[opensuse-factory] New Tumbleweed snapshot 20180126 released!
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180126
When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.
Packages changed:
ImageMagick (7.0.7.21 -> 7.0.7.22)
Mesa
Mesa-drivers
NetworkManager (1.8.4 -> 1.8.6)
audacity
audit-secondary
bind
binutils
ca-certificates-mozilla (2.11 -> 2.22)
fftw3
file
gcab (0.7 -> 0.8)
gd
gegl
gnome-contacts (3.26 -> 3.26.1)
iso-codes (3.76 -> 3.77)
kernel-source (4.14.14 -> 4.14.15)
kernel-source (4.14.14 -> 4.14.15)
libbsd (0.8.6 -> 0.8.7)
libcaca (0.99.beta19 -> 0.99.beta19+git20171002.da28e96)
libexif
libexttextcat (3.4.4 -> 3.4.5)
libgepub (0.5.2 -> 0.5.3)
libgpod
libraw (0.18.6 -> 0.18.7)
libtasn1 (4.12 -> 4.13)
llvm
llvm5
mpc (1.0.3 -> 1.1.0)
nasm (2.13.01 -> 2.13.02)
openssl-1_1_0
ovmf
patterns-media
permissions (20171129 -> 20180125)
plasma5-pa
protobuf
python-keyring
python-libvirt-python (3.10.0 -> 4.0.0)
python-pyudev
python3
python3-base
qpdf (7.0.0 -> 7.1.0)
qrencode (3.4.4 -> 4.0.0)
rpm
simple-scan (3.26.2 -> 3.26.3)
systemd-rpm-macros
totem
util-linux
util-linux-systemd
vala (0.38.4 -> 0.38.5)
webkit2gtk3 (2.18.5 -> 2.18.6)
wget (1.19.2 -> 1.19.4)
wxWidgets-3_0
wxWidgets-3_0-nostl
zypper-migration-plugin (0.10.1488806253.1c712c3 -> 0.11.1516874532.fa20262)
=== Details ===
==== ImageMagick ====
Version update (7.0.7.21 -> 7.0.7.22)
Subpackages: ImageMagick-devel ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI5 libMagickWand-7_Q16HDRI5 perl-PerlMagick
- update to 7.0.7.22
* Support aspect ratio geometry, e.g. -crop 3:2.
* Add support for reading the HEIC image format (reference
https://github.com/ImageMagick/ImageMagick/issues/507).
* Fixed numerous memory leaks, credit to OSS Fuzz.
==== Mesa ====
Subpackages: Mesa-dri-devel Mesa-libEGL-devel Mesa-libEGL1 Mesa-libGL-devel Mesa-libGL1 Mesa-libglapi0 libgbm1 libwayland-egl1
- in spec file move %dir %{_libdir}/dri to avoid ppc build failure
==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_radeon libxatracker2
- in spec file move %dir %{_libdir}/dri to avoid ppc build failure
==== NetworkManager ====
Version update (1.8.4 -> 1.8.6)
Subpackages: NetworkManager-devel NetworkManager-lang libnm-glib-vpn1 libnm-glib4 libnm-util2 libnm0 typelib-1_0-NM-1_0 typelib-1_0-NMClient-1_0 typelib-1_0-NetworkManager-1_0
- Update to version 1.8.6:
+ Fix a daemon crash on permission check (bgo#787897).
+ Fix a daemon crash on VPN state change (bgo#787893).
+ Fix a nmcli crash in interactive mode's describe command
(bgo#788104).
+ Fix termination of the nmcli interactive mode (rh#1517401).
+ Properly handle route metric of zero in keyfiles.
+ Add support for DSA switch devices (rh#1371289).
+ Fix a memory leak of connection D-Bus objects (rh#1461643).
+ A double close that could potentially race with the D-Bus
thread reusing the same file descriptor (rh#1451236).
+ Connectivity check fixes (bgo#785281) (bgo#784629).
+ Fix the metered properties handling in libnm.
+ Avoid dropping agent secrets unnecessarily (bgo#789383).
+ Fix the asynchronous initialization of a secret agent in libnm.
- Drop nm-disconnect-proxy-signals.patch and
nm-vpn-remote-connection-disconnect-signals.patch: Fixed
upstream.
- Minor spec cleaning, tweak spec to silence a few rpm lint
warnings.
- Replace addFilter("dbus-policy-missing-allow") with
addFilter("dbus-policy-allow-without-destination"), filter out
the current rpmlint warning.
- Add addFilter("suse-branding-unversioned-requires*") to
rpmlintrc, we have this unversioned on purpose.
- Add
addFilter("systemd-service-without-service_add_post NetworkManager-wait-online.service")
addFilter("systemd-service-without-service_add_pre NetworkManager-wait-online.service")
addFilter("systemd-service-without-service_del_postun NetworkManager-wait-online.service")
addFilter("systemd-service-without-service_del_preun NetworkManager-wait-online.service")
to rpmlintrc, filter out warnings we do not care about nor want
as we do not want to enable this service by default.
- "Mark" %%{_sysconfdir}/dbus-1/system.d/org.freedesktop.NetworkManager.conf
and %%config %{_sysconfdir}/dbus-1/system.d/nm-dispatcher.conf as
config files in spec, silence rpmlint.
==== audacity ====
Subpackages: audacity-lang
- Build with gcc7 for Leap:42.3 and -fstack-clash-protection
==== audit-secondary ====
- Add conditions around python plugins to allow us to conditionalize
them in enviroment without python2
==== bind ====
Subpackages: bind-chrootenv bind-doc bind-utils libbind9-160 libdns169 libirs160 libisc166 libisccc160 libisccfg160 liblwres160 python3-bind
- Apply bind-CVE-2017-3145.patch to fix CVE-2017-3145 (bsc#1076118)
==== binutils ====
Subpackages: binutils-devel
- Add riscv64 to %target_list
- Add arm-none-eabi symlinks (bsc#1074741)
==== ca-certificates-mozilla ====
Version update (2.11 -> 2.22)
- Updated to 2.22 state of the Mozilla NSS Certificate store.
- Removed CAs:
* ACEDICOM Root
* AddTrust Public CA Root
* AddTrust Qualified CA Root
* ApplicationCA - Japanese Government
* CA Disig Root R1
* CA WoSign ECC Root
* Certification Authority of WoSign G2
* Certinomis - Autorit� Racine
* China Internet Network Information Center EV Certificates Root
* CNNIC ROOT
* Comodo Secure Certificate Services
* Comodo Trusted Certificate Services
* ComSign Secured CA
* DST ACES CA X6
* GeoTrust Global CA 2
* StartCom Certification Authority
* StartCom Certification Authority
* StartCom Certification Authority G2
* Swisscom Root CA 1
* T�B?TAK UEKAE K�k Sertifika Hizmet Sa?lay?c?s? - S�r�m 3
* T�RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s?
* T�RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H6
* UTN USERFirst Hardware Root CA
* UTN USERFirst Object Root CA
* VeriSign Class 3 Secure Server CA - G2
* WellsSecure Public Root Certificate Authority
* Certification Authority of WoSign
* WoSign China
- Added CAs:
* D-TRUST Root CA 3 2013
* GDCA TrustAUTH R5 ROOT
* SSL.com EV Root Certification Authority ECC
* SSL.com EV Root Certification Authority RSA R2
* SSL.com Root Certification Authority ECC
* SSL.com Root Certification Authority RSA
* TrustCor RootCert CA-1
* TrustCor RootCert CA-2
* TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
==== fftw3 ====
Subpackages: fftw3-devel libfftw3-3 libfftw3_threads3
- Fix typo in flavor gnu7-hpc settings.
==== file ====
Subpackages: file-devel file-magic libmagic1
- Add patch file-5.32-ncurses-6.1.patch to support extend magic
format for new ncurses 6.1
==== gcab ====
Version update (0.7 -> 0.8)
Subpackages: gcab-lang libgcab-1_0-0
- Update to version 0.8 (CVE-2018-5345):
+ This fixes the security bug known as CVE-2018-5345.
+ Always check the return value when writing to the stream.
+ Do not crash when ncbytes is larger than the buffer size.
+ Don't encode timezone in generated files.
+ Don't use version script if unsupported.
+ Explicitly enable C99 support.
+ Fix a few 'Dereference of null pointer' warnings.
+ Fix buffer overrun when generating Huffman codes.
+ Fix builddir != srcdir builds.
+ Fix dependency on generated .h file.
+ Fix invalid return annotation.
+ Fix the calculation of the checksum on big endian machines.
+ Fix -Wimplicit-fallthrough=.
+ Use glib-mkenum's prefixes to avoid sed.
+ Updated translations.
- Minor spec cleanup, use autosetup macro.
==== gd ====
Subpackages: libgd3
- security update:
* CVE-2018-5711 [bsc#1076391]
+ gd-CVE-2018-5711.patch
==== gegl ====
Subpackages: gegl-0_2 gegl-0_2-lang libgegl-0_2-0
- require liberation-fonts instead of liberation2-fonts, it is dead
[bsc#1077375] [rh#856239]
==== gnome-contacts ====
Version update (3.26 -> 3.26.1)
Subpackages: gnome-contacts-lang gnome-shell-search-provider-contacts
- Update to version 3.26.1:
+ Makefile.am: add README.md. Fixes bgo#792768.
+ Updated translations.
- Drop gnome-contacts-nb-translations.patch: Fixed upstream.
==== iso-codes ====
Version update (3.76 -> 3.77)
Subpackages: iso-codes-lang
- Update to version 3.77:
+ Updated translations for ISO 3166-1, ISO 3166-2, ISO 4217,
ISO 3166-3, ISO 639-2, ISO 639-5, ISO 639-3, ISO 15924.
- Cleanup with spec-cleaner.
==== kernel-source ====
Version update (4.14.14 -> 4.14.15)
Subpackages: kernel-default kernel-default-devel
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
- Linux 4.14.15 (bnc#1012628).
- tools/objtool/Makefile: don't assume sync-check.sh is executable
(bnc#1012628).
- objtool: Fix seg fault with clang-compiled objects
(bnc#1012628).
- objtool: Fix Clang enum conversion warning (bnc#1012628).
- objtool: Fix seg fault caused by missing parameter
(bnc#1012628).
- powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
(bnc#1012628).
- powerpc/64: Add macros for annotating the destination of
rfid/hrfid (bnc#1012628).
- powerpc/64s: Simple RFI macro conversions (bnc#1012628).
- powerpc/64: Convert the syscall exit path to use
RFI_TO_USER/KERNEL (bnc#1012628).
- powerpc/64: Convert fast_exception_return to use
RFI_TO_USER/KERNEL (bnc#1012628).
- powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
(bnc#1012628).
- powerpc/64s: Add support for RFI flush of L1-D cache
(bnc#1012628).
- powerpc/64s: Support disabling RFI flush with no_rfi_flush
and nopti (bnc#1012628).
- powerpc/pseries: Query hypervisor for RFI flush settings
(bnc#1012628).
- powerpc/powernv: Check device-tree for RFI flush settings
(bnc#1012628).
- futex: Avoid violating the 10th rule of futex (bnc#1012628).
- futex: Prevent overflow by strengthen input validation
(bnc#1012628).
- ALSA: pcm: Remove yet superfluous WARN_ON() (bnc#1012628).
- ALSA: hda - Apply headphone noise quirk for another Dell XPS
13 variant (bnc#1012628).
- ALSA: hda - Apply the existing quirk to iMac 14,1 (bnc#1012628).
- IB/hfi1: Prevent a NULL dereference (bnc#1012628).
- RDMA/mlx5: Fix out-of-bound access while querying AH
(bnc#1012628).
- timers: Unconditionally check deferrable base (bnc#1012628).
- af_key: fix buffer overread in verify_address_len()
(bnc#1012628).
- af_key: fix buffer overread in parse_exthdrs() (bnc#1012628).
- iser-target: Fix possible use-after-free in connection
establishment error (bnc#1012628).
- delayacct: Account blkio completion on the correct task
(bnc#1012628).
- objtool: Fix seg fault with gold linker (bnc#1012628).
- mmc: sdhci-esdhc-imx: Fix i.MX53 eSDHCv3 clock (bnc#1012628).
- x86/kasan: Panic if there is not enough memory to boot
(bnc#1012628).
- objtool: Improve error message for bad file argument
(bnc#1012628).
- x86/cpufeature: Move processor tracing out of scattered features
(bnc#1012628).
- x86/intel_rdt/cqm: Prevent use after free (bnc#1012628).
- x86/mm/pkeys: Fix fill_sig_info_pkey (bnc#1012628).
- x86/idt: Mark IDT tables __initconst (bnc#1012628).
- x86/tsc: Future-proof native_calibrate_tsc() (bnc#1012628).
- x86/tsc: Fix erroneous TSC rate on Skylake Xeon (bnc#1012628).
- pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
(bnc#1012628).
- x86/apic/vector: Fix off by one in error path (bnc#1012628).
- x86/mm: Clean up register saving in the __enc_copy() assembly
code (bnc#1012628).
- x86/mm: Use a struct to reduce parameters for SME PGD mapping
(bnc#1012628).
- x86/mm: Centralize PMD flags in sme_encrypt_kernel()
(bnc#1012628).
- x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption
(bnc#1012628).
- ARM: OMAP3: hwmod_data: add missing module_offs for MMC3
(bnc#1012628).
- x86/mm: Encrypt the initrd earlier for BSP microcode update
(bnc#1012628).
- Input: ALPS - fix multi-touch decoding on SS4 plus touchpads
(bnc#1012628).
- Input: synaptics-rmi4 - prevent UAF reported by KASAN
(bnc#1012628).
- Input: 88pm860x-ts - fix child-node lookup (bnc#1012628).
- Input: twl6040-vibra - fix child-node lookup (bnc#1012628).
- Input: twl4030-vibra - fix sibling-node lookup (bnc#1012628).
- tracing: Fix converting enum's from the map in
trace_event_eval_update() (bnc#1012628).
- phy: work around 'phys' references to usb-nop-xceiv devices
(bnc#1012628).
- ARM64: dts: marvell: armada-cp110: Fix clock resources for
various node (bnc#1012628).
- ARM: sunxi_defconfig: Enable CMA (bnc#1012628).
- ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
(bnc#1012628).
- can: peak: fix potential bug in packet fragmentation
(bnc#1012628).
- can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
(bnc#1012628).
- can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
(bnc#1012628).
- i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
(bnc#1012628).
- scripts/gdb/linux/tasks.py: fix get_thread_info (bnc#1012628).
- proc: fix coredump vs read /proc/*/stat race (bnc#1012628).
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
(bnc#1012628).
- scsi: libsas: Disable asynchronous aborts for SATA devices
(bnc#1012628).
- workqueue: avoid hard lockups in show_workqueue_state()
(bnc#1012628).
- drm/vmwgfx: fix memory corruption with legacy/sou connectors
(bnc#1012628).
- dm btree: fix serious bug in btree_split_beneath()
(bnc#1012628).
- dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
(bnc#1012628).
- dm integrity: don't store cipher request on the stack
(bnc#1012628).
- dm crypt: fix crash by adding missing check for auth key size
(bnc#1012628).
- dm crypt: wipe kernel key copy after IV initialization
(bnc#1012628).
- dm crypt: fix error return code in crypt_ctr() (bnc#1012628).
- x86: Use __nostackprotect for sme_encrypt_kernel (bnc#1012628).
- alpha/PCI: Fix noname IRQ level detection (bnc#1012628).
- MIPS: CM: Drop WARN_ON(vp != 0) (bnc#1012628).
- KVM: arm/arm64: Check pagesize when allocating a hugepage at
Stage 2 (bnc#1012628).
- arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
(bnc#1012628).
- x86/mce: Make machine check speculation protected (bnc#1012628).
- retpoline: Introduce start/end markers of indirect thunk
(bnc#1012628).
- kprobes/x86: Blacklist indirect thunk functions for kprobes
(bnc#1012628).
- kprobes/x86: Disable optimizing on the function jumps to
indirect thunk (bnc#1012628).
- x86/pti: Document fix wrong index (bnc#1012628).
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
(bnc#1012628).
- x86/mm: Rework wbinvd, hlt operation in stop_this_cpu()
(bnc#1012628).
- mm, page_vma_mapped: Drop faulty pointer arithmetics in
check_pte() (bnc#1012628).
- net: mvpp2: do not disable GMAC padding (bnc#1012628).
- MIPS: AR7: ensure the port type's FCR value is used
(bnc#1012628).
- Refresh
patches.kernel.org/4.14.10-003-objtool-Move-kernel-headers-code-sync-check-t.patch.
- Refresh
patches.suse/0001-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
- Refresh
patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
- commit fe1d712
- x86/cpufeatures: Add Intel feature bits for Speculation Control
(bsc#1068032 CVE-2017-5715).
- x86/cpufeatures: Add AMD feature bits for Prediction Command
(bsc#1068032 CVE-2017-5715).
- x86/msr: Add definitions for new speculation control MSRs
(bsc#1068032 CVE-2017-5715).
- module: Add retpoline tag to VERMAGIC (bsc#1068032
CVE-2017-5715).
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
macros (bsc#1068032 CVE-2017-5715).
- x86/retpoline: Fill RSB on context switch for affected CPUs
(bsc#1068032 CVE-2017-5715).
- Refresh
patches.suse/0005-x86-enter-MACROS-to-set-clear-IBRS-and-set-IBPB.patch.
- Refresh
patches.suse/0008-x86-spec_ctrl-save-IBRS-MSR-value-in-paranoid_entry.patch.
- Refresh
patches.suse/0009-x86-idle-Disable-IBRS-entering-idle-and-enable-it-on.patch.
- Refresh
patches.suse/0010-x86-idle-Disable-IBRS-when-offlining-cpu-and-re-enab.patch.
- Refresh
patches.suse/0011-x86-mm-Set-IBPB-upon-context-switch.patch.
- Refresh
patches.suse/0012-x86-mm-Only-set-IBPB-when-the-new-thread-cannot-ptra.patch.
- Refresh
patches.suse/0017-x86-kvm-Set-IBPB-when-switching-VM.patch.
- Refresh
patches.suse/0018-x86-kvm-Toggle-IBRS-on-VM-entry-and-exit.patch.
- Refresh
patches.suse/0021-x86-spec_ctrl-Add-sysctl-knobs-to-enable-disable-SPE.patch.
- Refresh
patches.suse/0023-x86-Move-IBRS-IBPB-feature-detection-to-scattered.c.patch.
- Refresh
patches.suse/0028-x86-svm-Set-IBPB-when-running-a-different-VCPU.patch.
- Refresh
patches.suse/0029-kvm-svm-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch.
- Refresh patches.suse/0030-Use-the-ibrs_inuse-variable.patch.
- Refresh
patches.suse/0032-kvm-vmx-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch.
- Refresh
patches.suse/0034-Remove-the-code-that-uses-MSR-save-restore-list.patch.
- Refresh patches.suse/0035-Use-the-ibpb_inuse-variable.patch.
- Refresh
patches.suse/0037-Set-IBPB-when-running-a-different-VCPU.patch.
- Delete
patches.suse/0001-x86-feature-Enable-the-x86-feature-to-control-Specul.patch.
- Delete
patches.suse/0002-x86-cpufeature-Add-X86_FEATURE_IA32_ARCH_CAPS-and-X8.patch.
- Delete
patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
- commit 5790c9a
==== kernel-source ====
Version update (4.14.14 -> 4.14.15)
Subpackages: kernel-devel kernel-docs kernel-macros kernel-syms
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
- Linux 4.14.15 (bnc#1012628).
- tools/objtool/Makefile: don't assume sync-check.sh is executable
(bnc#1012628).
- objtool: Fix seg fault with clang-compiled objects
(bnc#1012628).
- objtool: Fix Clang enum conversion warning (bnc#1012628).
- objtool: Fix seg fault caused by missing parameter
(bnc#1012628).
- powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
(bnc#1012628).
- powerpc/64: Add macros for annotating the destination of
rfid/hrfid (bnc#1012628).
- powerpc/64s: Simple RFI macro conversions (bnc#1012628).
- powerpc/64: Convert the syscall exit path to use
RFI_TO_USER/KERNEL (bnc#1012628).
- powerpc/64: Convert fast_exception_return to use
RFI_TO_USER/KERNEL (bnc#1012628).
- powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
(bnc#1012628).
- powerpc/64s: Add support for RFI flush of L1-D cache
(bnc#1012628).
- powerpc/64s: Support disabling RFI flush with no_rfi_flush
and nopti (bnc#1012628).
- powerpc/pseries: Query hypervisor for RFI flush settings
(bnc#1012628).
- powerpc/powernv: Check device-tree for RFI flush settings
(bnc#1012628).
- futex: Avoid violating the 10th rule of futex (bnc#1012628).
- futex: Prevent overflow by strengthen input validation
(bnc#1012628).
- ALSA: pcm: Remove yet superfluous WARN_ON() (bnc#1012628).
- ALSA: hda - Apply headphone noise quirk for another Dell XPS
13 variant (bnc#1012628).
- ALSA: hda - Apply the existing quirk to iMac 14,1 (bnc#1012628).
- IB/hfi1: Prevent a NULL dereference (bnc#1012628).
- RDMA/mlx5: Fix out-of-bound access while querying AH
(bnc#1012628).
- timers: Unconditionally check deferrable base (bnc#1012628).
- af_key: fix buffer overread in verify_address_len()
(bnc#1012628).
- af_key: fix buffer overread in parse_exthdrs() (bnc#1012628).
- iser-target: Fix possible use-after-free in connection
establishment error (bnc#1012628).
- delayacct: Account blkio completion on the correct task
(bnc#1012628).
- objtool: Fix seg fault with gold linker (bnc#1012628).
- mmc: sdhci-esdhc-imx: Fix i.MX53 eSDHCv3 clock (bnc#1012628).
- x86/kasan: Panic if there is not enough memory to boot
(bnc#1012628).
- objtool: Improve error message for bad file argument
(bnc#1012628).
- x86/cpufeature: Move processor tracing out of scattered features
(bnc#1012628).
- x86/intel_rdt/cqm: Prevent use after free (bnc#1012628).
- x86/mm/pkeys: Fix fill_sig_info_pkey (bnc#1012628).
- x86/idt: Mark IDT tables __initconst (bnc#1012628).
- x86/tsc: Future-proof native_calibrate_tsc() (bnc#1012628).
- x86/tsc: Fix erroneous TSC rate on Skylake Xeon (bnc#1012628).
- pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
(bnc#1012628).
- x86/apic/vector: Fix off by one in error path (bnc#1012628).
- x86/mm: Clean up register saving in the __enc_copy() assembly
code (bnc#1012628).
- x86/mm: Use a struct to reduce parameters for SME PGD mapping
(bnc#1012628).
- x86/mm: Centralize PMD flags in sme_encrypt_kernel()
(bnc#1012628).
- x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption
(bnc#1012628).
- ARM: OMAP3: hwmod_data: add missing module_offs for MMC3
(bnc#1012628).
- x86/mm: Encrypt the initrd earlier for BSP microcode update
(bnc#1012628).
- Input: ALPS - fix multi-touch decoding on SS4 plus touchpads
(bnc#1012628).
- Input: synaptics-rmi4 - prevent UAF reported by KASAN
(bnc#1012628).
- Input: 88pm860x-ts - fix child-node lookup (bnc#1012628).
- Input: twl6040-vibra - fix child-node lookup (bnc#1012628).
- Input: twl4030-vibra - fix sibling-node lookup (bnc#1012628).
- tracing: Fix converting enum's from the map in
trace_event_eval_update() (bnc#1012628).
- phy: work around 'phys' references to usb-nop-xceiv devices
(bnc#1012628).
- ARM64: dts: marvell: armada-cp110: Fix clock resources for
various node (bnc#1012628).
- ARM: sunxi_defconfig: Enable CMA (bnc#1012628).
- ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
(bnc#1012628).
- can: peak: fix potential bug in packet fragmentation
(bnc#1012628).
- can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
(bnc#1012628).
- can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
(bnc#1012628).
- i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
(bnc#1012628).
- scripts/gdb/linux/tasks.py: fix get_thread_info (bnc#1012628).
- proc: fix coredump vs read /proc/*/stat race (bnc#1012628).
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
(bnc#1012628).
- scsi: libsas: Disable asynchronous aborts for SATA devices
(bnc#1012628).
- workqueue: avoid hard lockups in show_workqueue_state()
(bnc#1012628).
- drm/vmwgfx: fix memory corruption with legacy/sou connectors
(bnc#1012628).
- dm btree: fix serious bug in btree_split_beneath()
(bnc#1012628).
- dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
(bnc#1012628).
- dm integrity: don't store cipher request on the stack
(bnc#1012628).
- dm crypt: fix crash by adding missing check for auth key size
(bnc#1012628).
- dm crypt: wipe kernel key copy after IV initialization
(bnc#1012628).
- dm crypt: fix error return code in crypt_ctr() (bnc#1012628).
- x86: Use __nostackprotect for sme_encrypt_kernel (bnc#1012628).
- alpha/PCI: Fix noname IRQ level detection (bnc#1012628).
- MIPS: CM: Drop WARN_ON(vp != 0) (bnc#1012628).
- KVM: arm/arm64: Check pagesize when allocating a hugepage at
Stage 2 (bnc#1012628).
- arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
(bnc#1012628).
- x86/mce: Make machine check speculation protected (bnc#1012628).
- retpoline: Introduce start/end markers of indirect thunk
(bnc#1012628).
- kprobes/x86: Blacklist indirect thunk functions for kprobes
(bnc#1012628).
- kprobes/x86: Disable optimizing on the function jumps to
indirect thunk (bnc#1012628).
- x86/pti: Document fix wrong index (bnc#1012628).
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
(bnc#1012628).
- x86/mm: Rework wbinvd, hlt operation in stop_this_cpu()
(bnc#1012628).
- mm, page_vma_mapped: Drop faulty pointer arithmetics in
check_pte() (bnc#1012628).
- net: mvpp2: do not disable GMAC padding (bnc#1012628).
- MIPS: AR7: ensure the port type's FCR value is used
(bnc#1012628).
- Refresh
patches.kernel.org/4.14.10-003-objtool-Move-kernel-headers-code-sync-check-t.patch.
- Refresh
patches.suse/0001-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch.
- Refresh
patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch.
- commit fe1d712
- x86/cpufeatures: Add Intel feature bits for Speculation Control
(bsc#1068032 CVE-2017-5715).
- x86/cpufeatures: Add AMD feature bits for Prediction Command
(bsc#1068032 CVE-2017-5715).
- x86/msr: Add definitions for new speculation control MSRs
(bsc#1068032 CVE-2017-5715).
- module: Add retpoline tag to VERMAGIC (bsc#1068032
CVE-2017-5715).
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB
macros (bsc#1068032 CVE-2017-5715).
- x86/retpoline: Fill RSB on context switch for affected CPUs
(bsc#1068032 CVE-2017-5715).
- Refresh
patches.suse/0005-x86-enter-MACROS-to-set-clear-IBRS-and-set-IBPB.patch.
- Refresh
patches.suse/0008-x86-spec_ctrl-save-IBRS-MSR-value-in-paranoid_entry.patch.
- Refresh
patches.suse/0009-x86-idle-Disable-IBRS-entering-idle-and-enable-it-on.patch.
- Refresh
patches.suse/0010-x86-idle-Disable-IBRS-when-offlining-cpu-and-re-enab.patch.
- Refresh
patches.suse/0011-x86-mm-Set-IBPB-upon-context-switch.patch.
- Refresh
patches.suse/0012-x86-mm-Only-set-IBPB-when-the-new-thread-cannot-ptra.patch.
- Refresh
patches.suse/0017-x86-kvm-Set-IBPB-when-switching-VM.patch.
- Refresh
patches.suse/0018-x86-kvm-Toggle-IBRS-on-VM-entry-and-exit.patch.
- Refresh
patches.suse/0021-x86-spec_ctrl-Add-sysctl-knobs-to-enable-disable-SPE.patch.
- Refresh
patches.suse/0023-x86-Move-IBRS-IBPB-feature-detection-to-scattered.c.patch.
- Refresh
patches.suse/0028-x86-svm-Set-IBPB-when-running-a-different-VCPU.patch.
- Refresh
patches.suse/0029-kvm-svm-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch.
- Refresh patches.suse/0030-Use-the-ibrs_inuse-variable.patch.
- Refresh
patches.suse/0032-kvm-vmx-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch.
- Refresh
patches.suse/0034-Remove-the-code-that-uses-MSR-save-restore-list.patch.
- Refresh patches.suse/0035-Use-the-ibpb_inuse-variable.patch.
- Refresh
patches.suse/0037-Set-IBPB-when-running-a-different-VCPU.patch.
- Delete
patches.suse/0001-x86-feature-Enable-the-x86-feature-to-control-Specul.patch.
- Delete
patches.suse/0002-x86-cpufeature-Add-X86_FEATURE_IA32_ARCH_CAPS-and-X8.patch.
- Delete
patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch.
- commit 5790c9a
==== libbsd ====
Version update (0.8.6 -> 0.8.7)
- Update to version 0.8.7:
* Fix
participants (1)
-
Dominique Leuenberger