.suse.com/1176586 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1176983 https://bugzilla.suse.com/1177066 https://bugzilla.suse.com/1177070 https://bugzilla.suse.com/1177353 https://bugzilla.suse.com/1177397 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1177703 https://bugzilla.suse.com/1177820 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178227 https://bugzilla.suse.com/1178286 https://bugzilla.suse.com/1178304 https://bugzilla.suse.com/1178401 https://bugzilla.suse.com/1178426 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178635 https://bugzilla.suse.com/1178653 https://bugzilla.suse.com/1178659 https://bugzilla.suse.com/1178661 https://bugzilla.suse.com/1178669 https://bugzilla.suse.com/1178686 https://bugzilla.suse.com/1178740 https://bugzilla.suse.com/1178755 https://bugzilla.suse.com/1178762 https://bugzilla.suse.com/1178782 https://bugzilla.suse.com/1178838 https://bugzilla.suse.com/1178853 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/1179001 https://bugzilla.suse.com/1179012 https://bugzilla.suse.com/1179014 https://bugzilla.suse.com/1179015 https://bugzilla.suse.com/1179045 https://bugzilla.suse.com/1179076 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179140 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179160 https://bugzilla.suse.com/1179201 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179217 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179429 https://bugzilla.suse.com/1179432

1 0